Windows Analysis Report ySa6pbYfI5.exe

Source: ySa6pbYfI5.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Videos\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Searches\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Saved Games\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Recent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Saved Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Camera Roll\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\OneDrive\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Music\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Downloads\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Contacts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Headlights\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\7f127c30-a3b8-4aab-b28d-01f679ac280d\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\VirtualStore\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_965461321\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_62919943\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_601093063\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_423664317\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_320437163\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_236606693\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_2073859434\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1819848164\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1798580215\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1740856358\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1567651471\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1239538394\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1077836906\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1012409649\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrocef_low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PeerDistRepub\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{ac01b07d-c9ac-4d31-8220-3dc6d7aa0576}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{6f6a6616-c437-4533-b6a1-6b30da29cd38}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c82d26a9-b16c-48ba-9444-88303f538f65}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2a70518f-e7a0-4a14-8a8d-2991fcb86143}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{02b284b0-4610-48dd-ba97-e3e2c44983a1}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior

Source: ySa6pbYfI5.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*B source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ownload.errorJJc source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBntkrnlmp.pdb.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\ source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1268763628.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1277671750.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290304618.0000000001311000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278838003.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1269919920.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1275110394.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001314000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B874BC FindFirstFileExW,FindNextFileW,	0_2_00B874BC
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8A094 FindFirstFileExW,FindClose,	0_2_00B8A094
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B85C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,	0_2_00B85C24
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87590 FindFirstFileExW,	0_2_00B87590
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,	0_2_00B8766C
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,	0_2_00B8F308
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040227C FindFirstFileExW,	9_2_0040227C
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,	9_2_0040152C

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B8A470 GetLogicalDriveStringsW,

Found ransom note / readme

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\	Jump to behavior

Networking

Found Tor onion address

Source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1320302649.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1395888246.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1329139332.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321833953.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1325700997.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1196425683.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1200871034.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1200871034.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1396572911.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1395687310.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1205676017.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1205676017.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1320808047.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321595026.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1330962913.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1399904850.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1396572911.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1268763628.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1277671750.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1290304618.0000000001311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321595026.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1418378351.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1202361575.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1202361575.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1198799045.0000000001335000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1320562281.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1323839893.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1314492517.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000002.1470818680.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1322425166.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1354442971.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1355071196.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1395406046.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1200766158.0000000001311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1399904850.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1323451408.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1278838003.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1269919920.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321058203.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1314492517.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1201822562.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1201822562.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1275110394.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1325700997.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000002.1470818680.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1322023394.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1198950201.0000000001335000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt428.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt195.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt311.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt317.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt40.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt314.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt158.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt466.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt200.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt94.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt61.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt524.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt396.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt366.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt140.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt438.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt35.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt367.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt185.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt199.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt236.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt369.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt506.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt334.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt272.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt341.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt270.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt541.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt144.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt155.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt120.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt325.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt380.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt95.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt286.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt184.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt370.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt471.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt69.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt276.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt508.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt137.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt198.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt240.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt97.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt536.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt20.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt455.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt157.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt111.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt189.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt525.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt174.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt284.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt47.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt561.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt254.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt484.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt261.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt551.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt218.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt115.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt294.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt453.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt23.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt423.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt356.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt226.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt50.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt258.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt519.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt406.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt329.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt1.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt364.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt562.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt71.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt468.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt358.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt251.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt204.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt239.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt122.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt539.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt265.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt11.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt49.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt446.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt430.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt452.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt205.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt108.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt196.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt249.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt84.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt112.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt139.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt21.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt397.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt485.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt470.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt403.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt324.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt388.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt307.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt255.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt425.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt481.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt383.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt444.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt81.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt237.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt296.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt371.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt303.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt398.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt476.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt282.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt517.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt133.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt384.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt565.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt127.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt477.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt266.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt85.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt410.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt375.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt203.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt3.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt362.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt441.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt238.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt553.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt304.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt556.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt318.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt99.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt0.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt176.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt465.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt507.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt59.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt482.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt320.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt498.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt142.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt321.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt27.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt549.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt215.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt424.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt229.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt521.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt336.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt394.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt243.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt487.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt543.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt168.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt172.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt499.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt156.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt436.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt16.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt126.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt248.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt65.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt505.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt426.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt80.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt427.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt448.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt347.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt119.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt345.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt538.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt354.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt378.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt278.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt464.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt315.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt391.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt197.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt514.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt479.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt24.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt264.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt309.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt344.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt183.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt9.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt433.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt14.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt58.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt291.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt386.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt73.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt86.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt70.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt161.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt123.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt191.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt288.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt165.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt308.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt241.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt242.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt275.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt63.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt145.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt437.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt82.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt379.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt271.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt509.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt483.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt247.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt447.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt274.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt202.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt492.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt407.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt419.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt449.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt207.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt141.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt92.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt167.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt526.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt175.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt190.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt96.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt360.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt333.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt13.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt411.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt348.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt443.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt462.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt68.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt513.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt532.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt400.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt417.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt43.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt25.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt349.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt162.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt131.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt523.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt445.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt121.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt460.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt390.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt55.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt415.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt262.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt188.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt306.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt257.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt283.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt220.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt418.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt491.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt501.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt67.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt404.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt440.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt182.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt104.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt412.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt219.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt213.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt313.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt72.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt365.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt148.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt486.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt171.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt221.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt212.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt564.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt193.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt5.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt89.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt201.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt510.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt557.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt147.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt376.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt327.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt12.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt359.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt53.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt187.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt150.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt225.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt102.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt389.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt136.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt230.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt547.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt26.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt439.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt496.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt520.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt552.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt413.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt567.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt211.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt179.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt401.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt45.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt62.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt563.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt392.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt472.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt504.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt527.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt217.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt46.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt414.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt548.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt33.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt435.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt277.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt166.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt512.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt256.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt74.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt535.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt60.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt502.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt528.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt302.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt260.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt267.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt351.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt263.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt57.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt110.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt497.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt337.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt77.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt56.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt87.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt429.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt268.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt91.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt76.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt75.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt408.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt109.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt368.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt134.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt290.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt319.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt355.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt409.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt332.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt210.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt387.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt480.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt170.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt422.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt399.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt138.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt2.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt178.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt181.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt192.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt300.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt393.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt31.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt38.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt542.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt293.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt173.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt416.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt28.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt555.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt312.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt493.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt107.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt51.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt533.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt338.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt346.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt531.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt129.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt310.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt494.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt7.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt117.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt48.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt478.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt98.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt382.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt39.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt19.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt114.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt153.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt459.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt227.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt64.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt331.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt529.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt88.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt361.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt456.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt180.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt90.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt281.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt285.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt405.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt566.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt322.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt559.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt194.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt305.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt36.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt500.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt253.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt323.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt353.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt475.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt381.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt385.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt343.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt342.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion

Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)

Source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: ySa6pbYfI5.exe, 00000000.00000003.1202361575.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1198799045.0000000001335000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1320562281.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1323839893.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1314492517.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000002.1470818680.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1322425166.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1354442971.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1355071196.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1395406046.0000000001337000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001337000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1200766158.0000000001311000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1399904850.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/ui.win32.js.map/d6bb35bc608af2672a5b746ba
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/generate_204
Source: ySa6pbYfI5.exe, 00000000.00000003.1384967740.00000000015FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: ySa6pbYfI5.exe, 00000000.00000003.1385144140.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1384967740.00000000015FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expecte
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/react-native-community/react-native-netinfo
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: ySa6pbYfI5.exe, 00000000.00000003.1238646069.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://javadl-esd-secure.oracle.com/update/1.8.0/map-1.8.0.xml)
Source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.000000000140B000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org#
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1320302649.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1395888246.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1329139332.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1321833953.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1325700997.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1196425683.000000000130F000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1200871034.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1396572911.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1395687310.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1205676017.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1320808047.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1321595026.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.torproject.org/download/)
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt

Dropped file: ***Welcome to Brain Cipher Ransomware!***Dear managers!If you're reading this, it means your systems have been hacked and encrypted and your data stolen.***The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours.In order for it to be successful, you must follow a few points:1.Don't go to the police, etc.2.Do not attempt to recover data on your own.3.Do not take the help of third-party data recovery companies.In most cases, they are scammers who will pay us a ransom and take a for themselves.***If you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. Download and install Tor Browser (https://www.torproject.org/download/) 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. Enter your encryption ID: uYrTA6hpRFsWQR0nqlFk5WK8S+zUIHNd9T3L6aykdR27ztPJwC3xHOsdSBkZhmr+yKcnVLCct0ffjVRy5yvFQydzhzQWJREmail to support: brain.support@cyberfear.com

Yara detected LockBit ransomware

Source: Yara match	File source: ySa6pbYfI5.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1470276016.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1193306385.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\NWTVCDUMOB\YPSIACHYXW.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\NWTVCDUMOB\JSDNGYCOWY.pdf	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\NWTVCDUMOB\NWTVCDUMOB.docx	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\LTKMYBSEYZ\YPSIACHYXW.jpg	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\WUTJSCBCFX.pdf	Jump to behavior

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file

Writes many files with high entropy

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lLvEslN.flzQgniJJ entropy: 7.99450477602	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JiDzVKo.flzQgniJJ entropy: 7.99476068083	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9DFnwR0.flzQgniJJ entropy: 7.99476081408	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\umGg9VF.flzQgniJJ entropy: 7.99501768672	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VFspB2T.flzQgniJJ entropy: 7.99485847168	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\w7QQVpW.flzQgniJJ entropy: 7.99422689049	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\LGtvZ3k.flzQgniJJ entropy: 7.99830978438	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ydMdVEj.flzQgniJJ entropy: 7.99551664128	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OK776sU.flzQgniJJ entropy: 7.99537234936	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\l6LR96b.flzQgniJJ entropy: 7.99504045342	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\chR6grN.flzQgniJJ entropy: 7.99445879401	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PqrGM5S.flzQgniJJ entropy: 7.99558091957	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HQV8IYj.flzQgniJJ entropy: 7.99531435838	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uqatnZC.flzQgniJJ entropy: 7.9943233585	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\NOtMaeB.flzQgniJJ entropy: 7.99439697839	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\958jpcv.flzQgniJJ entropy: 7.99520811577	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2oceTvj.flzQgniJJ entropy: 7.99514471646	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\bzZ7Coa.flzQgniJJ entropy: 7.99388608264	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\IktJqns.flzQgniJJ entropy: 7.99484683169	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\aL8lzvv.flzQgniJJ entropy: 7.99532269563	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\0gXqeA0.flzQgniJJ entropy: 7.99075074066	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\DxztdKA.flzQgniJJ entropy: 7.995358054	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vQiyvJO.flzQgniJJ entropy: 7.99555400587	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\zG2kaFO.flzQgniJJ entropy: 7.99439837148	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Q4ittg7.flzQgniJJ entropy: 7.99422313474	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\mAhAuIP.flzQgniJJ entropy: 7.99459869025	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2mfhbua.flzQgniJJ entropy: 7.99503480463	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\jq4dwpw.flzQgniJJ entropy: 7.99509939226	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OXmRLc0.flzQgniJJ entropy: 7.99431915559	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\GJhacxD.flzQgniJJ entropy: 7.99553508878	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\jorBjDG.flzQgniJJ entropy: 7.99557922556	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\BKHF3m4.flzQgniJJ entropy: 7.9961379984	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\npdJ2A2.flzQgniJJ entropy: 7.99555047638	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\mSKeeAg.flzQgniJJ entropy: 7.99481841896	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\zpA2luL.flzQgniJJ entropy: 7.9947007786	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\4RQywvx.flzQgniJJ entropy: 7.99508076631	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\QopAdpN.flzQgniJJ entropy: 7.99458338107	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Mtgh3NE.flzQgniJJ entropy: 7.99490684503	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hLHaUGp.flzQgniJJ entropy: 7.99497692143	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Z1vMLuu.flzQgniJJ entropy: 7.99562822231	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\nvlHmLj.flzQgniJJ entropy: 7.99550159526	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ihb7jtC.flzQgniJJ entropy: 7.99547948602	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\tkbNyTJ.flzQgniJJ entropy: 7.9950552592	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\C9qKJRV.flzQgniJJ entropy: 7.99491130167	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\NSa8PAw.flzQgniJJ entropy: 7.99503753983	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\w3OsKLy.flzQgniJJ entropy: 7.99463078748	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Q8EUAJz.flzQgniJJ entropy: 7.99463517773	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\bK8sK8R.flzQgniJJ entropy: 7.99517405601	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wCxlAJX.flzQgniJJ entropy: 7.99422383205	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MLD3V1b.flzQgniJJ entropy: 7.99530407435	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\lPE6WH8.flzQgniJJ entropy: 7.99966888743	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\AYRhNEb.flzQgniJJ entropy: 7.9996368383	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\BRzQFVR.flzQgniJJ entropy: 7.99965776538	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FI8bmJE.flzQgniJJ entropy: 7.99962121446	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\6DkgYjG.flzQgniJJ entropy: 7.99479721876	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\qoa7wP6.flzQgniJJ entropy: 7.99724309293	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\jdRYs0G.flzQgniJJ entropy: 7.99471657629	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\7PlayUS.flzQgniJJ entropy: 7.99069509505	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\IXI8chk.flzQgniJJ entropy: 7.99700882843	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\pt6fjMB.flzQgniJJ entropy: 7.99852922499	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\ZvyEmdT.flzQgniJJ entropy: 7.99544295563	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\bZjNtZB.flzQgniJJ entropy: 7.99592209358	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\HQM7kBG.flzQgniJJ entropy: 7.99907983412	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\tgcXrSf.flzQgniJJ entropy: 7.99894059201	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\02yeBlb.flzQgniJJ entropy: 7.99723688667	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\womHnwu.flzQgniJJ entropy: 7.99514900846	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\QBiGwI5.flzQgniJJ entropy: 7.99683164588	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\yt0Sf24.flzQgniJJ entropy: 7.99732306059	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\JKQFk6w.flzQgniJJ entropy: 7.99794494511	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\w7qhZfL.flzQgniJJ entropy: 7.99279588538	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\ySa6pbYfI5.exe entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.99730677192	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: ySa6pbYfI5.exe, type: SAMPLE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 0.0.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 0.2.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 00000000.00000002.1470276016.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 00000000.00000000.1193306385.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B904B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,	0_2_00B904B4
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B89880 NtClose,	0_2_00B89880
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B97034 KiUserCallbackDispatcher,CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,	0_2_00B97034
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B470 NtProtectVirtualMemory,	0_2_00B8B470
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8DC60 NtTerminateProcess,	0_2_00B8DC60
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8E45C SetFileAttributesW,CreateFileW,SetFilePointerEx,ReadFile,NtClose,	0_2_00B8E45C
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B444 NtSetInformationThread,	0_2_00B8B444
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8E1E8 CreateThread,NtClose,	0_2_00B8E1E8
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8DE78 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,	0_2_00B8DE78
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B674 NtQueryInformationToken,	0_2_00B8B674
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B86668 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,	0_2_00B86668
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87E58 NtQuerySystemInformation,Sleep,	0_2_00B87E58
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B897D8 NtQuerySystemInformation,	0_2_00B897D8
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B3C0 NtSetInformationThread,NtClose,	0_2_00B8B3C0
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B734 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	0_2_00B8B734
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B88F68 RtlAdjustPrivilege,NtSetInformationThread,	0_2_00B88F68
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8982A NtQuerySystemInformation,	0_2_00B8982A
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B89811 NtQuerySystemInformation,	0_2_00B89811
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87EA3 NtQuerySystemInformation,Sleep,	0_2_00B87EA3
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87E8A NtQuerySystemInformation,Sleep,	0_2_00B87E8A
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B88F66 RtlAdjustPrivilege,NtSetInformationThread,	0_2_00B88F66
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00402760 CreateFileW,ReadFile,NtClose,	9_2_00402760
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	9_2_0040286C
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,	9_2_00402F18
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00401DC2 NtProtectVirtualMemory,	9_2_00401DC2
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00401D94 NtSetInformationThread,	9_2_00401D94
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,	9_2_004016B4

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B8A68C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,

0_2_00B8A68C

Detected potential crypto function

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B880B8	0_2_00B880B8
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B820AC	0_2_00B820AC
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B84D08	0_2_00B84D08
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B84D03	0_2_00B84D03
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B85218	0_2_00B85218

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\ProgramData\BB68.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2

Enables security privileges

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Process token adjusted: Security

Source: ySa6pbYfI5.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: ySa6pbYfI5.exe, type: SAMPLE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 0.0.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 0.2.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 00000000.00000002.1470276016.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 00000000.00000000.1193306385.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18

Source: BB68.tmp.0.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.rans.phis.spyw.evad.winEXE@6/1157@0/0

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\Users\flzQgniJJ.README.txt

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
Source: C:\ProgramData\BB68.tmp	Mutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\6118fa3ef7bb04f51f7fb671c888a726

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\Users\user\AppData\Local\Temp\flzQgniJJ.README.txt

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: ySa6pbYfI5.exe	Virustotal: Detection: 91%
Source: ySa6pbYfI5.exe	ReversingLabs: Detection: 91%

Source: unknown	Process created: C:\Users\user\Desktop\ySa6pbYfI5.exe "C:\Users\user\Desktop\ySa6pbYfI5.exe"
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process created: C:\ProgramData\BB68.tmp "C:\ProgramData\BB68.tmp"
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process created: C:\ProgramData\BB68.tmp "C:\ProgramData\BB68.tmp"	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: gpedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dssec.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dsuiext.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: adsldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Section loaded: apphelp.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: rstrtmgr.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: ncrypt.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: ntasn1.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: windows.storage.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: wldp.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: uxtheme.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: propsys.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: profapi.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: edputil.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: urlmon.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: iertutil.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: srvcli.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: netutils.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: sspicli.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: wintypes.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: appresolver.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: bcp47langs.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: slc.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: userenv.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: sppc.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

PE file contains an invalid checksum

Source: ySa6pbYfI5.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: ySa6pbYfI5.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*B source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ownload.errorJJc source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBntkrnlmp.pdb.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\ source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1268763628.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1277671750.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290304618.0000000001311000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278838003.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1269919920.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1275110394.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001314000.00000004.00000020.00020000.00000000.sdmp

Source: BB68.tmp.0.dr	Static PE information: real checksum: 0x8fd0 should be: 0x4f26
Source: ySa6pbYfI5.exe	Static PE information: real checksum: 0x31f51 should be: 0x30237

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B861EE push esp; retf	0_2_00B861F6
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B835D3 push 0000006Ah; retf	0_2_00B83644
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B835D5 push 0000006Ah; retf	0_2_00B83644
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8356B push 0000006Ah; retf	0_2_00B83644

Source: BB68.tmp.0.dr

Static PE information: section name: .text entropy: 7.985216639497568

Drops PE files

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\ProgramData\BB68.tmp

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\ProgramData\BB68.tmp

Deletes itself after installation

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Videos\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Searches\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Saved Games\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Recent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Saved Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Camera Roll\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\OneDrive\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Music\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Downloads\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Contacts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Headlights\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\7f127c30-a3b8-4aab-b28d-01f679ac280d\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\VirtualStore\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_965461321\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_62919943\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_601093063\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_423664317\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_320437163\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_236606693\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_2073859434\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1819848164\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1798580215\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1740856358\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1567651471\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1239538394\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1077836906\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1012409649\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrocef_low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PeerDistRepub\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{ac01b07d-c9ac-4d31-8220-3dc6d7aa0576}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{6f6a6616-c437-4533-b6a1-6b30da29cd38}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c82d26a9-b16c-48ba-9444-88303f538f65}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2a70518f-e7a0-4a14-8a8d-2991fcb86143}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{02b284b0-4610-48dd-ba97-e3e2c44983a1}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL

Contains functionality to clear windows event logs (to hide its activities)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B891C8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,

0_2_00B891C8

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX

Malware Analysis System Evasion

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B810BC		0_2_00B810BC
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00401E28		9_2_00401E28

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B810BC rdtsc

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B874BC FindFirstFileExW,FindNextFileW,	0_2_00B874BC
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8A094 FindFirstFileExW,FindClose,	0_2_00B8A094
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B85C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,	0_2_00B85C24
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87590 FindFirstFileExW,	0_2_00B87590
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,	0_2_00B8766C
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,	0_2_00B8F308
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040227C FindFirstFileExW,	9_2_0040227C
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,	9_2_0040152C

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B8A470 GetLogicalDriveStringsW,

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\	Jump to behavior

Source: BB68.tmp, 00000009.00000002.1475322976.0000000000643000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ySa6pbYfI5.exe, 00000000.00000003.1238646069.000000000137D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: ySa6pbYfI5.exe, 00000000.00000003.1291963642.0000000001448000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hyper-v:wux:hyper-v~
Source: BB68.tmp, 00000009.00000002.1475322976.0000000000643000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\k
Source: ySa6pbYfI5.exe, 00000000.00000003.1394987910.00000000015F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: ySa6pbYfI5.exe, 00000000.00000003.1394987910.00000000015F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: ySa6pbYfI5.exe, 00000000.00000003.1239793503.000000000137D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 10/05/2023 08:26:06.205OFFICEC2 (0x14b0)0x1290Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 189, "Time": "2023-10-05T06:26:01Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "pNpni+sgFme2AbL0FaUYvRnb6Aw=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
Source: ySa6pbYfI5.exe, 00000000.00000003.1442603265.0000000001371000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Thread information set: HideFromDebugger

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B810BC rdtsc

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B85A20 LdrLoadDll,

0_2_00B85A20

Enables debug privileges

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process token adjusted: Debug	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Memory written: C:\ProgramData\BB68.tmp base: 401000

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process created: C:\ProgramData\BB68.tmp "C:\ProgramData\BB68.tmp"			Jump to behavior
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B810BC cpuid

Contains functionality to query locales information (e.g. system language)

Source: C:\ProgramData\BB68.tmp

Code function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,

9_2_00403983

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B904B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,

0_2_00B904B4

Lowering of HIPS / PFW / Operating System Security Settings

Overwrites Mozilla Firefox settings

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\flzQgniJJ.README.txt	Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\8Yi9dBo.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\UU3nO6F.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\L4p6W7I.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Z5330ns.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\haFTKVs.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\DZNlBsb.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\times.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\skK6a9J.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\yrTtFHT.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\PxMiBMF.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\8QRha8C.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\hpF0wtD.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bBbfmKi.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104ab	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bC5Fxcz.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\CSiBQtI.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\lujG8xz.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\TGJPo0e.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\b2uUwcH.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.ini	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\MZO0XDt.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AjAVE2q.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\27DKOMi.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\WpyzHHM.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\7qtEOYS.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\QGxhZ1W.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\nchPqjw.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\WF1ztFo.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35ed	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\U8FzaQp.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\state.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\V1TOBFx.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\ItMf1fj.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\XO3qVDG.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-update	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1pj1xui.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\KwGJYGB.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\KpfGxOZ.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\5PXONRs.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\SCkvazf.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\yHGNdGh.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\PKd6P76.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Gtvj3Hq.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gh6mKxL.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\XFek5T4.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\81cTKVk.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\UAbeiic.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\x94eWHd.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\MUsRe7A.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\x1QRZUA.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\diOg5up.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\zUVfU5D.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\FkZ03Qr.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\wjCngdg.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\qk3ZERQ.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ugZPY3M.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\rBnTSpA.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\wAYAzna.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\1Qjg4FA.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\o3JTGY0.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6b	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\SVzbsNj.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\MZ1GGSK.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\qht6WF2.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\events	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\125HQen.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\31Yn7O0.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\rB9WHfY.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xUXbsmZ.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Qc1MVeE.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\HwwFi7e.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\75265401-2d75-4127-a70f-7d6e61df69a0	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\9eVpDkZ.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\BkYyCNP.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gHrnCF0.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\8zW39IG.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\9SXUSms.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838410.75265401-2d75-4127-a70f-7d6e61df69a0.health.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\8F4e7dR.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\cpyS0ag.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\oQN69H9.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\shield-preference-experiments.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\TRaisXd.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extension-preferences.json	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\Ek2BPLW.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\QPFGtCq.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\DMM6NVp.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\oNZb0J1.flzQgniJJ	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite	Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ySa6pbYfI5.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\ProgramData\BB68.tmp

Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen

Found malware configuration

Source: flzQgniJJ.README.txt428.0.dr

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\BB68.tmp

ReversingLabs: Detection: 85%

Multi AV Scanner detection for submitted file

Source: ySa6pbYfI5.exe	Virustotal: Detection: 91%			Perma Link
Source: ySa6pbYfI5.exe	ReversingLabs: Detection: 91%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Neural Call Log Analysis: 100.0%

Source: ySa6pbYfI5.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Videos\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Searches\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Saved Games\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Recent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Saved Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Camera Roll\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\OneDrive\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Music\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Downloads\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Contacts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Headlights\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\7f127c30-a3b8-4aab-b28d-01f679ac280d\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\VirtualStore\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_965461321\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_62919943\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_601093063\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_423664317\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_320437163\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_236606693\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_2073859434\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1819848164\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1798580215\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1740856358\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1567651471\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1239538394\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1077836906\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1012409649\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrocef_low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PeerDistRepub\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{ac01b07d-c9ac-4d31-8220-3dc6d7aa0576}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{6f6a6616-c437-4533-b6a1-6b30da29cd38}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c82d26a9-b16c-48ba-9444-88303f538f65}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2a70518f-e7a0-4a14-8a8d-2991fcb86143}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{02b284b0-4610-48dd-ba97-e3e2c44983a1}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior

Source: ySa6pbYfI5.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*B source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ownload.errorJJc source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBntkrnlmp.pdb.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\ source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1268763628.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1277671750.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290304618.0000000001311000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278838003.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1269919920.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1275110394.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001314000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B874BC FindFirstFileExW,FindNextFileW,	0_2_00B874BC
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8A094 FindFirstFileExW,FindClose,	0_2_00B8A094
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B85C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,	0_2_00B85C24
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87590 FindFirstFileExW,	0_2_00B87590
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,	0_2_00B8766C
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,	0_2_00B8F308
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040227C FindFirstFileExW,	9_2_0040227C
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,	9_2_0040152C

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B8A470 GetLogicalDriveStringsW,

Found ransom note / readme

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\	Jump to behavior

Networking

Found Tor onion address

Source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1320302649.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1395888246.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1329139332.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321833953.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1325700997.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1196425683.000000000130F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1200871034.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1200871034.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1396572911.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1395687310.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1205676017.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1205676017.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1320808047.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321595026.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1330962913.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1399904850.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1396572911.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1268763628.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1277671750.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1290304618.0000000001311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321595026.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1418378351.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1202361575.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1202361575.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1198799045.0000000001335000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1320562281.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1323839893.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1314492517.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000002.1470818680.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1322425166.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1354442971.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1355071196.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1395406046.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1200766158.0000000001311000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1399904850.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1323451408.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1278838003.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1269919920.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1321058203.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1314492517.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1201822562.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1201822562.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1275110394.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1325700997.0000000001355000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000002.1470818680.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001314000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1322023394.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1198950201.0000000001335000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt428.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt195.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt311.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt317.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt40.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt314.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt158.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt466.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt200.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt94.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt61.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt524.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt396.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt366.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt140.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt438.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt35.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt367.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt185.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt199.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt236.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt369.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt506.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt334.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt272.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt341.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt270.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt541.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt144.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt155.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt120.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt325.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt380.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt95.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt286.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt184.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt370.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt471.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt69.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt276.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt508.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt137.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt198.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt240.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt97.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt536.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt20.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt455.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt157.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt111.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt189.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt525.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt174.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt284.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt47.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt561.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt254.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt484.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt261.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt551.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt218.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt115.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt294.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt453.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt23.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt423.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt356.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt226.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt50.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt258.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt519.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt406.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt329.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt1.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt364.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt562.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt71.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt468.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt358.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt251.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt204.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt239.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt122.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt539.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt265.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt11.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt49.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt446.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt430.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt452.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt205.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt108.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt196.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt249.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt84.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt112.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt139.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt21.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt397.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt485.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt470.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt403.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt324.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt388.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt307.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt255.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt425.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt481.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt383.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt444.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt81.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt237.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt296.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt371.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt303.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt398.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt476.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt282.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt517.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt133.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt384.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt565.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt127.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt477.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt266.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt85.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt410.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt375.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt203.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt3.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt362.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt441.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt238.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt553.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt304.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt556.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt318.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt99.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt0.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt176.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt465.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt507.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt59.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt482.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt320.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt498.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt142.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt321.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt27.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt549.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt215.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt424.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt229.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt521.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt336.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt394.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt243.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt487.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt543.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt168.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt172.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt499.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt156.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt436.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt16.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt126.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt248.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt65.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt505.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt426.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt80.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt427.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt448.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt347.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt119.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt345.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt538.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt354.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt378.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt278.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt464.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt315.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt391.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt197.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt514.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt479.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt24.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt264.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt309.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt344.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt183.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt9.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt433.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt14.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt58.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt291.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt386.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt73.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt86.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt70.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt161.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt123.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt191.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt288.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt165.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt308.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt241.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt242.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt275.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt63.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt145.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt437.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt82.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt379.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt271.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt509.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt483.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt247.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt447.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt274.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt202.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt492.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt407.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt419.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt449.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt207.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt141.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt92.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt167.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt526.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt175.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt190.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt96.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt360.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt333.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt13.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt411.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt348.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt443.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt462.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt68.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt513.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt532.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt400.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt417.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt43.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt25.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt349.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt162.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt131.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt523.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt445.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt121.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt460.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt390.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt55.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt415.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt262.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt188.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt306.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt257.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt283.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt220.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt418.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt491.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt501.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt67.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt404.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt440.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt182.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt104.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt412.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt219.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt213.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt313.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt72.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt365.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt148.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt486.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt171.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt221.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt212.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt564.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt193.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt5.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt89.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt201.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt510.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt557.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt147.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt376.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt327.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt12.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt359.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt53.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt187.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt150.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt225.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt102.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt389.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt136.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt230.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt547.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt26.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt439.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt496.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt520.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt552.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt413.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt567.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt211.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt179.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt401.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt45.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt62.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt563.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt392.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt472.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt504.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt527.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt217.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt46.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt414.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt548.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt33.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt435.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt277.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt166.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt512.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt256.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt74.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt535.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt60.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt502.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt528.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt302.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt260.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt267.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt351.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt263.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt57.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt110.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt497.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt337.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt77.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt56.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt87.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt429.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt268.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt91.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt76.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt75.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt408.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt109.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt368.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt134.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt290.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt319.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt355.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt409.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt332.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt210.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt387.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt480.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt170.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt422.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt399.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt138.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt2.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt178.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt181.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt192.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt300.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt393.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt31.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt38.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt542.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt293.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt173.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt416.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt28.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt555.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt312.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt493.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt107.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt51.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt533.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt338.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt346.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt531.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt129.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt310.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt494.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt7.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt117.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt48.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt478.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt98.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt382.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt39.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt19.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt114.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt153.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt459.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt227.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt64.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt331.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt529.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt88.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt361.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt456.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt180.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt90.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt281.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt285.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt405.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt566.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt322.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt559.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt194.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt305.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt36.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt500.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt253.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt323.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt353.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt475.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt381.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt385.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt343.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: flzQgniJJ.README.txt342.0.dr	String found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion

Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)

Source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: ySa6pbYfI5.exe, 00000000.00000003.1202361575.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1198799045.0000000001335000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1320562281.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1323839893.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1314492517.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000002.1470818680.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1322425166.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1354442971.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1355071196.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1395406046.0000000001337000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001337000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1200766158.0000000001311000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1399904850.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/ui.win32.js.map/d6bb35bc608af2672a5b746ba
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/generate_204
Source: ySa6pbYfI5.exe, 00000000.00000003.1384967740.00000000015FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: ySa6pbYfI5.exe, 00000000.00000003.1385144140.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1384967740.00000000015FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expecte
Source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.000000000148D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/react-native-community/react-native-netinfo
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: ySa6pbYfI5.exe, 00000000.00000003.1238646069.000000000137D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://javadl-esd-secure.oracle.com/update/1.8.0/map-1.8.0.xml)
Source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.000000000140B000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org#
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: ySa6pbYfI5.exe, 00000000.00000003.1206869334.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: ySa6pbYfI5.exe, 00000000.00000003.1207062577.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290919266.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1320302649.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1327551734.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1395888246.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1329139332.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1321833953.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1325700997.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1196425683.000000000130F000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1200871034.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1396572911.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1395687310.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1205676017.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1328253375.0000000001355000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1320808047.0000000001338000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1321595026.0000000001338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.torproject.org/download/)
Source: ySa6pbYfI5.exe, 00000000.00000003.1211541696.0000000001412000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt

Yara detected LockBit ransomware

Source: Yara match	File source: ySa6pbYfI5.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1470276016.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1193306385.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\NWTVCDUMOB\YPSIACHYXW.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\NWTVCDUMOB\JSDNGYCOWY.pdf	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\NWTVCDUMOB\NWTVCDUMOB.docx	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\LTKMYBSEYZ\YPSIACHYXW.jpg	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File moved: C:\Users\user\Desktop\WUTJSCBCFX.pdf	Jump to behavior

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File dropped: C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt -> encrypted and your data stolen.*the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.*if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: uyrta6hprfswqr0nqlfk5wk8s+zuihnd9t	Jump to dropped file

Writes many files with high entropy

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lLvEslN.flzQgniJJ entropy: 7.99450477602	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JiDzVKo.flzQgniJJ entropy: 7.99476068083	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9DFnwR0.flzQgniJJ entropy: 7.99476081408	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\umGg9VF.flzQgniJJ entropy: 7.99501768672	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VFspB2T.flzQgniJJ entropy: 7.99485847168	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\w7QQVpW.flzQgniJJ entropy: 7.99422689049	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\LGtvZ3k.flzQgniJJ entropy: 7.99830978438	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ydMdVEj.flzQgniJJ entropy: 7.99551664128	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OK776sU.flzQgniJJ entropy: 7.99537234936	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\l6LR96b.flzQgniJJ entropy: 7.99504045342	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\chR6grN.flzQgniJJ entropy: 7.99445879401	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PqrGM5S.flzQgniJJ entropy: 7.99558091957	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HQV8IYj.flzQgniJJ entropy: 7.99531435838	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uqatnZC.flzQgniJJ entropy: 7.9943233585	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\NOtMaeB.flzQgniJJ entropy: 7.99439697839	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\958jpcv.flzQgniJJ entropy: 7.99520811577	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2oceTvj.flzQgniJJ entropy: 7.99514471646	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\bzZ7Coa.flzQgniJJ entropy: 7.99388608264	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\IktJqns.flzQgniJJ entropy: 7.99484683169	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\aL8lzvv.flzQgniJJ entropy: 7.99532269563	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\0gXqeA0.flzQgniJJ entropy: 7.99075074066	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\DxztdKA.flzQgniJJ entropy: 7.995358054	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vQiyvJO.flzQgniJJ entropy: 7.99555400587	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\zG2kaFO.flzQgniJJ entropy: 7.99439837148	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Q4ittg7.flzQgniJJ entropy: 7.99422313474	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\mAhAuIP.flzQgniJJ entropy: 7.99459869025	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2mfhbua.flzQgniJJ entropy: 7.99503480463	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\jq4dwpw.flzQgniJJ entropy: 7.99509939226	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OXmRLc0.flzQgniJJ entropy: 7.99431915559	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\GJhacxD.flzQgniJJ entropy: 7.99553508878	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\jorBjDG.flzQgniJJ entropy: 7.99557922556	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\BKHF3m4.flzQgniJJ entropy: 7.9961379984	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\npdJ2A2.flzQgniJJ entropy: 7.99555047638	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\mSKeeAg.flzQgniJJ entropy: 7.99481841896	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\zpA2luL.flzQgniJJ entropy: 7.9947007786	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\4RQywvx.flzQgniJJ entropy: 7.99508076631	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\QopAdpN.flzQgniJJ entropy: 7.99458338107	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Mtgh3NE.flzQgniJJ entropy: 7.99490684503	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hLHaUGp.flzQgniJJ entropy: 7.99497692143	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Z1vMLuu.flzQgniJJ entropy: 7.99562822231	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\nvlHmLj.flzQgniJJ entropy: 7.99550159526	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ihb7jtC.flzQgniJJ entropy: 7.99547948602	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\tkbNyTJ.flzQgniJJ entropy: 7.9950552592	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\C9qKJRV.flzQgniJJ entropy: 7.99491130167	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\NSa8PAw.flzQgniJJ entropy: 7.99503753983	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\w3OsKLy.flzQgniJJ entropy: 7.99463078748	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Q8EUAJz.flzQgniJJ entropy: 7.99463517773	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\bK8sK8R.flzQgniJJ entropy: 7.99517405601	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wCxlAJX.flzQgniJJ entropy: 7.99422383205	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MLD3V1b.flzQgniJJ entropy: 7.99530407435	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\lPE6WH8.flzQgniJJ entropy: 7.99966888743	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\AYRhNEb.flzQgniJJ entropy: 7.9996368383	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\BRzQFVR.flzQgniJJ entropy: 7.99965776538	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FI8bmJE.flzQgniJJ entropy: 7.99962121446	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\6DkgYjG.flzQgniJJ entropy: 7.99479721876	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\qoa7wP6.flzQgniJJ entropy: 7.99724309293	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\jdRYs0G.flzQgniJJ entropy: 7.99471657629	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\7PlayUS.flzQgniJJ entropy: 7.99069509505	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\IXI8chk.flzQgniJJ entropy: 7.99700882843	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\pt6fjMB.flzQgniJJ entropy: 7.99852922499	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\ZvyEmdT.flzQgniJJ entropy: 7.99544295563	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\bZjNtZB.flzQgniJJ entropy: 7.99592209358	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\HQM7kBG.flzQgniJJ entropy: 7.99907983412	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\tgcXrSf.flzQgniJJ entropy: 7.99894059201	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\02yeBlb.flzQgniJJ entropy: 7.99723688667	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\womHnwu.flzQgniJJ entropy: 7.99514900846	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\QBiGwI5.flzQgniJJ entropy: 7.99683164588	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\yt0Sf24.flzQgniJJ entropy: 7.99732306059	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\JKQFk6w.flzQgniJJ entropy: 7.99794494511	Jump to dropped file
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\w7qhZfL.flzQgniJJ entropy: 7.99279588538	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\ySa6pbYfI5.exe entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.99730677192	Jump to dropped file
Source: C:\ProgramData\BB68.tmp	File created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.99730677192	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: ySa6pbYfI5.exe, type: SAMPLE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 0.0.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 0.2.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 00000000.00000002.1470276016.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
Source: 00000000.00000000.1193306385.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B904B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,	0_2_00B904B4
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B89880 NtClose,	0_2_00B89880
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B97034 KiUserCallbackDispatcher,CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,	0_2_00B97034
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B470 NtProtectVirtualMemory,	0_2_00B8B470
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8DC60 NtTerminateProcess,	0_2_00B8DC60
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8E45C SetFileAttributesW,CreateFileW,SetFilePointerEx,ReadFile,NtClose,	0_2_00B8E45C
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B444 NtSetInformationThread,	0_2_00B8B444
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8E1E8 CreateThread,NtClose,	0_2_00B8E1E8
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8DE78 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,	0_2_00B8DE78
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B674 NtQueryInformationToken,	0_2_00B8B674
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B86668 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,	0_2_00B86668
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87E58 NtQuerySystemInformation,Sleep,	0_2_00B87E58
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B897D8 NtQuerySystemInformation,	0_2_00B897D8
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B3C0 NtSetInformationThread,NtClose,	0_2_00B8B3C0
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8B734 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	0_2_00B8B734
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B88F68 RtlAdjustPrivilege,NtSetInformationThread,	0_2_00B88F68
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8982A NtQuerySystemInformation,	0_2_00B8982A
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B89811 NtQuerySystemInformation,	0_2_00B89811
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87EA3 NtQuerySystemInformation,Sleep,	0_2_00B87EA3
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87E8A NtQuerySystemInformation,Sleep,	0_2_00B87E8A
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B88F66 RtlAdjustPrivilege,NtSetInformationThread,	0_2_00B88F66
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00402760 CreateFileW,ReadFile,NtClose,	9_2_00402760
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,	9_2_0040286C
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,	9_2_00402F18
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00401DC2 NtProtectVirtualMemory,	9_2_00401DC2
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00401D94 NtSetInformationThread,	9_2_00401D94
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,	9_2_004016B4

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B8A68C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,

0_2_00B8A68C

Detected potential crypto function

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B880B8	0_2_00B880B8
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B820AC	0_2_00B820AC
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B84D08	0_2_00B84D08
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B84D03	0_2_00B84D03
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B85218	0_2_00B85218

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\ProgramData\BB68.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2

Enables security privileges

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Process token adjusted: Security

Source: ySa6pbYfI5.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: ySa6pbYfI5.exe, type: SAMPLE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 0.0.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 0.2.ySa6pbYfI5.exe.b80000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 00000000.00000002.1470276016.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
Source: 00000000.00000000.1193306385.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18

Source: BB68.tmp.0.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.rans.phis.spyw.evad.winEXE@6/1157@0/0

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\Users\flzQgniJJ.README.txt

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
Source: C:\ProgramData\BB68.tmp	Mutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\6118fa3ef7bb04f51f7fb671c888a726

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\Users\user\AppData\Local\Temp\flzQgniJJ.README.txt

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: ySa6pbYfI5.exe	Virustotal: Detection: 91%
Source: ySa6pbYfI5.exe	ReversingLabs: Detection: 91%

Source: unknown	Process created: C:\Users\user\Desktop\ySa6pbYfI5.exe "C:\Users\user\Desktop\ySa6pbYfI5.exe"
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process created: C:\ProgramData\BB68.tmp "C:\ProgramData\BB68.tmp"
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process created: C:\ProgramData\BB68.tmp "C:\ProgramData\BB68.tmp"	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: gpedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dssec.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dsuiext.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: adsldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Section loaded: apphelp.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: rstrtmgr.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: ncrypt.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: ntasn1.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: windows.storage.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: wldp.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: uxtheme.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: propsys.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: profapi.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: edputil.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: urlmon.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: iertutil.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: srvcli.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: netutils.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: sspicli.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: wintypes.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: appresolver.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: bcp47langs.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: slc.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: userenv.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: sppc.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\BB68.tmp	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

PE file contains an invalid checksum

Source: ySa6pbYfI5.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: ySa6pbYfI5.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: lmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\?6 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*B source: ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Device\HarddiskVolume3\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ownload.errorJJc source: ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2o7< source: ySa6pbYfI5.exe, 00000000.00000003.1239900750.0000000001403000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1238793893.0000000001403000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ad_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: ySa6pbYfI5.exe, 00000000.00000003.1244085764.0000000001402000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBntkrnlmp.pdb.pdb source: ySa6pbYfI5.exe, 00000000.00000003.1239833743.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243102541.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1243844882.000000000136D000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1240570369.000000000136D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\ source: ySa6pbYfI5.exe, 00000000.00000003.1280591651.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1274062706.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1268763628.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1277671750.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1290304618.0000000001311000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1288305972.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1267625450.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1285674869.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1271062173.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1280709417.0000000001313000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1286799042.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278667276.0000000001312000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1278838003.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1269919920.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1275110394.0000000001314000.00000004.00000020.00020000.00000000.sdmp, ySa6pbYfI5.exe, 00000000.00000003.1276328605.0000000001314000.00000004.00000020.00020000.00000000.sdmp

Source: BB68.tmp.0.dr	Static PE information: real checksum: 0x8fd0 should be: 0x4f26
Source: ySa6pbYfI5.exe	Static PE information: real checksum: 0x31f51 should be: 0x30237

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B861EE push esp; retf	0_2_00B861F6
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B835D3 push 0000006Ah; retf	0_2_00B83644
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B835D5 push 0000006Ah; retf	0_2_00B83644
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8356B push 0000006Ah; retf	0_2_00B83644

Source: BB68.tmp.0.dr

Static PE information: section name: .text entropy: 7.985216639497568

Drops PE files

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\ProgramData\BB68.tmp

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

File created: C:\ProgramData\BB68.tmp

Deletes itself after installation

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Videos\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Searches\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Saved Games\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Recent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Saved Pictures\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Pictures\Camera Roll\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\OneDrive\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Music\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Favorites\Links\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Downloads\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Documents\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZTGJILHXQB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\ZBEDCJPBEY\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\SQRKHNBNYN\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NWTVCDUMOB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\NIKHQAIQAU\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Desktop\LTKMYBSEYZ\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\Contacts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Headlights\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\7f127c30-a3b8-4aab-b28d-01f679ac280d\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\VirtualStore\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_965461321\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_62919943\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_601093063\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_423664317\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_320437163\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_236606693\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_2073859434\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1819848164\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1798580215\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1740856358\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1567651471\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1239538394\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1077836906\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1012409649\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrocef_low\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\PeerDistRepub\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{ac01b07d-c9ac-4d31-8220-3dc6d7aa0576}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{6f6a6616-c437-4533-b6a1-6b30da29cd38}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c82d26a9-b16c-48ba-9444-88303f538f65}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2a70518f-e7a0-4a14-8a8d-2991fcb86143}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{02b284b0-4610-48dd-ba97-e3e2c44983a1}\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\flzQgniJJ.README.txt	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\flzQgniJJ.README.txt	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL

Contains functionality to clear windows event logs (to hide its activities)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B891C8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,

0_2_00B891C8

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\ProgramData\BB68.tmp	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX

Malware Analysis System Evasion

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B810BC		0_2_00B810BC
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_00401E28		9_2_00401E28

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B810BC rdtsc

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B874BC FindFirstFileExW,FindNextFileW,	0_2_00B874BC
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8A094 FindFirstFileExW,FindClose,	0_2_00B8A094
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B85C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,	0_2_00B85C24
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B87590 FindFirstFileExW,	0_2_00B87590
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,	0_2_00B8766C
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Code function: 0_2_00B8F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,	0_2_00B8F308
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040227C FindFirstFileExW,	9_2_0040227C
Source: C:\ProgramData\BB68.tmp	Code function: 9_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,	9_2_0040152C

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B8A470 GetLogicalDriveStringsW,

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\	Jump to behavior

Source: BB68.tmp, 00000009.00000002.1475322976.0000000000643000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ySa6pbYfI5.exe, 00000000.00000003.1238646069.000000000137D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: ySa6pbYfI5.exe, 00000000.00000003.1291963642.0000000001448000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hyper-v:wux:hyper-v~
Source: BB68.tmp, 00000009.00000002.1475322976.0000000000643000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\k
Source: ySa6pbYfI5.exe, 00000000.00000003.1394987910.00000000015F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: ySa6pbYfI5.exe, 00000000.00000003.1394987910.00000000015F3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: ySa6pbYfI5.exe, 00000000.00000003.1239793503.000000000137D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 10/05/2023 08:26:06.205OFFICEC2 (0x14b0)0x1290Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 189, "Time": "2023-10-05T06:26:01Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "pNpni+sgFme2AbL0FaUYvRnb6Aw=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
Source: ySa6pbYfI5.exe, 00000000.00000003.1442603265.0000000001371000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\ProgramData\BB68.tmp	Thread information set: HideFromDebugger

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B810BC rdtsc

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B85A20 LdrLoadDll,

0_2_00B85A20

Enables debug privileges

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process token adjusted: Debug	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Writes to foreign memory regions

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Memory written: C:\ProgramData\BB68.tmp base: 401000

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe	Process created: C:\ProgramData\BB68.tmp "C:\ProgramData\BB68.tmp"			Jump to behavior
Source: C:\ProgramData\BB68.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\BB68.tmp >> NUL

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\ySa6pbYfI5.exe

Code function: 0_2_00B810BC cpuid