Create Interactive Tour

Analysis Report c647b2da_by_Libranalysis

Overview

General Information

Sample Name:c647b2da_by_Libranalysis (renamed file extension from none to exe)
Analysis ID:403142
MD5:c647b2da83ef8e1a790d1e0e25898780
SHA1:02871c02e581ad345f1c438b6c8c730cf2d2f534
SHA256:6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11
Tags:Sodinokibi
Infos:

Most interesting Screenshot:

Detection

Sodinokibi
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Found ransom note / readme
Multi AV Scanner detection for submitted file
Yara detected Sodinokibi Ransomware
Contains functionality to detect sleep reduction / modifications
Found Tor onion address
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to delete services
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • c647b2da_by_Libranalysis.exe (PID: 5556 cmdline: 'C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe' MD5: C647B2DA83EF8E1A790D1E0E25898780)
  • unsecapp.exe (PID: 1236 cmdline: C:\Windows\system32\wbem\unsecapp.exe -Embedding MD5: 9CBD3EC8D9E4F8CE54258B0573C66BEB)
  • c647b2da_by_Libranalysis.exe (PID: 3976 cmdline: 'C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe' MD5: C647B2DA83EF8E1A790D1E0E25898780)
  • cleanup
{
  "prc": [
    "firefox",
    "agntsvc",
    "tbirdconfig",
    "ocomm",
    "visio",
    "oracle",
    "outlook",
    "winword",
    "isqlplussvc",
    "mydesktopservice",
    "steam",
    "thunderbird",
    "ocautoupds",
    "synctime",
    "infopath",
    "thebat",
    "onenote",
    "excel",
    "encsvc",
    "mspub",
    "dbeng50",
    "sql",
    "sqbcoreservice",
    "xfssvccon",
    "msaccess",
    "powerpnt",
    "ocssd",
    "wordpad",
    "dbsnmp",
    "mydesktopqos"
  ],
  "sub": "3721",
  "svc": [
    "vss",
    "veeam",
    "sophos",
    "mepocs",
    "svc$",
    "backup",
    "sql",
    "memtas"
  ],
  "wht": {
    "ext": [
      "msp",
      "deskthemepack",
      "icl",
      "msu",
      "ldf",
      "wpx",
      "ics",
      "lnk",
      "cab",
      "com",
      "adv",
      "cmd",
      "hlp",
      "ocx",
      "exe",
      "bat",
      "drv",
      "diagcfg",
      "diagcab",
      "386",
      "icns",
      "scr",
      "mpa",
      "msstyles",
      "hta",
      "nls",
      "rtp",
      "sys",
      "themepack",
      "spl",
      "lock",
      "mod",
      "msc",
      "cpl",
      "msi",
      "idx",
      "key",
      "shs",
      "cur",
      "theme",
      "bin",
      "ani",
      "dll",
      "prf",
      "rom",
      "nomedia",
      "ps1",
      "ico",
      "diagpkg"
    ],
    "fls": [
      "bootsect.bak",
      "bootfont.bin",
      "boot.ini",
      "desktop.ini",
      "iconcache.db",
      "autorun.inf",
      "ntuser.dat",
      "thumbs.db",
      "ntuser.ini",
      "ntldr",
      "ntuser.dat.log"
    ],
    "fld": [
      "programdata",
      "program files",
      "$windows.~bt",
      "application data",
      "intel",
      "program files (x86)",
      "google",
      "mozilla",
      "perflogs",
      "tor browser",
      "$windows.~ws",
      "$recycle.bin",
      "system volume information",
      "windows.old",
      "appdata",
      "msocache",
      "boot"
    ]
  },
  "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA",
  "spsize": 25,
  "dmn": "quemargrasa.net;wraithco.com;dubnew.com;zweerscreatives.nl;eaglemeetstiger.de;highimpactoutdoors.net;vesinhnha.com.vn;rocketccw.com;div-vertriebsforschung.de;rieed.de;ulyssemarketing.com;jbbjw.com;moveonnews.com;em-gmbh.ch;deepsouthclothingcompany.com;2ekeus.nl;vdberg-autoimport.nl;deschl.net;teknoz.net;micahkoleoso.de;adoptioperheet.fi;leda-ukraine.com.ua;peterstrobos.com;faronics.com;ecopro-kanto.com;you-bysia.com.au;newyou.at;humancondition.com;tstaffing.nl;transliminaltribe.wordpress.com;quizzingbee.com;ecoledansemulhouse.fr;theclubms.com;jiloc.com;sofavietxinh.com;garage-lecompte-rouen.fr;amylendscrestview.com;devlaur.com;monark.com;eadsmurraypugh.com;jameskibbie.com;handi-jack-llc.com;koko-nora.dk;profectis.de;oldschoolfun.net;walkingdeadnj.com;embracinghiscall.com;rhinosfootballacademy.com;epwritescom.wordpress.com;coastalbridgeadvisors.com;seagatesthreecharters.com;danskretursystem.dk;hannah-fink.de;corelifenutrition.com;werkkring.nl;walter-lemm.de;bradynursery.com;bbsmobler.se;tanzprojekt.com;synlab.lt;tsklogistik.eu;globedivers.wordpress.com;makeurvoiceheard.com;crowd-patch.co.uk;mariposapropaneaz.com;longislandelderlaw.com;oneplusresource.org;edgewoodestates.org;pogypneu.sk;glennroberts.co.nz;transportesycementoshidalgo.es;kojinsaisei.info;edv-live.de;seminoc.com;cranleighscoutgroup.org;cimanchesterescorts.co.uk;muamuadolls.com;mytechnoway.com;shiftinspiration.com;anteniti.com;evergreen-fishing.com;blumenhof-wegleitner.at;classycurtainsltd.co.uk;filmvideoweb.com;houseofplus.com;restaurantesszimmer.de;kath-kirche-gera.de;knowledgemuseumbd.com;offroadbeasts.com;euro-trend.pl;hardinggroup.com;drugdevice.org;kingfamily.construction;creative-waves.co.uk;sagadc.com;cactusthebrand.com;allentownpapershow.com;puertamatic.es;boompinoy.com;bargningharnosand.se;spargel-kochen.de;facettenreich27.de;kisplanning.com.au;thedresserie.com;layrshift.eu;tastewilliamsburg.com;lightair.com;quickyfunds.com;321play.com.hk;coding-marking.com;myteamgenius.com;oneheartwarriors.at;lubetkinmediacompanies.com;naswrrg.org;turkcaparbariatrics.com;jacquin-maquettes.com;xn--thucmctc-13a1357egba.com;i-arslan.de;simulatebrain.com;kariokids.com;body-guards.it;baronloan.org;milanonotai.it;nvwoodwerks.com;forskolorna.org;pivoineetc.fr;chrissieperry.com;madinblack.com;artotelamsterdam.com;nhadatcanho247.com;wari.com.pe;asiluxury.com;extraordinaryoutdoors.com;wmiadmin.com;zonamovie21.net;torgbodenbollnas.se;webhostingsrbija.rs;norpol-yachting.com;mediaacademy-iraq.org;edelman.jp;123vrachi.ru;iwelt.de;plastidip.com.ar;meusharklinithome.wordpress.com;parking.netgateway.eu;seitzdruck.com;bloggyboulga.net;waynela.com;hexcreatives.co;mardenherefordshire-pc.gov.uk;mousepad-direkt.de;portoesdofarrobo.com;porno-gringo.com;vanswigchemdesign.com;juneauopioidworkgroup.org;appsformacpc.com;journeybacktolife.com;aglend.com.au;thee.network;mymoneyforex.com;patrickfoundation.net;bxdf.info;lukeshepley.wordpress.com;tarotdeseidel.com;mylovelybluesky.com;bestbet.com;8449nohate.org;space.ua;bogdanpeptine.ro;clos-galant.com;abogadosaccidentetraficosevilla.es;hokagestore.com;abuelos.com;manifestinglab.com;cortec-neuro.com;kuntokeskusrok.fi;sporthamper.com;gporf.fr;richard-felix.co.uk;xn--rumung-bua.online;linnankellari.fi;kojima-shihou.com;thenewrejuveme.com;geisterradler.de;sarbatkhalsafoundation.org;pridoxmaterieel.nl;asteriag.com;katketytaanet.fi;ungsvenskarna.se;montrium.com;argenblogs.com.ar;better.town;surespark.org.uk;smalltownideamill.wordpress.com;klusbeter.nl;punchbaby.com;gastsicht.de;smejump.co.th;digivod.de;dr-pipi.de;labobit.it;exenberger.at;roygolden.com;freie-baugutachterpraxis.de;id-vet.com;merzi.info;answerstest.ru;haremnick.com;harpershologram.wordpress.com;osterberg.fi;spsshomeworkhelp.com;naturalrapids.com;sabel-bf.com;ilcdover.com;tuuliautio.fi;skiltogprint.no;summitmarketingstrategies.com;macabaneaupaysflechois.com;mezhdu-delom.ru;iqbalscientific.com;ceid.info.tr;croftprecision.co.uk;web.ion.ag;beautychance.se;xtptrack.com;smessier.com;selfoutlet.com;ymca-cw.org.uk;schlafsack-test.net;gaiam.nl;latestmodsapks.com;analiticapublica.es;aakritpatel.com;desert-trails.com;deprobatehelp.com;americafirstcommittee.org;schmalhorst.de;healthyyworkout.com;compliancesolutionsstrategies.com;westdeptfordbuyrite.com;anybookreader.de;deltacleta.cat;theshungiteexperience.com.au;yamalevents.com;lillegrandpalais.com;phantastyk.com;foretprivee.ca;stemplusacademy.com;advokathuset.dk;bastutunnan.se;zimmerei-deboer.de;blossombeyond50.com;jyzdesign.com;cityorchardhtx.com;educar.org;uranus.nl;andersongilmour.co.uk;atozdistribution.co.uk;hellohope.com;sauschneider.info;waywithwords.net;twohourswithlena.wordpress.com;praxis-foerderdiagnostik.de;newstap.com.ng;alsace-first.com;zflas.com;corendonhotels.com;iwelt.de;officehymy.com;ausair.com.au;mank.de;carlosja.com;smartypractice.com;harveybp.com;artige.com;ilso.net;expandet.dk;poultrypartners.nl;schoellhammer.com;esope-formation.fr;mindpackstudios.com;kevinjodea.com;greenko.pl;durganews.com;hairstylesnow.site;theletter.company;buymedical.biz;lichencafe.com;rollingrockcolumbia.com;iphoneszervizbudapest.hu;senson.fi;kenhnoithatgo.com;huissier-creteil.com;nandistribution.nl;norovirus-ratgeber.de;liliesandbeauties.org;boosthybrid.com.au;aselbermachen.com;lusak.at;bockamp.com;nokesvilledentistry.com;iwelt.de;cwsitservices.co.uk;smokeysstoves.com;chavesdoareeiro.com;nancy-informatique.fr;fotoscondron.com;vitavia.lt;pay4essays.net;pointos.com;ralister.co.uk;galleryartfair.com;onlyresultsmarketing.com;xltyu.com;shsthepapercut.com;jeanlouissibomana.com;bigasgrup.com;drnice.de;berlin-bamboo-bikes.org;sobreholanda.com;ventti.com.ar;zzyjtsgls.com;pocket-opera.de;notmissingout.com;kunze-immobilien.de;sw1m.ru;brigitte-erler.com;financescorecard.com;familypark40.com;fannmedias.com;tennisclubetten.nl;artallnightdc.com;pt-arnold.de;parebrise-tla.fr;scenepublique.net;thedad.com;podsosnami.ru;proudground.org;cuppacap.com;amerikansktgodis.se;heliomotion.com;id-et-d.fr;kikedeoliveira.com;bouquet-de-roses.com;agence-chocolat-noir.com;birnam-wood.com;entopic.com;refluxreducer.com;romeguidedvisit.com;admos-gleitlager.de;101gowrie.com;testcoreprohealthuk.com;myhostcloud.com;huesges-gruppe.de;roadwarrior.app;fax-payday-loans.com;heurigen-bauer.at;solinegraphic.com;edrcreditservices.nl;spacecitysisters.org;dublikator.com;lloydconstruction.com;evangelische-pfarrgemeinde-tuniberg.de;suncrestcabinets.ca;pv-design.de;tomoiyuma.com;thomas-hospital.de;lynsayshepherd.co.uk;basisschooldezonnewijzer.nl;verbisonline.com;datacenters-in-europe.com;craigvalentineacademy.com;fiscalsort.com;uimaan.fi;stormwall.se;highlinesouthasc.com;cafemattmeera.com;coffreo.biz;joseconstela.com;ruralarcoiris.com;lascuola.nl;ivivo.es;joyeriaorindia.com;broseller.com;brevitempore.net;vickiegrayimages.com;olejack.ru;homesdollar.com;theduke.de;gmto.fr;hashkasolutindo.com;biortaggivaldelsa.com;erstatningsadvokaterne.dk;tandartspraktijkhartjegroningen.nl;the-virtualizer.com;bodyfulls.com;waermetauscher-berechnen.de;bauertree.com;stingraybeach.com;midmohandyman.com;noskierrenteria.com;schraven.de;lefumetdesdombes.com;smithmediastrategies.com;mooshine.com;winrace.no;slupetzky.at;tampaallen.com;zervicethai.co.th;gonzalezfornes.es;aarvorg.com;faroairporttransfers.net;minipara.com;ai-spt.jp;pierrehale.com;lescomtesdemean.be;ino-professional.ru;mank.de;urclan.net;marcuswhitten.site;d1franchise.com;musictreehouse.net;miraclediet.fun;darrenkeslerministries.com;stoeferlehalle.de;simpliza.com;socstrp.org;oceanastudios.com;thaysa.com;sportverein-tambach.de;oemands.dk;gadgetedges.com;catholicmusicfest.com;hotelsolbh.com.br;socialonemedia.com;kadesignandbuild.co.uk;huehnerauge-entfernen.de;zimmerei-fl.de;rushhourappliances.com;verifort-capital.de;kmbshipping.co.uk;controldekk.com;teczowadolina.bytom.pl;ontrailsandboulevards.com;enovos.de;jobcenterkenya.com;cerebralforce.net;raschlosser.de;platformier.com;sahalstore.com;krlosdavid.com;alten-mebel63.ru;bingonearme.org;blood-sports.net;psnacademy.in;mooreslawngarden.com;systemate.dk;sotsioloogia.ee;blewback.com;ianaswanson.com;crowcanyon.com;mrxermon.de;sojamindbody.com;bigler-hrconsulting.ch;collaborativeclassroom.org;aunexis.ch;yassir.pro;work2live.de;samnewbyjax.com;gasolspecialisten.se;testzandbakmetmening.online;makeflowers.ru;pier40forall.org;stemenstilte.nl;rafaut.com;autofolierung-lu.de;autodujos.lt;wychowanieprzedszkolne.pl;ra-staudte.de;dutchcoder.nl;dushka.ua;danubecloud.com;wurmpower.at;interactcenter.org;centrospgolega.com;alhashem.net;troegs.com;ostheimer.at;todocaracoles.com;hotelzentral.at;ziegler-praezisionsteile.de;cirugiauretra.es;blogdecachorros.com;planchaavapor.net;dezatec.es;helikoptervluchtnewyork.nl;corelifenutrition.com;tophumanservicescourses.com;polychromelabs.com;verytycs.com;simpkinsedwards.co.uk;delchacay.com.ar;revezlimage.com;bundabergeyeclinic.com.au;rozemondcoaching.nl;n1-headache.com;copystar.co.uk;reddysbakery.com;adultgamezone.com;buroludo.nl;bigbaguettes.eu;frontierweldingllc.com;oncarrot.com;bristolaeroclub.co.uk;iyengaryogacharlotte.com;global-kids.info;carolinepenn.com;polymedia.dk;tenacitytenfold.com;aodaichandung.com;wasmachtmeinfonds.at;mrsplans.net;serce.info.pl;anthonystreetrimming.com;johnsonfamilyfarmblog.wordpress.com;slwgs.org;autodemontagenijmegen.nl;leather-factory.co.jp;despedidascostablanca.es;zenderthelender.com;abogados-en-alicante.es;hvccfloorcare.com;manijaipur.com;noesis.tech;atalent.fi;bafuncs.org;paulisdogshop.de;marchand-sloboda.com;groupe-cets.com;bowengroup.com.au;ihr-news.jp;upmrkt.co;daklesa.de;wacochamber.com;grelot-home.com;theapifactory.com;vihannesporssi.fi;vannesteconstruct.be;mdk-mediadesign.de;loprus.pl;tandartspraktijkheesch.nl;ccpbroadband.com;35-40konkatsu.net;stoeberstuuv.de;conexa4papers.trade;trapiantofue.it;woodleyacademy.org;seproc.hn;mmgdouai.fr;stacyloeb.com;ausbeverage.com.au;promesapuertorico.com;allure-cosmetics.at;onlybacklink.com;cnoia.org;sanaia.com;southeasternacademyofprosthodontics.org;architecturalfiberglass.org;balticdermatology.lt;bodyforwife.com;gantungankunciakrilikbandung.com;urist-bogatyr.ru;body-armour.online;truenyc.co;campus2day.de;dlc.berlin;greenfieldoptimaldentalcare.com;teresianmedia.org;farhaani.com;baptisttabernacle.com;creamery201.com;mbfagency.com;alysonhoward.com;victoriousfestival.co.uk;hmsdanmark.dk;tecnojobsnet.com;maryloutaylor.com;employeesurveys.com;qualitus.com;happyeasterimages.org;gw2guilds.org;easytrans.com.au;tux-espacios.com;dnepr-beskid.com.ua;levdittliv.se;finde-deine-marke.de;securityfmm.com;jerling.de;toponlinecasinosuk.co.uk;klimt2012.info;naturstein-hotte.de;mountaintoptinyhomes.com;vibethink.net;mountsoul.de;neuschelectrical.co.za;marathonerpaolo.com;connectedace.com;chaotrang.com;jsfg.com;rebeccarisher.com;falcou.fr;pmc-services.de;maureenbreezedancetheater.org;michaelsmeriglioracing.com;tinkoff-mobayl.ru;vitalyscenter.es;1kbk.com.ua;sportsmassoren.com;havecamerawilltravel2017.wordpress.com;courteney-cox.net;alfa-stroy72.com;insp.bi;mooglee.com;atmos-show.com;beaconhealthsystem.org;craigmccabe.fun;ladelirante.fr;pomodori-pizzeria.de;eglectonk.online;shiresresidential.com;lapmangfpt.info.vn;boldcitydowntown.com;vorotauu.ru;biapi-coaching.fr;almosthomedogrescue.dog;ecpmedia.vn;pubweb.carnet.hr;manutouchmassage.com;conasmanagement.de;run4study.com;cyntox.com;theadventureedge.com;antiaginghealthbenefits.com;marketingsulweb.com;y-archive.com;geoffreymeuli.com;d2marketing.co.uk;geekwork.pl;modelmaking.nl;microcirc.net;myhealth.net.au;caribbeansunpoker.com;renergysolution.com;justinvieira.com;plantag.de;gamesboard.info;lionware.de;dsl-ip.de;arteservicefabbro.com;mastertechengineering.com;parkstreetauto.net;icpcnj.org;completeweddingkansas.com;airconditioning-waalwijk.nl;hkr-reise.de;zieglerbrothers.de;kamienny-dywan24.pl;devok.info;starsarecircular.org;jasonbaileystudio.com;caribdoctor.org;latribuessentielle.com;softsproductkey.com;lorenacarnero.com;xn--singlebrsen-vergleich-nec.com;forestlakeuca.org.au;commonground-stories.com;precisionbevel.com;homng.net;pcprofessor.com;smogathon.com;tradiematepro.com.au;chefdays.de;nmiec.com;tanzschule-kieber.de;ussmontanacommittee.us;sevenadvertising.com;fizzl.ru;itelagen.com;mir-na-iznanku.com;centuryrs.com;htchorst.nl;galserwis.pl;bimnapratica.com;fensterbau-ziegler.de;tongdaifpthaiphong.net;colorofhorses.com;jolly-events.com;allfortheloveofyou.com;bargningavesta.se;12starhd.online;citymax-cr.com;oslomf.no;commercialboatbuilding.com;petnest.ir;siluet-decor.ru;firstpaymentservices.com;sportiomsportfondsen.nl;ikads.org;solerluethi-allart.ch;extensionmaison.info;executiveairllc.com;mediaplayertest.net;plotlinecreative.com;friendsandbrgrs.com;smale-opticiens.nl;triggi.de;milltimber.aberdeen.sch.uk;drinkseed.com;drfoyle.com;simplyblessedbykeepingitreal.com;sla-paris.com;dinslips.se;promalaga.es;nosuchthingasgovernment.com;kaliber.co.jp;symphonyenvironmental.com;tanciu.com;jobmap.at;shhealthlaw.com;elimchan.com;beyondmarcomdotcom.wordpress.com;balticdentists.com;comarenterprises.com;purposeadvisorsolutions.com;fotoideaymedia.es;brawnmediany.com;dareckleyministries.com;girlillamarketing.com;pasvenska.se;tulsawaterheaterinstallation.com;aniblinova.wordpress.com;goodgirlrecovery.com;camsadviser.com;mediaclan.info;bptdmaluku.com;ceres.org.au;art2gointerieurprojecten.nl;thailandholic.com;resortmtn.com;destinationclients.fr;heidelbergartstudio.gallery;visiativ-industry.fr;krcove-zily.eu;rostoncastings.co.uk;servicegsm.net;ncs-graphic-studio.com;fransespiegels.nl;sipstroysochi.ru;pinkexcel.com;readberserk.com;kirkepartner.dk;projetlyonturin.fr;shadebarandgrillorlando.com;freie-gewerkschaften.de;hiddencitysecrets.com.au;figura.team;gasbarre.com;qlog.de;carriagehousesalonvt.com;deoudedorpskernnoordwijk.nl;koken-voor-baby.nl;partnertaxi.sk;asgestion.com;imaginado.de;vetapharma.fr;eco-southafrica.com;actecfoundation.org;herbstfeststaefa.ch;naturavetal.hr;pawsuppetlovers.com;ohidesign.com;jvanvlietdichter.nl;bridgeloanslenders.com;wien-mitte.co.at;pferdebiester.de;rosavalamedahr.com;fatfreezingmachines.com;malychanieruchomoscipremium.com;songunceliptv.com;vibehouse.rw;tips.technology;kidbucketlist.com.au;vox-surveys.com;x-ray.ca;cite4me.org;chandlerpd.com;rehabilitationcentersinhouston.net;steampluscarpetandfloors.com;prochain-voyage.net;backstreetpub.com;saxtec.com;dirittosanitario.biz;ctrler.cn;modamilyon.com;lapinvihreat.fi;live-con-arte.de;crosspointefellowship.church;antenanavi.com;ki-lowroermond.nl;boisehosting.net;ivfminiua.com;xn--logopdie-leverkusen-kwb.de;darnallwellbeing.org.uk;bricotienda.com;irishmachineryauctions.com;bhwlawfirm.com;abogadoengijon.es;denifl-consulting.at;botanicinnovations.com;unim.su;judithjansen.com;bouncingbonanza.com;campusoutreach.org;spylista.com;leoben.at;austinlchurch.com;directwindowco.com;tetinfo.in;corona-handles.com;solhaug.tk;danielblum.info;withahmed.com;apprendrelaudit.com;365questions.org;schmalhorst.de;pickanose.com;lebellevue.fr;strandcampingdoonbeg.com;katiekerr.co.uk;nachhilfe-unterricht.com;finediningweek.pl;vancouver-print.ca;rerekatu.com;skanah.com;shonacox.com;wellplast.se;ravensnesthomegoods.com;pasivect.co.uk;lange.host;presseclub-magdeburg.de;architekturbuero-wagner.net;bookspeopleplaces.com;yousay.site;paradicepacks.com;mikeramirezcpa.com;iviaggisonciliegie.it;abl1.net;kamahouse.net;mapawood.com;mirkoreisser.de;higadograsoweb.com;ilive.lt;1team.es;stoneys.ch;agence-referencement-naturel-geneve.net;fibrofolliculoma.info;hatech.io;real-estate-experts.com;lapinlviasennus.fi;hhcourier.com;lmtprovisions.com;nataschawessels.com;myzk.site;xn--fnsterputssollentuna-39b.se;effortlesspromo.com;radaradvies.nl;bsaship.com;4net.guru;nacktfalter.de;hihaho.com;abitur-undwieweiter.de;sexandfessenjoon.wordpress.com;memaag.com;cuspdental.com;celeclub.org;streamerzradio1.site;jadwalbolanet.info;herbayupro.com;blog.solutionsarchitect.guru;pmcimpact.com;blgr.be;baumkuchenexpo.jp;fairfriends18.de;bayoga.co.uk;love30-chanko.com;ncuccr.org;blacksirius.de;cheminpsy.fr;drinkseed.com;tinyagency.com;charlottepoudroux-photographie.fr;themadbotter.com;jusibe.com;trystana.com;christ-michael.net;luxurytv.jp;elpa.se;fitnessingbyjessica.com;trulynolen.co.uk;mercantedifiori.com;jorgobe.at;berliner-versicherungsvergleich.de;associacioesportivapolitg.cat;igrealestate.com;autopfand24.de;c-a.co.in;evologic-technologies.com;wolf-glas-und-kunst.de;bordercollie-nim.nl;psa-sec.de;hushavefritid.dk;nuzech.com;iyahayki.nl;karacaoglu.nl;i-trust.dk;thefixhut.com;aurum-juweliere.de;calabasasdigest.com;tonelektro.nl;insigniapmg.com;kafu.ch;nestor-swiss.ch;echtveilig.nl;mbxvii.com;nsec.se;groupe-frayssinet.fr;dekkinngay.com;kaotikkustomz.com;nijaplay.com;unetica.fr;dutchbrewingcoffee.com;plv.media;ftf.or.at;dw-css.de;jakekozmor.com;bunburyfreightservices.com.au;dubscollective.com;rota-installations.co.uk;sweering.fr;luckypatcher-apkz.com;crediacces.com;cleliaekiko.online;personalenhancementcenter.com;no-plans.com;calxplus.eu;strategicstatements.com;ateliergamila.com;xn--fn-kka.no;physiofischer.de;maxadams.london;ora-it.de;lbcframingelectrical.com;leeuwardenstudentcity.nl;zewatchers.com;apolomarcas.com;imadarchid.com;schutting-info.nl;dr-seleznev.com;liikelataamo.fi;fitnessbazaar.com;innote.fi;stupbratt.no;live-your-life.jp;associationanalytics.com;makeitcount.at;kostenlose-webcams.com;remcakram.com;julis-lsa.de;aco-media.nl;milestoneshows.com;baustb.de;smhydro.com.pl;caffeinternet.it;kaminscy.com;saarland-thermen-resort.com;sterlingessay.com;bildungsunderlebnis.haus;csgospeltips.se;mrsfieldskc.com;digi-talents.com;idemblogs.com;ouryoungminds.wordpress.com;aprepol.com;perbudget.com;nurturingwisdom.com;gratispresent.se;syndikat-asphaltfieber.de;allamatberedare.se;deko4you.at;whyinterestingly.ru;ledmes.ru;iwr.nl;parkcf.nl;talentwunder.com;smart-light.co.uk;maineemploymentlawyerblog.com;notsilentmd.org;hypozentrum.com;sandd.nl;takeflat.com;sanyue119.com;hugoversichert.de;corola.es;urmasiimariiuniri.ro;spectrmash.ru;international-sound-awards.com;lachofikschiet.nl;celularity.com;bierensgebakkramen.nl;braffinjurylawfirm.com;babcockchurch.org;slashdb.com;consultaractadenacimiento.com;simoneblum.de;ahouseforlease.com;igfap.com;comparatif-lave-linge.fr;ligiercenter-sachsen.de;dontpassthepepper.com;augenta.com;carrybrands.nl;eraorastudio.com;haar-spange.com;kampotpepper.gives;piajeppesen.dk;slimidealherbal.com;hebkft.hu;accountancywijchen.nl;woodworkersolution.com;all-turtles.com;henricekupper.com;videomarketing.pro;femxarxa.cat;tomaso.gr;bee4win.com;dramagickcom.wordpress.com;fitovitaforum.com;rimborsobancario.net;sinal.org;homecomingstudio.com;iwelt.de;funjose.org.gt;c2e-poitiers.com;vloeren-nu.nl;hoteledenpadova.it;polzine.net;levihotelspa.fi;maratonaclubedeportugal.com;jenniferandersonwriter.com;grupocarvalhoerodrigues.com.br;intecwi.com;toreria.es;launchhubl.com;aminaboutique247.com;antonmack.de;otsu-bon.com;opatrovanie-ako.sk;besttechie.com;vietlawconsultancy.com;degroenetunnel.com;ftlc.es;parks-nuernberg.de;zso-mannheim.de;cursoporcelanatoliquido.online;importardechina.info;sloverse.com;behavioralmedicinespecialists.com;instatron.net;hairnetty.wordpress.com;fundaciongregal.org;assurancesalextrespaille.fr;waveneyrivercentre.co.uk;upplandsspar.se;bouldercafe-wuppertal.de;nativeformulas.com;centromarysalud.com;trackyourconstruction.com;team-montage.dk;danholzmann.com;diversiapsicologia.es;kosterra.com;miriamgrimm.de;cursosgratuitosnainternet.com;the-domain-trader.com;rksbusiness.com;greenpark.ch;xoabigail.com;DupontSellsHomes.com;outcomeisincome.com;markelbroch.com;denovofoodsgroup.com;jandaonline.com;marietteaernoudts.nl;veybachcenter.de;dpo-as-a-service.com;seevilla-dr-sturm.at;sachnendoc.com;mirjamholleman.nl;siliconbeach-realestate.com;worldhealthbasicinfo.com;spinheal.ru;supportsumba.nl;thewellnessmimi.com;noixdecocom.fr;liveottelut.com;vyhino-zhulebino-24.ru;logopaedie-blomberg.de;devstyle.org;licor43.de;gopackapp.com;delawarecorporatelaw.com;penco.ie;acomprarseguidores.com;lykkeliv.net;retroearthstudio.com;tigsltd.com;xn--vrftet-pua.biz;chatizel-paysage.fr;paymybill.guru;abogadosadomicilio.es;first-2-aid-u.com;gemeentehetkompas.nl;xlarge.at;milsing.hr;daniel-akermann-architektur-und-planung.ch;candyhouseusa.com;maasreusel.nl;mylolis.com;stefanpasch.me;mirjamholleman.nl;charlesreger.com;mdacares.com;panelsandwichmadrid.es;yourobgyn.net;irinaverwer.com;whittier5k.com;narcert.com;modestmanagement.com;micro-automation.de;baylegacy.com;izzi360.com;littlebird.salon;filmstreamingvfcomplet.be;craftleathermnl.com;triactis.com;qualitaetstag.de;insidegarage.pl;burkert-ideenreich.de;nakupunafoundation.org;stopilhan.com;kalkulator-oszczednosci.pl;igorbarbosa.com;saka.gr;fayrecreations.com;alvinschwartz.wordpress.com;www1.proresult.no;coding-machine.com;brandl-blumen.de;villa-marrakesch.de;ditog.fr;operaslovakia.sk;new.devon.gov.uk;philippedebroca.com;satyayoga.de;travelffeine.com;pelorus.group;mepavex.nl;binder-buerotechnik.at;boulderwelt-muenchen-west.de;schoolofpassivewealth.com;psc.de;wsoil.com.sg;mrtour.site;thomasvicino.com;morawe-krueger.de;praxis-management-plus.de;slimani.net;lucidinvestbank.com;faizanullah.com;ampisolabergeggi.it;rumahminangberdaya.com;mirjamholleman.nl;webcodingstudio.com;lecantou-coworking.com;stampagrafica.es;christinarebuffetcourses.com;foryourhealth.live;ncid.bc.ca;vermoote.de;nicoleaeschbachorg.wordpress.com;navyfederalautooverseas.com;gymnasedumanagement.com;hrabritelefon.hr;stallbyggen.se;limassoldriving.com;otto-bollmann.de;kissit.ca;flexicloud.hk;pcp-nc.com;dr-tremel-rednitzhembach.de;pixelarttees.com;sairaku.net;ogdenvision.com;people-biz.com;advizewealth.com;kedak.de;castillobalduz.es;webmaster-peloton.com;imperfectstore.com;4youbeautysalon.com;humanityplus.org;spd-ehningen.de;kao.at;argos.wityu.fund;coursio.com;lenreactiv-shop.ru;helenekowalsky.com;odiclinic.org;kindersitze-vergleich.de",
  "dbg": false,
  "pid": "$2a$10$gMHdtu094GE7DD46JvCH6.bPoHnpKjInjjdxBtPaRwAEY6gOWGKYG",
  "nbody": "LQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoAWwArAF0AIABXAGgAYQB0AHMAIABIAGEAcABwAGUAbgA/ACAAWwArAF0ADQAKAA0ACgBZAG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAsACAAYQBuAGQAIABjAHUAcgByAGUAbgB0AGwAeQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAuACAAWQBvAHUAIABjAGEAbgAgAGMAaABlAGMAawAgAGkAdAA6ACAAYQBsAGwAIABmAGkAbABlAHMAIABvAG4AIAB5AG8AdQByACAAcwB5AHMAdABlAG0AIABoAGEAcwAgAGUAeAB0AGUAbgBzAGkAbwBuACAAewBFAFgAVAB9AC4ADQAKAEIAeQAgAHQAaABlACAAdwBhAHkALAAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABpAHMAIABwAG8AcwBzAGkAYgBsAGUAIAB0AG8AIAByAGUAYwBvAHYAZQByACAAKAByAGUAcwB0AG8AcgBlACkALAAgAGIAdQB0ACAAeQBvAHUAIABuAGUAZQBkACAAdABvACAAZgBvAGwAbABvAHcAIABvAHUAcgAgAGkAbgBzAHQAcgB1AGMAdABpAG8AbgBzAC4AIABPAHQAaABlAHIAdwBpAHMAZQAsACAAeQBvAHUAIABjAGEAbgB0ACAAcgBlAHQAdQByAG4AIAB5AG8AdQByACAAZABhAHQAYQAgACgATgBFAFYARQBSACkALgANAAoADQAKAFsAKwBdACAAVwBoAGEAdAAgAGcAdQBhAHIAYQBuAHQAZQBlAHMAPwAgAFsAKwBdAA0ACgANAAoASQB0AHMAIABqAHUAcwB0ACAAYQAgAGIAdQBzAGkAbgBlAHMAcwAuACAAVwBlACAAYQBiAHMAbwBsAHUAdABlAGwAeQAgAGQAbwAgAG4AbwB0ACAAYwBhAHIAZQAgAGEAYgBvAHUAdAAgAHkAbwB1ACAAYQBuAGQAIAB5AG8AdQByACAAZABlAGEAbABzACwAIABlAHgAYwBlAHAAdAAgAGcAZQB0AHQAaQBuAGcAIABiAGUAbgBlAGYAaQB0AHMALgAgAEkAZgAgAHcAZQAgAGQAbwAgAG4AbwB0ACAAZABvACAAbwB1AHIAIAB3AG8AcgBrACAAYQBuAGQAIABsAGkAYQBiAGkAbABpAHQAaQBlAHMAIAAtACAAbgBvAGIAbwBkAHkAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIAB1AHMALgAgAEkAdABzACAAbgBvAHQAIABpAG4AIABvAHUAcgAgAGkAbgB0AGUAcgBlAHMAdABzAC4ADQAKAFQAbwAgAGMAaABlAGMAawAgAHQAaABlACAAYQBiAGkAbABpAHQAeQAgAG8AZgAgAHIAZQB0AHUAcgBuAGkAbgBnACAAZgBpAGwAZQBzACwAIABZAG8AdQAgAHMAaABvAHUAbABkACAAZwBvACAAdABvACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlAC4AIABUAGgAZQByAGUAIAB5AG8AdQAgAGMAYQBuACAAZABlAGMAcgB5AHAAdAAgAG8AbgBlACAAZgBpAGwAZQAgAGYAbwByACAAZgByAGUAZQAuACAAVABoAGEAdAAgAGkAcwAgAG8AdQByACAAZwB1AGEAcgBhAG4AdABlAGUALgANAAoASQBmACAAeQBvAHUAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIABvAHUAcgAgAHMAZQByAHYAaQBjAGUAIAAtACAAZgBvAHIAIAB1AHMALAAgAGkAdABzACAAZABvAGUAcwAgAG4AbwB0ACAAbQBhAHQAdABlAHIALgAgAEIAdQB0ACAAeQBvAHUAIAB3AGkAbABsACAAbABvAHMAZQAgAHkAbwB1AHIAIAB0AGkAbQBlACAAYQBuAGQAIABkAGEAdABhACwAIABjAGEAdQBzAGUAIABqAHUAcwB0ACAAdwBlACAAaABhAHYAZQAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5AC4AIABJAG4AIABwAHIAYQBjAHQAaQBjAGUAIAAtACAAdABpAG0AZQAgAGkAcwAgAG0AdQBjAGgAIABtAG8AcgBlACAAdgBhAGwAdQBhAGIAbABlACAAdABoAGEAbgAgAG0AbwBuAGUAeQAuAA0ACgANAAoAWwArAF0AIABIAG8AdwAgAHQAbwAgAGcAZQB0ACAAYQBjAGMAZQBzAHMAIABvAG4AIAB3AGUAYgBzAGkAdABlAD8AIABbACsAXQANAAoADQAKAFkAbwB1ACAAaABhAHYAZQAgAHQAdwBvACAAdwBhAHkAcwA6AA0ACgANAAoAMQApACAAWwBSAGUAYwBvAG0AbQBlAG4AZABlAGQAXQAgAFUAcwBpAG4AZwAgAGEAIABUAE8AUgAgAGIAcgBvAHcAcwBlAHIAIQANAAoAIAAgAGEAKQAgAEQAbwB3AG4AbABvAGEAZAAgAGEAbgBkACAAaQBuAHMAdABhAGwAbAAgAFQATwBSACAAYgByAG8AdwBzAGUAcgAgAGYAcgBvAG0AIAB0AGgAaQBzACAAcwBpAHQAZQA6ACAAaAB0AHQAcABzADoALwAvAHQAbwByAHAAcgBvAGoAZQBjAHQALgBvAHIAZwAvAA0ACgAgACAAYgApACAATwBwAGUAbgAgAG8AdQByACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBhAHAAbABlAGIAegB1ADQANwB3AGcAYQB6AGEAcABkAHEAawBzADYAdgByAGMAdgA2AHoAYwBuAGoAcABwAGsAYgB4AGIAcgA2AHcAawBlAHQAZgA1ADYAbgBmADYAYQBxADIAbgBtAHkAbwB5AGQALgBvAG4AaQBvAG4ALwB7AFUASQBEAH0ADQAKAA0ACgAyACkAIABJAGYAIABUAE8AUgAgAGIAbABvAGMAawBlAGQAIABpAG4AIAB5AG8AdQByACAAYwBvAHUAbgB0AHIAeQAsACAAdAByAHkAIAB0AG8AIAB1AHMAZQAgAFYAUABOACEAIABCAHUAdAAgAHkAbwB1ACAAYwBhAG4AIAB1AHMAZQAgAG8AdQByACAAcwBlAGMAbwBuAGQAYQByAHkAIAB3AGUAYgBzAGkAdABlAC4AIABGAG8AcgAgAHQAaABpAHMAOgANAAoAIAAgAGEAKQAgAE8AcABlAG4AIAB5AG8AdQByACAAYQBuAHkAIABiAHIAbwB3AHMAZQByACAAKABDAGgAcgBvAG0AZQAsACAARgBpAHIAZQBmAG8AeAAsACAATwBwAGUAcgBhACwAIABJAEUALAAgAEUAZABnAGUAKQANAAoAIAAgAGIAKQAgAE8AcABlAG4AIABvAHUAcgAgAHMAZQBjAG8AbgBkAGEAcgB5ACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBkAGUAYwBvAGQAZQByAC4AcgBlAC8AewBVAEkARAB9AA0ACgANAAoAVwBhAHIAbgBpAG4AZwA6ACAAcwBlAGMAbwBuAGQAYQByAHkAIAB3AGUAYgBzAGkAdABlACAAYwBhAG4AIABiAGUAIABiAGwAbwBjAGsAZQBkACwAIAB0AGgAYQB0AHMAIAB3AGgAeQAgAGYAaQByAHMAdAAgAHYAYQByAGkAYQBuAHQAIABtAHUAYwBoACAAYgBlAHQAdABlAHIAIABhAG4AZAAgAG0AbwByAGUAIABhAHYAYQBpAGwAYQBiAGwAZQAuAA0ACgANAAoAVwBoAGUAbgAgAHkAbwB1ACAAbwBwAGUAbgAgAG8AdQByACAAdwBlAGIAcwBpAHQAZQAsACAAcAB1AHQAIAB0AGgAZQAgAGYAbwBsAGwAbwB3AGkAbgBnACAAZABhAHQAYQAgAGkAbgAgAHQAaABlACAAaQBuAHAAdQB0ACAAZgBvAHIAbQA6AA0ACgBLAGUAeQA6AA0ACgANAAoADQAKAHsASwBFAFkAfQANAAoADQAKAA0ACgAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ADQAKAA0ACgAhACEAIQAgAEQAQQBOAEcARQBSACAAIQAhACEADQAKAEQATwBOAFQAIAB0AHIAeQAgAHQAbwAgAGMAaABhAG4AZwBlACAAZgBpAGwAZQBzACAAYgB5ACAAeQBvAHUAcgBzAGUAbABmACwAIABEAE8ATgBUACAAdQBzAGUAIABhAG4AeQAgAHQAaABpAHIAZAAgAHAAYQByAHQAeQAgAHMAbwBmAHQAdwBhAHIAZQAgAGYAbwByACAAcgBlAHMAdABvAHIAaQBuAGcAIAB5AG8AdQByACAAZABhAHQAYQAgAG8AcgAgAGEAbgB0AGkAdgBpAHIAdQBzACAAcwBvAGwAdQB0AGkAbwBuAHMAIAAtACAAaQB0AHMAIABtAGEAeQAgAGUAbgB0AGEAaQBsACAAZABhAG0AYQBnAGUAIABvAGYAIAB0AGgAZQAgAHAAcgBpAHYAYQB0AGUAIABrAGUAeQAgAGEAbgBkACwAIABhAHMAIAByAGUAcwB1AGwAdAAsACAAVABoAGUAIABMAG8AcwBzACAAYQBsAGwAIABkAGEAdABhAC4ADQAKACEAIQAhACAAIQAhACEAIAAhACEAIQANAAoATwBOAEUAIABNAE8AUgBFACAAVABJAE0ARQA6ACAASQB0AHMAIABpAG4AIAB5AG8AdQByACAAaQBuAHQAZQByAGUAcwB0AHMAIAB0AG8AIABnAGUAdAAgAHkAbwB1AHIAIABmAGkAbABlAHMAIABiAGEAYwBrAC4AIABGAHIAbwBtACAAbwB1AHIAIABzAGkAZABlACwAIAB3AGUAIAAoAHQAaABlACAAYgBlAHMAdAAgAHMAcABlAGMAaQBhAGwAaQBzAHQAcwApACAAbQBhAGsAZQAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABmAG8AcgAgAHIAZQBzAHQAbwByAGkAbgBnACwAIABiAHUAdAAgAHAAbABlAGEAcwBlACAAcwBoAG8AdQBsAGQAIABuAG8AdAAgAGkAbgB0AGUAcgBmAGUAcgBlAC4ADQAKACEAIQAhACAAIQAhACEAIAAhACEAIQAAAA==",
  "et": 2,
  "wipe": true,
  "wfld": [
    "backup"
  ],
  "rdmcnt": 0,
  "nname": "{EXT}-readme.txt",
  "pk": "i8nVoXJqCzfTnPW6fievw/HIPpURDWiYdrM/rbbD3kI=",
  "net": true,
  "exp": false,
  "arn": true
}
SourceRuleDescriptionAuthorStrings
c647b2da_by_Libranalysis.exeMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
  • 0x4a64:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
  • 0x94fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
  • 0x9ae8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
  • 0x8d21:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
  • 0x94eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
SourceRuleDescriptionAuthorStrings
00000001.00000000.236641692.0000000001191000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
  • 0x4664:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
  • 0x90fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
  • 0x96e8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
  • 0x8921:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
  • 0x90eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
00000001.00000002.504853514.0000000001191000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
  • 0x4664:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
  • 0x90fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
  • 0x96e8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
  • 0x8921:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
  • 0x90eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
00000016.00000003.419064477.000000000304F000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
    00000016.00000003.418914620.000000000304F000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
      00000001.00000003.236999216.0000000002B1F000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
        Click to see the 5 entries
        SourceRuleDescriptionAuthorStrings
        1.0.c647b2da_by_Libranalysis.exe.1190000.0.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4a64:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x94fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9ae8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x8d21:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x94eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
        22.2.c647b2da_by_Libranalysis.exe.1190000.0.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4a64:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x94fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9ae8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x8d21:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x94eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
        22.0.c647b2da_by_Libranalysis.exe.1190000.0.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4a64:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x94fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9ae8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x8d21:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x94eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
        1.2.c647b2da_by_Libranalysis.exe.1190000.2.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4a64:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x94fc:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9ae8:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x8d21:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x94eb:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: c647b2da_by_Libranalysis.exeAvira: detected
        Found malware configuration
        Source: c647b2da_by_Libranalysis.exe.5556.1.memstrMalware Configuration Extractor: Sodinokibi {"prc": ["firefox", "agntsvc", "tbirdconfig", "ocomm", "visio", "oracle", "outlook", "winword", "isqlplussvc", "mydesktopservice", "steam", "thunderbird", "ocautoupds", "synctime", "infopath", "thebat", "onenote", "excel", "encsvc", "mspub", "dbeng50", "sql", "sqbcoreservice", "xfssvccon", "msaccess", "powerpnt", "ocssd", "wordpad", "dbsnmp", "mydesktopqos"], "sub": "3721", "svc": ["vss", "veeam", "sophos", "mepocs", "svc$", "backup", "sql", "memtas"], "wht": {"ext": ["msp", "deskthemepack", "icl", "msu", "ldf", "wpx", "ics", "lnk", "cab", "com", "adv", "cmd", "hlp", "ocx", "exe", "bat", "drv", "diagcfg", "diagcab", "386", "icns", "scr", "mpa", "msstyles", "hta", "nls", "rtp", "sys", "themepack", "spl", "lock", "mod", "msc", "cpl", "msi", "idx", "key", "shs", "cur", "theme", "bin", "ani", "dll", "prf", "rom", "nomedia", "ps1", "ico", "diagpkg"], "fls": ["bootsect.bak", "bootfont.bin", "boot.ini", "desktop.ini", "iconcache.db", "autorun.inf", "ntuser.dat", "thumbs.db", "ntuser.ini", "ntldr", "ntuser.dat.log"], "fld": ["programdata", "program files", "$windows.~bt", "application data", "intel", "program files (x86)", "google", "mozilla", "perflogs", "tor browser", "$windows.~ws", "$recycle.bin", "system volume information", "windows.old", "appdata", "msocache", "boot"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "spsize": 25, "dmn": "quemargrasa.net;wraithco.com;dubnew.com;zweerscreatives.nl;eaglemeetstiger.de;highimpactoutdoors.net;vesinhnha.com.vn;rocketccw.com;div-vertriebsforschung.de;rieed.de;ulyssemarketing.com;jbbjw.com;moveonnews.com;em-gmbh.ch;deepsouthclothingcompany.com;2ekeus.nl;vdberg-autoimport.nl;deschl.net;teknoz.net;micahkoleoso.de;adoptioperheet.fi;leda-ukraine.com.ua;peterstrobos.com;faronics.com;ecopro-kanto.com;you-bysia.com.au;newyou.at;humancondition.com;tstaffing.nl;transliminaltribe.wordpress.com;quizzingbee.com;ecoledansemulhouse.fr;theclubms.com;jiloc.com;sofavietxinh.com;garage-lecompte-rouen.fr;amylendscrestview.com;devlaur.com;monark.com;eadsmurraypugh.com;jameskibbie.com;handi-jack-llc.com;koko-nora.dk;profectis.de;oldschoolfun.net;walkingdeadnj.com;embracinghiscall.com;rhinosfootballacademy.com;epwritescom.wordpress.com;coastalbridgeadvisors.com;seagatesthreecharters.com;danskretursystem.dk;hannah-fink.de;corelifenutrition.com;werkkring.nl;walter-lemm.de;bradynursery.com;bbsmobler.se;tanzprojekt.com;synlab.lt;tsklogistik.eu;globedivers.wordpress.com;makeurvoiceheard.com;crowd-patch.co.uk;mariposapropaneaz.com;longislandelderlaw.com;oneplusresource.org;edgewoodestates.org;pogypneu.sk;glennroberts.co.nz;transportesycementoshidalgo.es;kojinsaisei.info;edv-live.de;seminoc.com;cranleighscoutgroup.org;cimanchesterescorts.co.uk;muamuadolls.com;mytechnoway.com;shiftinspiration.com;anteniti.com;evergreen-fishing.com;blumenhof-wegleit
        Multi AV Scanner detection for submitted file
        Source: c647b2da_by_Libranalysis.exeMetadefender: Detection: 75%Perma Link
        Source: c647b2da_by_Libranalysis.exeReversingLabs: Detection: 89%
        Machine Learning detection for sample
        Source: c647b2da_by_Libranalysis.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01195169 CryptAcquireContextW,CryptGenRandom,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01195AB0 CryptBinaryToStringW,CryptBinaryToStringW,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01195A4F CryptStringToBinaryW,CryptStringToBinaryW,
        Source: c647b2da_by_Libranalysis.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeDirectory created: c:\program files\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: C:\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\recovery\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\microsoft sql server\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\microsoft sql server\110\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\3d objects\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\contacts\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\downloads\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\favorites\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\links\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\music\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\onedrive\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\pictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\recent\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\saved games\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\searches\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\videos\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\desktop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\documents\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\downloads\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\favorites\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\links\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\music\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\pictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\saved games\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\videos\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\accountpictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\desktop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\documents\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\downloads\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\libraries\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\music\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\pictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\videos\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\microsoft sql server\110\shared\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\czqksddmwr\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\duudtubzfw\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\eowrvpqccs\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\klizusiqen\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\snipgpprep\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\tqdfjhpuiu\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\unkrlcvohv\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\vwdfpkgduf\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\zggknsukop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\czqksddmwr\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\duudtubzfw\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\eowrvpqccs\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\klizusiqen\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\snipgpprep\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\tqdfjhpuiu\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\unkrlcvohv\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\vwdfpkgduf\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\zggknsukop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\favorites\links\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\pictures\camera roll\y97fy-readme.txtJump to behavior
        Source: unknownHTTPS traffic detected: 108.179.242.122:443 -> 192.168.2.5:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 141.138.168.129:443 -> 192.168.2.5:49724 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.68.47.33:443 -> 192.168.2.5:49726 version: TLS 1.2
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: z:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: x:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: v:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: t:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: r:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: p:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: n:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: l:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: j:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: h:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: f:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: d:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: b:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: y:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: w:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: u:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: s:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: q:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: o:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: m:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: k:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: i:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: g:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: e:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: c:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile opened: a:
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011971CE FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,

        Networking:

        barindex
        Found Tor onion address
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.393530300.0000000002B30000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5B
        Source: c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5B
        Source: c647b2da_by_Libranalysis.exe, 00000016.00000003.419049746.000000000306D000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
        Source: y97fy-readme.txt5.1.drString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5B
        Source: Joe Sandbox ViewIP Address: 204.11.56.48 204.11.56.48
        Source: Joe Sandbox ViewASN Name: ANTAGONIST-ASNL ANTAGONIST-ASNL
        Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
        Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
        Source: unknownDNS traffic detected: queries for: quemargrasa.net
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000003.419049746.000000000306D000.00000004.00000040.sdmpString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.393530300.0000000002B30000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmp, y97fy-readme.txt5.1.drString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5B
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: http://cps.root
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000003.419049746.000000000306D000.00000004.00000040.sdmpString found in binary or memory: http://decoder.re/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.393530300.0000000002B30000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmp, y97fy-readme.txt5.1.drString found in binary or memory: http://decoder.re/2D9B371869F2ED5B
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sectigo.com0)
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpString found in binary or memory: http://r3.i.lencr.org
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.503895772.0000000000E33000.00000004.00000020.sdmpString found in binary or memory: http://r3.i.lencr.org/05
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://api.w.org/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.493670563.0000000000E5D000.00000004.00000001.sdmpString found in binary or memory: https://dubnew.com/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.493670563.0000000000E5D000.00000004.00000001.sdmpString found in binary or memory: https://dubnew.com/include/game/jjttew.png
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.503895772.0000000000E33000.00000004.00000020.sdmpString found in binary or memory: https://eaglemeetstiger.de/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: https://eaglemeetstiger.de/admin/temp/rvagnougrmqq.gif
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://gmpg.org/xfn/11
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: https://highimpactoutdoors.net/static/game/bnhuzi.gif
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.506316402.0000000002B28000.00000004.00000040.sdmpString found in binary or memory: https://highimpactoutdoors.net/static/game/bnhuzi.gifCW7
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpString found in binary or memory: https://schema.org
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/SiteNavigationElement
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/WPHeader
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/WebPage
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpString found in binary or memory: https://sectigo.com/CPS0
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmp, y97fy-readme.txt5.1.drString found in binary or memory: https://torproject.org/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpString found in binary or memory: https://www.zweerscreatives.nl/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/#website
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpString found in binary or memory: https://www.zweerscreatives.nl/?s=
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpString found in binary or memory: https://www.zweerscreatives.nl/feed/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/portfolio/architectuur-en-interieurontwerp/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/portfolio/grafisch-ontwerp/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/portfolio/webdesign/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/plugins/revsli
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.6
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.6
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/themes/enfold/config-templatebuilder/avia-template-builder
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/themes/enfold/js/html5shiv.js
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/uploads/2015/06/ZC_logo_280-120.png
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-180x180.png
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-300x300.png
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-36x36.png
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-content/uploads/dynamic_avia/avia-merged-styles-6f341279811cb78d7f
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-includes/css/dist/block-library/style.min.css?ver=5.7.1
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-includes/wlwmanifest.xml
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/wp-json/
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/xmlrpc.php
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpString found in binary or memory: https://www.zweerscreatives.nl/xmlrpc.php?rsd
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownHTTPS traffic detected: 108.179.242.122:443 -> 192.168.2.5:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 141.138.168.129:443 -> 192.168.2.5:49724 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 188.68.47.33:443 -> 192.168.2.5:49726 version: TLS 1.2

        Spam, unwanted Advertisements and Ransom Demands:

        barindex
        Found ransom note / readme
        Source: C:\y97fy-readme.txtDropped file: ---=== Welcome. Again. ===---[+] Whats Happen? [+]Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension y97fy.By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).[+] What guarantees? [+]Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money.[+] How to get access on website? [+]You have two ways:1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5B2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decoder.re/2D9B371869F2ED5BWarning: secondary website can be blocked, thats why first variant much bette
        Yara detected Sodinokibi Ransomware
        Source: Yara matchFile source: 00000016.00000003.419064477.000000000304F000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000003.418914620.000000000304F000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000003.236999216.0000000002B1F000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000003.236930717.0000000002B1F000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c647b2da_by_Libranalysis.exe PID: 5556, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c647b2da_by_Libranalysis.exe PID: 3976, type: MEMORY
        Modifies existing user documents (likely ransomware behavior)
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile moved: C:\Users\user\Desktop\TQDFJHPUIU.jpgJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile deleted: C:\Users\user\Desktop\TQDFJHPUIU.jpgJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile moved: C:\Users\user\Desktop\EOWRVPQCCS\EIVQSAOTAQ.xlsxJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile deleted: C:\Users\user\Desktop\EOWRVPQCCS\EIVQSAOTAQ.xlsxJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile moved: C:\Users\user\Desktop\EIVQSAOTAQ.jpgJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01193A83 OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_0119B2D8
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_0119810B
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_0119862E
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_0119A643
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01197EAD
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.506419661.0000000002BF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs c647b2da_by_Libranalysis.exe
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.506200888.0000000002A90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs c647b2da_by_Libranalysis.exe
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504785405.0000000001180000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs c647b2da_by_Libranalysis.exe
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.506443654.0000000002C00000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs c647b2da_by_Libranalysis.exe
        Source: c647b2da_by_Libranalysis.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: c647b2da_by_Libranalysis.exe, type: SAMPLEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000001.00000000.236641692.0000000001191000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000001.00000002.504853514.0000000001191000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000016.00000000.417930502.0000000001191000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000016.00000002.427975755.0000000001191000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 1.0.c647b2da_by_Libranalysis.exe.1190000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 22.2.c647b2da_by_Libranalysis.exe.1190000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 22.0.c647b2da_by_Libranalysis.exe.1190000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 1.2.c647b2da_by_Libranalysis.exe.1190000.2.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: classification engineClassification label: mal96.rans.evad.winEXE@3/170@6/5
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011949F2 GetDriveTypeW,GetDiskFreeSpaceExW,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011950F2 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeMutant created: \Sessions\1\BaseNamedObjects\Global\82C798FD-BDE1-282B-614F-52A0144826B4
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: C:\Users\user\AppData\Local\Temp\r00h7f.bmpJump to behavior
        Source: c647b2da_by_Libranalysis.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: c647b2da_by_Libranalysis.exeMetadefender: Detection: 75%
        Source: c647b2da_by_Libranalysis.exeReversingLabs: Detection: 89%
        Source: unknownProcess created: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe 'C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe'
        Source: unknownProcess created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
        Source: unknownProcess created: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe 'C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe'
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeDirectory created: c:\program files\y97fy-readme.txtJump to behavior
        Source: c647b2da_by_Libranalysis.exeStatic PE information: section name: .cfg
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: C:\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\recovery\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\microsoft sql server\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\microsoft sql server\110\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\3d objects\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\contacts\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\downloads\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\favorites\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\links\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\music\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\onedrive\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\pictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\recent\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\saved games\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\searches\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\videos\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\desktop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\documents\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\downloads\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\favorites\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\links\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\music\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\pictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\saved games\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\default\videos\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\accountpictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\desktop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\documents\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\downloads\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\libraries\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\music\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\pictures\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\public\videos\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\program files (x86)\microsoft sql server\110\shared\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\czqksddmwr\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\duudtubzfw\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\eowrvpqccs\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\klizusiqen\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\snipgpprep\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\tqdfjhpuiu\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\unkrlcvohv\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\vwdfpkgduf\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\desktop\zggknsukop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\czqksddmwr\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\duudtubzfw\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\eowrvpqccs\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\klizusiqen\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\snipgpprep\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\tqdfjhpuiu\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\unkrlcvohv\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\vwdfpkgduf\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\documents\zggknsukop\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\favorites\links\y97fy-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile created: c:\users\user\pictures\camera roll\y97fy-readme.txtJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect sleep reduction / modifications
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_0119567D
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011955D3 rdtsc
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeWindow / User API: threadDelayed 10000
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe TID: 1700Thread sleep count: 10000 > 30
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011971CE FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011950BE GetSystemInfo,
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW?'
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011955D3 rdtsc
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01194DA0 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_011950D5 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_0119466A HeapCreate,GetProcessHeap,
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: OpenProcess,QueryFullProcessImageNameW,PathFindFileNameW, svchost.exe
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.505437959.0000000001540000.00000002.00000001.sdmp, unsecapp.exe, 0000000F.00000002.503564234.0000020FC6BC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.505437959.0000000001540000.00000002.00000001.sdmp, unsecapp.exe, 0000000F.00000002.503564234.0000020FC6BC0000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.505437959.0000000001540000.00000002.00000001.sdmp, unsecapp.exe, 0000000F.00000002.503564234.0000020FC6BC0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.505437959.0000000001540000.00000002.00000001.sdmp, unsecapp.exe, 0000000F.00000002.503564234.0000020FC6BC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
        Source: c647b2da_by_Libranalysis.exe, 00000001.00000002.505437959.0000000001540000.00000002.00000001.sdmp, unsecapp.exe, 0000000F.00000002.503564234.0000020FC6BC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01194943 cpuid
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\Desktop\c647b2da_by_Libranalysis.exeCode function: 1_2_01194E43 GetUserNameW,

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Replication Through Removable Media1Windows Management Instrumentation1Windows Service1Windows Service1Masquerading3OS Credential DumpingSecurity Software Discovery121Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
        Default AccountsService Execution1Boot or Logon Initialization ScriptsProcess Injection12Virtualization/Sandbox Evasion1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProxy1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsPeripheral Device Discovery11SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Service Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingFile and Directory Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
        Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureSystem Information Discovery25Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 403142 Sample: c647b2da_by_Libranalysis Startdate: 03/05/2021 Architecture: WINDOWS Score: 96 23 highimpactoutdoors.net 2->23 31 Found malware configuration 2->31 33 Antivirus / Scanner detection for submitted sample 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 4 other signatures 2->37 6 c647b2da_by_Libranalysis.exe 7 63 2->6         started        11 c647b2da_by_Libranalysis.exe 2->11         started        13 unsecapp.exe 2->13         started        signatures3 process4 dnsIp5 25 quemargrasa.net 108.179.242.122, 443, 49720 UNIFIEDLAYER-AS-1US United States 6->25 27 eaglemeetstiger.de 188.68.47.33, 443, 49726 NETCUP-ASnetcupGmbHDE Germany 6->27 29 3 other IPs or domains 6->29 15 C:\y97fy-readme.txt, data 6->15 dropped 17 C:\Users\user\Desktop\TQDFJHPUIU.jpg, data 6->17 dropped 19 C:\Users\user\Desktop\...IVQSAOTAQ.xlsx, data 6->19 dropped 21 2 other files (1 malicious) 6->21 dropped 39 Contains functionality to detect sleep reduction / modifications 6->39 41 Modifies existing user documents (likely ransomware behavior) 6->41 file6 signatures7

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand
        SourceDetectionScannerLabelLink
        c647b2da_by_Libranalysis.exe75%MetadefenderBrowse
        c647b2da_by_Libranalysis.exe90%ReversingLabsWin32.Ransomware.Sodinokibi
        c647b2da_by_Libranalysis.exe100%AviraTR/Crypt.XPACK.Gen
        c647b2da_by_Libranalysis.exe100%Joe Sandbox ML
        No Antivirus matches
        SourceDetectionScannerLabelLinkDownload
        22.2.c647b2da_by_Libranalysis.exe.1190000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        22.0.c647b2da_by_Libranalysis.exe.1190000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        1.2.c647b2da_by_Libranalysis.exe.1190000.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        1.0.c647b2da_by_Libranalysis.exe.1190000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        No Antivirus matches
        SourceDetectionScannerLabelLink
        https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.60%Avira URL Cloudsafe
        https://highimpactoutdoors.net/static/game/bnhuzi.gifCW70%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/?s=0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/uploads/2015/06/ZC_logo_280-120.png0%Avira URL Cloudsafe
        https://dubnew.com/0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-180x180.png0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-includes/css/dist/block-library/style.min.css?ver=5.7.10%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/portfolio/grafisch-ontwerp/0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.0%Avira URL Cloudsafe
        http://r3.i.lencr.org/00%URL Reputationsafe
        http://r3.i.lencr.org/00%URL Reputationsafe
        http://r3.i.lencr.org/00%URL Reputationsafe
        https://www.zweerscreatives.nl/#website0%Avira URL Cloudsafe
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5B0%Avira URL Cloudsafe
        http://decoder.re/0%Avira URL Cloudsafe
        http://r3.i.lencr.org/050%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/0%Avira URL Cloudsafe
        http://r3.o.lencr.org00%URL Reputationsafe
        http://r3.o.lencr.org00%URL Reputationsafe
        http://r3.o.lencr.org00%URL Reputationsafe
        https://www.zweerscreatives.nl/portfolio/webdesign/0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/portfolio/architectuur-en-interieurontwerp/0%Avira URL Cloudsafe
        https://dubnew.com/include/game/jjttew.png0%Avira URL Cloudsafe
        https://eaglemeetstiger.de/admin/temp/rvagnougrmqq.gif0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.20%Avira URL Cloudsafe
        http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
        http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
        http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
        https://eaglemeetstiger.de/0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
        https://www.zweerscreatives.nl/wp-includes/js/jquery/jquery.min.js?ver=3.5.10%Avira URL Cloudsafe
        https://sectigo.com/CPS00%URL Reputationsafe
        https://sectigo.com/CPS00%URL Reputationsafe
        https://sectigo.com/CPS00%URL Reputationsafe
        https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-36x36.png0%Avira URL Cloudsafe
        http://cps.letsencrypt.org00%URL Reputationsafe
        http://cps.letsencrypt.org00%URL Reputationsafe
        http://cps.letsencrypt.org00%URL Reputationsafe
        https://highimpactoutdoors.net/static/game/bnhuzi.gif0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-includes/wlwmanifest.xml0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/plugins/revsli0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/xmlrpc.php?rsd0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.60%Avira URL Cloudsafe
        http://ocsp.sectigo.com0)0%Avira URL Cloudsafe
        http://r3.i.lencr.org0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/xmlrpc.php0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-300x300.png0%Avira URL Cloudsafe
        http://cps.root0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/feed/0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-json/0%Avira URL Cloudsafe
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/uploads/dynamic_avia/avia-merged-styles-6f341279811cb78d7f0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/themes/enfold/config-templatebuilder/avia-template-builder0%Avira URL Cloudsafe
        http://decoder.re/2D9B371869F2ED5B0%Avira URL Cloudsafe
        https://www.zweerscreatives.nl/wp-content/themes/enfold/js/html5shiv.js0%Avira URL Cloudsafe
        NameIPActiveMaliciousAntivirus DetectionReputation
        highimpactoutdoors.net
        72.52.245.6
        truetrue
          unknown
          eaglemeetstiger.de
          188.68.47.33
          truetrue
            unknown
            zweerscreatives.nl
            141.138.168.129
            truetrue
              unknown
              wraithco.com
              216.55.169.119
              truetrue
                unknown
                dubnew.com
                204.11.56.48
                truetrue
                  unknown
                  quemargrasa.net
                  108.179.242.122
                  truetrue
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.6c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://highimpactoutdoors.net/static/game/bnhuzi.gifCW7c647b2da_by_Libranalysis.exe, 00000001.00000002.506316402.0000000002B28000.00000004.00000040.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://www.zweerscreatives.nl/?s=c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://yoast.com/wordpress/plugins/seo/c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpfalse
                      high
                      https://torproject.org/c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmp, y97fy-readme.txt5.1.drfalse
                        high
                        https://www.zweerscreatives.nl/wp-content/uploads/2015/06/ZC_logo_280-120.pngc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://dubnew.com/c647b2da_by_Libranalysis.exe, 00000001.00000003.493670563.0000000000E5D000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-180x180.pngc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://gmpg.org/xfn/11c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                          high
                          https://www.zweerscreatives.nl/wp-includes/css/dist/block-library/style.min.css?ver=5.7.1c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://www.zweerscreatives.nl/portfolio/grafisch-ontwerp/c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://r3.i.lencr.org/0c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          https://www.zweerscreatives.nl/#websitec647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://schema.org/SiteNavigationElementc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                            high
                            http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/2D9B371869F2ED5Bc647b2da_by_Libranalysis.exe, 00000001.00000003.393530300.0000000002B30000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmp, y97fy-readme.txt5.1.drtrue
                            • Avira URL Cloud: safe
                            unknown
                            http://decoder.re/c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000003.419049746.000000000306D000.00000004.00000040.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://r3.i.lencr.org/05c647b2da_by_Libranalysis.exe, 00000001.00000002.503895772.0000000000E33000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.zweerscreatives.nl/c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://r3.o.lencr.org0c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://www.zweerscreatives.nl/portfolio/webdesign/c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.zweerscreatives.nl/portfolio/architectuur-en-interieurontwerp/c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://dubnew.com/include/game/jjttew.pngc647b2da_by_Libranalysis.exe, 00000001.00000003.493670563.0000000000E5D000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://eaglemeetstiger.de/admin/temp/rvagnougrmqq.gifc647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.zweerscreatives.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://cps.root-x1.letsencrypt.org0c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://eaglemeetstiger.de/c647b2da_by_Libranalysis.exe, 00000001.00000002.503895772.0000000000E33000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://www.zweerscreatives.nl/wp-includes/js/jquery/jquery.min.js?ver=3.5.1c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://schema.org/WebPagec647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                              high
                              https://sectigo.com/CPS0c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-36x36.pngc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://cps.letsencrypt.org0c647b2da_by_Libranalysis.exe, 00000001.00000003.495685149.0000000000E8C000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              https://highimpactoutdoors.net/static/game/bnhuzi.gifc647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.zweerscreatives.nl/wp-includes/wlwmanifest.xmlc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.zweerscreatives.nl/wp-content/plugins/revslic647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://www.zweerscreatives.nl/xmlrpc.php?rsdc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://api.w.org/c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                high
                                https://schema.orgc647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmpfalse
                                  high
                                  https://www.zweerscreatives.nl/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.6c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://ocsp.sectigo.com0)c647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpfalse
                                  • Avira URL Cloud: safe
                                  low
                                  http://r3.i.lencr.orgc647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.zweerscreatives.nl/xmlrpc.phpc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.zweerscreatives.nl/wp-content/uploads/2015/08/ZC_icon_rgb-300x300.pngc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://cps.rootc647b2da_by_Libranalysis.exe, 00000001.00000002.504137860.0000000000E52000.00000004.00000020.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://schema.org/WPHeaderc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                    high
                                    https://www.zweerscreatives.nl/feed/c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000002.504409261.0000000000E78000.00000004.00000020.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://www.zweerscreatives.nl/wp-json/c647b2da_by_Libranalysis.exe, 00000001.00000003.495661889.0000000000E85000.00000004.00000001.sdmp, c647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/c647b2da_by_Libranalysis.exe, 00000001.00000003.236990572.0000000002B3D000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000003.419049746.000000000306D000.00000004.00000040.sdmptrue
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://www.zweerscreatives.nl/wp-content/uploads/dynamic_avia/avia-merged-styles-6f341279811cb78d7fc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://www.zweerscreatives.nl/wp-content/themes/enfold/config-templatebuilder/avia-template-builderc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://decoder.re/2D9B371869F2ED5Bc647b2da_by_Libranalysis.exe, 00000001.00000003.393530300.0000000002B30000.00000004.00000040.sdmp, c647b2da_by_Libranalysis.exe, 00000016.00000002.428637744.0000000003058000.00000004.00000040.sdmp, y97fy-readme.txt5.1.drfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://www.zweerscreatives.nl/wp-content/themes/enfold/js/html5shiv.jsc647b2da_by_Libranalysis.exe, 00000001.00000003.495631742.0000000000E8E000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    141.138.168.129
                                    zweerscreatives.nlNetherlands
                                    51696ANTAGONIST-ASNLtrue
                                    204.11.56.48
                                    dubnew.comVirgin Islands (BRITISH)
                                    40034CONFLUENCE-NETWORK-INCVGtrue
                                    216.55.169.119
                                    wraithco.comUnited States
                                    18501CODERO-DFWUStrue
                                    108.179.242.122
                                    quemargrasa.netUnited States
                                    46606UNIFIEDLAYER-AS-1UStrue
                                    188.68.47.33
                                    eaglemeetstiger.deGermany
                                    197540NETCUP-ASnetcupGmbHDEtrue

                                    General Information

                                    Joe Sandbox Version:32.0.0 Black Diamond
                                    Analysis ID:403142
                                    Start date:03.05.2021
                                    Start time:20:01:11
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 6m 30s
                                    Hypervisor based Inspection enabled:false
                                    Report type:light
                                    Sample file name:c647b2da_by_Libranalysis (renamed file extension from none to exe)
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:27
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal96.rans.evad.winEXE@3/170@6/5
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 98.5% (good quality ratio 94.5%)
                                    • Quality average: 86.8%
                                    • Quality standard deviation: 25.3%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    Warnings:
                                    • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, VSSVC.exe, svchost.exe
                                    • Created / dropped Files have been reduced to 100
                                    • Excluded IPs from analysis (whitelisted): 104.42.151.234, 204.79.197.200, 13.107.21.200, 93.184.220.29, 20.82.209.183, 104.43.193.48, 13.64.90.137, 184.30.21.144, 23.57.80.111, 20.50.102.62, 8.241.88.254, 8.238.29.126, 8.238.27.126, 8.241.82.254, 8.241.79.254, 92.122.213.194, 92.122.213.249, 20.54.26.129, 20.82.210.154
                                    • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: /opt/package/joesandbox/database/analysis/403142/sample/c647b2da_by_Libranalysis.exe
                                    TimeTypeDescription
                                    20:03:21AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run i1neMACrFU C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    20:04:03API Interceptor3x Sleep call for process: c647b2da_by_Libranalysis.exe modified
                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    204.11.56.48Win32.exeGet hashmaliciousBrowse
                                    • purewatertokyo.com/list/1620095395/5rtpyeutqj8euieu.php?ufw=MTkyLjE2OC4yLjN8MTAuMHwxMmQ=
                                    file.exeGet hashmaliciousBrowse
                                    • www.bestreviews24x7.com/ud9e/?KtxD=+xnSmYCRm2f/I44fxf+ahgoV3e41Gf6lsD467u+FXhVyoy/nFxwC2nEjR3zK+HwT3a2j&p0D=AdhDQXr
                                    Bill Of Lading & Packing List.pdf.gz.exeGet hashmaliciousBrowse
                                    • www.bestreviews24x7.com/ud9e/?M6cphXg=+xnSmYCRm2f/I44fxf+ahgoV3e41Gf6lsD467u+FXhVyoy/nFxwC2nEjR0Taxmgrp/fk&VtX8=J48HPvgx
                                    aoKzFd4OTYlYvzi.exeGet hashmaliciousBrowse
                                    • www.holdimob.com/uv34/?t6Ad=iDpug+dx0NpYuNnAn4/W4U3RFea8QgwxmU5OX18MK7WBELdj4+j162AkPh5QsQG4eRNO&9r7P2=xPGHVlZHB
                                    raw.exeGet hashmaliciousBrowse
                                    • www.bestreviews24x7.com/ud9e/?1bm=3fedQDx8SbddtJ&lhud=+xnSmYCRm2f/I44fxf+ahgoV3e41Gf6lsD467u+FXhVyoy/nFxwC2nEjR0fai2sowvfyA0ANXw==
                                    Rio International LLC URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                    • www.be7tv.com/o86d/?GPTl=PmO4FBgn7x3xxq4DA2g7x5w9epV35UOKZMnGIRQqY9C924h29CCMO5pc8yF5n3BrEbxwENxqiw==&BlB=O2JthfYxo
                                    ntpxrxZCfL.exeGet hashmaliciousBrowse
                                    • www.orangepensiontrust.com/svh9/?Cda4=yVIJ+1emG/sGM6pmGTaSINqEVreOhkPwJguA0Jn07qoUr29BI5VJ0ZYx4ytgvcOxjgLX&2d=cbC0d
                                    OrSxEMsYDA.exeGet hashmaliciousBrowse
                                    • www.orangepensiontrust.com/svh9/?1bw=yVIJ+1emG/sGM6pmGTaSINqEVreOhkPwJguA0Jn07qoUr29BI5VJ0ZYx4xBasdiKgXqGRUOdFg==&s4Jxc=06m0IvzpaBhL8Lup
                                    INV#609-005.PDF.exeGet hashmaliciousBrowse
                                    • www.new-funnygames.com/ve9m/?vPDhx=VbWEClEJWn8XsumgVQbOe6vMHeBt8Pz2+jxhbnRKCcdmgaUpUyyKB34wLzKiefKH0LSU&kfL8ap=F6AlIfF8e4F
                                    swift note.xlsxGet hashmaliciousBrowse
                                    • www.orangepensiontrust.com/svh9/?m2MhnlHp=yVIJ+1ejG4sCMqlqETaSINqEVreOhkPwJg2QoK71/KoVrHRHPpEFidgz7XBc086CshenIg==&Npnd=9rMLfH3pt8S4
                                    Swift copy.pdf.exeGet hashmaliciousBrowse
                                    • www.indiafoodtraveling.com/ifne/?AjR=uTh+jOJLcZ1+A+ZwJUR1QlGf4dkpQViro8P/md11fzExOFziGJv9l1WMjbCU3sRscsfoVkwx1Q==&ndndsL=-Zh4XzYxhHVda6t
                                    remittance info.xlsxGet hashmaliciousBrowse
                                    • www.fantastic-male-size.com/svh9/?5ja0c8yp=ij+ZgDP7l8XO4EzkWM1OWxe5DYkBfQhdxOd2KtRjfzMns0aOs1qKxh/wbOk7VKZjQ4PRQQ==&2dn4M=z4DhUBy8
                                    BL836477488575.exeGet hashmaliciousBrowse
                                    • www.network70.com/mb7q/?-ZbLpz4=lcZnn44wJ8CTD/wuULHOZdDNfKQLJFUDWmrmbSvd29smf4FbT3Q6nZbQmfWo5SiyjEZ6&3f=Blgp
                                    BL84995005038483.exeGet hashmaliciousBrowse
                                    • www.mindframediscovery.com/mb7q/?Kzr4=MylpREVFpgK4hrQJLFGzZ7Eq8Ut192MqXeIW4x2M7+nc5esW3mvXBXSCpu2ngoz0Ij7R0ObYFg==&OtZlC2=JPhH0LRX981dlx
                                    Formbook.exeGet hashmaliciousBrowse
                                    • www.1396999.com/oez8/?ePI=pEvz6wUm7NkDB5cAyTZ1gvh/y9KWyAJdvyJqwgzLh6QntoRS8UVJV4gWCXXdvhTiuHaU&uZhx9b=tXxhAn0
                                    deIt7iuD1y.exeGet hashmaliciousBrowse
                                    • www.tiprent.com/vu9b/?1bz=jDKPMV0Psx7H2j&KnhT=z/Zq9jVkIB0yGNn3ZEHZ6NHzXk34EmaVGtMXpz0iQLYDo7kK3EXAn5/5Znk5N1+qJLeSjTna4g==
                                    ZGNbR8E726.exeGet hashmaliciousBrowse
                                    • www.hipnoseportugal.com/m2be/?GVFTh=fyh/eIcUW0aiZCQyfMwwrsLD1ZW7Cr5WD4UuPwf+M/sE8+UpRfQsAB3ccWCzN2YO30SJ&tv5P=ilQ8UxJh
                                    MV Sky Marine.xlsxGet hashmaliciousBrowse
                                    • www.felinewish.com/m2be/?pL00NNc=cTSgjfXDnz2bFoWdUkD9Bhu82D9jmXmOM4nRLHyyc50s9vDYx1pRS3bEvpVoGpgOgfMfdQ==&SJE=yZ8l2HUp_
                                    fDFkIEBfpm.exeGet hashmaliciousBrowse
                                    • www.felinewish.com/m2be/?kpNL=cTSgjfXGn02fF4aRWkD9Bhu82D9jmXmOM4/BXEuzYZ0t9eve2l4dEzjGsPZuNY0F154o&MZ=K40xTRg8v
                                    4TYyYEdhtj.exeGet hashmaliciousBrowse
                                    • www.felinewish.com/m2be/?nP3hnH=cTSgjfXGn02fF4aRWkD9Bhu82D9jmXmOM4/BXEuzYZ0t9eve2l4dEzjGsPVXB5YFi/k5EjPA0A==&DrFXA=8pDXBtXPJP
                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    highimpactoutdoors.netplusnew.exeGet hashmaliciousBrowse
                                    • 72.52.245.6
                                    dubnew.commb10.exeGet hashmaliciousBrowse
                                    • 172.67.146.154
                                    mb10.exeGet hashmaliciousBrowse
                                    • 104.27.158.125
                                    eaglemeetstiger.detest_ran.ps1Get hashmaliciousBrowse
                                    • 188.68.47.33
                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    CONFLUENCE-NETWORK-INCVGWin32.exeGet hashmaliciousBrowse
                                    • 204.11.56.48
                                    O1E623TjjW.exeGet hashmaliciousBrowse
                                    • 208.91.197.27
                                    file.exeGet hashmaliciousBrowse
                                    • 204.11.56.48
                                    SWIT BANK PAPER PAYMENT.exeGet hashmaliciousBrowse
                                    • 209.99.40.222
                                    Airwaybill # 6913321715.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    PURCHASE ORDER.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    Bill Of Lading & Packing List.pdf.gz.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    VID895490538.apkGet hashmaliciousBrowse
                                    • 208.91.196.34
                                    raw f.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    krJF4BtzSv.exeGet hashmaliciousBrowse
                                    • 208.91.197.27
                                    aoKzFd4OTYlYvzi.exeGet hashmaliciousBrowse
                                    • 204.11.56.48
                                    y6f8O0kbEB.exeGet hashmaliciousBrowse
                                    • 208.91.197.27
                                    PO522-100500.xlsxGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    raw.exeGet hashmaliciousBrowse
                                    • 204.11.56.48
                                    Rio International LLC URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                    • 204.11.56.48
                                    Productivity_2.2.exeGet hashmaliciousBrowse
                                    • 199.191.50.72
                                    Productivity_2.2.exeGet hashmaliciousBrowse
                                    • 199.191.50.72
                                    SWIFT COPY.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    win32.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    Remittance advice.exeGet hashmaliciousBrowse
                                    • 208.91.197.91
                                    ANTAGONIST-ASNLSecuriteInfo.com.Variant.Razy.820883.21352.exeGet hashmaliciousBrowse
                                    • 195.211.74.112
                                    #Uc708#Ub3c4#Uc6b0_7_#Uacc4#Uc0b0#Uae30 (41 zc9iTHdhxUjXnIh3Y gstE6IT6r9qBBG).jsGet hashmaliciousBrowse
                                    • 141.138.168.113
                                    #Uc708#Ub3c4#Uc6b0_7_#Uacc4#Uc0b0#Uae30 (41 zc9iTHdhxUjXnIh3Y gstE6IT6r9qBBG).jsGet hashmaliciousBrowse
                                    • 141.138.168.113
                                    https://dev.go-internetmarketing.nl/vmt/?e=dasdfu@stonersdfgr.comGet hashmaliciousBrowse
                                    • 141.138.168.120
                                    test9.exeGet hashmaliciousBrowse
                                    • 141.138.169.201
                                    invoice.docGet hashmaliciousBrowse
                                    • 141.138.168.151
                                    plusnew.exeGet hashmaliciousBrowse
                                    • 141.138.169.219
                                    SecuriteInfo.com.VBA.Heur.Logan.849.Gen.13999.docGet hashmaliciousBrowse
                                    • 195.211.73.41
                                    SecuriteInfo.com.VBA.Heur.Logan.849.Gen.13999.docGet hashmaliciousBrowse
                                    • 195.211.73.41
                                    SecuriteInfo.com.Exploit.Siggen2.9920.3882.docGet hashmaliciousBrowse
                                    • 195.211.73.41
                                    SecuriteInfo.com.Exploit.Siggen2.9920.3882.docGet hashmaliciousBrowse
                                    • 195.211.73.41
                                    script.exe.7582a080.0x0000000002360000-0x0000000002401fff.exeGet hashmaliciousBrowse
                                    • 141.138.169.215
                                    Sans_titre_03122018_45696.docGet hashmaliciousBrowse
                                    • 141.138.169.208
                                    Sans_titre_71915621.docGet hashmaliciousBrowse
                                    • 141.138.169.208
                                    Invoice_No_G9560.docGet hashmaliciousBrowse
                                    • 141.138.169.208
                                    INVOICE_NO_G708198.docGet hashmaliciousBrowse
                                    • 141.138.169.208
                                    Sans_titre_03122018_6212877.docGet hashmaliciousBrowse
                                    • 141.138.169.208
                                    Sales Invoice.docGet hashmaliciousBrowse
                                    • 141.138.169.218
                                    Sales Invoice.docGet hashmaliciousBrowse
                                    • 141.138.169.218
                                    http://tabouwadvies.nl/Transactions/012019Get hashmaliciousBrowse
                                    • 141.138.168.126
                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    ce5f3254611a8c095a3d821d445398776e139f3d_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    generated check 662732.xlsmGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    7A124B54.xlsmGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    copy of payment 7006.vbsGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    15d0c452_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    PT6-1152.docGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    ff878909_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    M3f3pIfDgg.dllGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    valuePasteList.dllGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    f2f941f8_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    pax. n 245-2021p..jsGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    Invoice_78084.xlsmGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    1340b320_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    dddZ4zfHWh.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    mib_untraced_drivers_agreement_legal_costs.jsGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    mib_untraced_drivers_agreement_legal_costs.jsGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    0e64acab_by_Libranalysis.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    6kzba4mCSw.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    SThy2G7fGR.exeGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    Invoice_7418340.xlsmGet hashmaliciousBrowse
                                    • 141.138.168.129
                                    • 188.68.47.33
                                    • 108.179.242.122
                                    No context
                                    C:\Program Files (x86)\Microsoft SQL Server\110\Shared\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Program Files (x86)\Microsoft SQL Server\110\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Program Files (x86)\Microsoft SQL Server\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Program Files (x86)\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Program Files\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Recovery\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Desktop\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Documents\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Downloads\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Favorites\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Links\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Music\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Reputation:low
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\NTUSER.DAT.LOG1
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):57576
                                    Entropy (8bit):7.997034340515189
                                    Encrypted:true
                                    SSDEEP:1536:X9h4gQ1TEoxAKR0i2RK/BlWmlhsYSZ6l8/DXLRWh6gd7bdqtBld2Iyl:XogQ1Eo6Kt1/BkkK9UoXLsdXEjXE
                                    MD5:E872CA3EFCA01212B02274EC69AC2969
                                    SHA1:A674B26965D5AF04B1F1E4B9FAA42ACF0A895BFA
                                    SHA-256:1B9D0B14F6C0AE3B01A06045E6FAD6F82263A1AFA364606351075DB3CB2CD150
                                    SHA-512:14D7B6A72E9CC8186651E99F2BEEFA65831AFD74918025CA46B77B4AAC4586A1736129A1671F774B0E50C8E2EAB3A544A698C05FA368D7428D385F88FF9380F1
                                    Malicious:false
                                    Reputation:low
                                    Preview: .6|......u|..c..%...T...55'..#..Q.~.9.>..w.._..Q.Wh.?~....;}.B.?;.q.,.....xEX.alW..?.z.Q.b......R...~.T....H|;*.]..(8e..-cN|,~.r4.k(=.i..u@(.....`-..Vta..1.....$.V.).....i(?2..j.MT.n...J.-....V.+c..>...`..<.....G..Ae....Zi.3{P..:o.@.{I.;ZZ.K.1:.o;..P.9..q...A.qf...._bU...\3Z....W..%g.D[..i.h.\5. _...U.5.t%.C.P..8I..H4.?.q..V..c....^.I.Q.vV....-....x...t..6.....M.....].. ....j..P.B0.A.....o.&Z.....5..{j....\j+Y.)K.B..iR.p.$... V.Y.q-2.B!...m...u.[. .q.!..~le.!jug...S&...E.4......,....\....c5.y..K......E.....^\....GY5.....ge...8.k..... .....Fa.(|;+X^0..5$..k..g............`.o.....Zgkc..$L....9..A+.\...7Z...R..h...l.`.nqs.4sC...}...]..7.>Z&...G...":.].{B..R...v&u..0.QG.h_.Aq...y8..q1..U4..D..:...y\K.f.~..JpD....m#)..+,.u....K.`9.Vn...l.....`zy....u.eU 0....2.......+)6.u.......\A..%....o.S.].....T.n.{..Y......z..YQ..:(_L\.......-....d.In..2.6..).G.5....."..\.}y.....s......q.&J]....s".....Y..U.P....& !2.c.a.G6*..]K.\&............=..oS.."..k......._
                                    C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):65768
                                    Entropy (8bit):7.99717425940556
                                    Encrypted:true
                                    SSDEEP:1536:y2mn/JQ0Fo8/6GinB6hRptAtqM/6boh0FD0zBN+qyCLkx:yl/dW8PkMt0hI9CAx
                                    MD5:592402AE23ADD1F111D73018DCCBFB9E
                                    SHA1:3D8407BEAD8EB95149E0D6C1EE802320CFD6E013
                                    SHA-256:D0CCB5DA60CE553B17DC4D98A5F245EAAD3A2CE9EF64DADD5C4782CFE9BF9DA6
                                    SHA-512:F9082F185A7E3587903B43EBFF072FB50800A65C07FAB63882F6B80ABDD2C8B9A07187D58B8D7491204A567FBE599D7CDD500BF34B770C01D6C32E989381EC3F
                                    Malicious:false
                                    Reputation:low
                                    Preview: ...Z3..-.G.Jz...U.a.....I..q..U...b.....).|s.F7.....R(...Y...V....L>..{..@-.%.+...w...3..-...f.......u....p......b....*....SB.%l).{.FN..R....-.@.URl.3..F.L.+.....W..a.*1...>/..(1.w!....U.4...e.gJ../02....2..b.E&{`ht...x..Y..s..:z...i...`........H|..x.^[K.|w47.t.......mDm...N"..K.8.^H..o-iu8......&,a/@...&....Z:5.t[.W.fGw.p...!..A..b.3.'.....O..a.Q...f.....%......9....W&...jbC...aa....#6M.._...BH2......q...;..3..%'.Z.....C..../j.K.lM.U.R...~...n.5.d=...)..(m}A........U....Z.. .Xt.&..i..K...G......5(.;l.%.8sc.).[K.1....EV.}.(C..%..\.....!....I.ib.T..z...!...n...VCN......%. .........]..].....|+.;..U..IV.}|L.7^J..C....[.U&/.1A.Io.%e.._D..oO...OR.9`]KZA<...........=...."+[.@5.F.....nZn..X...y........|]!...I......[g.|.^>...$Lv....8).].~..-~)...SJ*wO....&>...V1.+..8.S%.....##..zF...c...V.U..G.....{[....|.e._lp.......{lCU.K.Z;.1..VF]...Be.Du...G:'.......=....m*...!#......Y..b.`...V.w..YL..d.1..._.t.v/=.-#.#.'*...uo}:..vK.I.#)T.m.....`AXtYr..D:H..3....w.c"
                                    C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):524520
                                    Entropy (8bit):7.999651586024077
                                    Encrypted:true
                                    SSDEEP:12288:1t/nzGPPt/1d0yvhxD2yXtIWzq929RRXM4Lpi58:1tsPt9NvbB9c4LpiC
                                    MD5:6C2ED86B4B02BE858358BD33CABD5936
                                    SHA1:669394485CF7CDE20F48410DA8E166F3A0C423D0
                                    SHA-256:8B3808EEE2D0600935D2B0E69AF3F8C5573BF5285852DAFDF6E28DEC343A1CA9
                                    SHA-512:AE318A30AA297A066DD2E97B0D59AAFCE270A5F3753DB01EC3CDFF09602E67F9C00FEA4F6F0967237303F62DB14FDBA6145F87909C0F0A4CF44DDBF98A53365D
                                    Malicious:false
                                    Preview: }<p.)..{..._....}........F...l..F....ciS.7N....9.]...../.9...5..T..v...I.~J%...g...b59....R[..0.s.........f"........[.......w.Z...I.Z_..JD......=m..`.... .. .S...lN.Uq.T...p....._.Zp~.S.s..J.8.;.[......D.$.!..yS.A..Cq.j....[#.1[Yn.).q....p-7K..s....Jh.6hv..3$8.<.v.[Q.C..].x....+W.X.R..$.Iz'X]K/j.]#X...(....<h.9,... ..]..U,....L={R....n.J..$I.G;K.....$..q.F..W....O...)T{UMf..oX....!AJ..y.B.}R.}hz..d/Z...%..f.K.%M.P..5t6...,S.s.y?.K.K.]~#.%....o....]..@_..&.......(s...q.d<...U*..Z...(..b.;.gb&...~..h....A.3...r.'....YF.tv....aw.2.._..lh......*{..r..7|(c.l.6.h..I..f..Kaw.|SF.2.X...x.E.~..Q...:....p5."Q.!...IO.z.e..<.02..M...rm...f.....A.P..O...:U.M.j...[...o6..y.f...bD"...3....,...x=...w. .5.6...m3.P....'#...2.......!k.._..k..c>....CS..F..G....0....S..t..q..z:.....7f`PJl.N...7d..U\~u3|g.....%.4..".......hv....7f.....6B.[knx....B.@."R..Ts....^......PAm2 .S..^...].ME+.$x..o....%0..\+.S'.].l.....*{...=.?.%mnz..X...C..=......p.*.|9...?.LU.7B.. Qg
                                    C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):524520
                                    Entropy (8bit):7.999641533757619
                                    Encrypted:true
                                    SSDEEP:12288:UX+jUl+6fa0BWrcHTYeNZnmEHNxmTYKw9:UXjE6fxEc1ZnmEHKTu
                                    MD5:C2321FADB8D5D19620DD80AB17867720
                                    SHA1:C092656FE2BE0CBD7509969E6982175AFAA53BEF
                                    SHA-256:EAEDE786B955E4370AB78AE090D70D952B53F7886D9FC2DE39E6568F6A523A12
                                    SHA-512:D61666C8830AFC5F035E70F1469FE6F63D226944CE3A895F1BB455234E797C3FABFD2CF171730A00F8F437A1998B134A4841C51800B312D942B43AA3C12144F9
                                    Malicious:false
                                    Preview: @.I.+x.....;....r..".ns,}.Y:9~-u...L.`d`.>.W._..A7.T...:.6..!.17..H...@.2...'..........Q.+[.?.{....6d@.l.8.Kv.3.8.....n/0.U<E...F......X.6..(...5.....V.62..L....]....?.....j.u...9..$:..=.3..\Wv.]E=....NG...2.q?......@......V.J.f..[.(..1Wn.`....vc.P....u`..|.....c.5.7......k.......~!}....c.....>p..@.....9.....o.pbN..Q.o.EF...+7.'..-...j..r..]z..d..8.{f,;..=..;P.c..FF...BG..j..............F.1 ....K8......@..C*..?t?.`...ko0t../.._/.6.........Z.Zt.l;-,^2............^x..q.......|......V.`..E.I.Wp.I...A.@...9..N..d......~4.3-E,.F.`.Tc.....C9...4W.U."..d.?.g.../p...KS..@M.....jn.@.P"]fNX...o..7.v)fb...g.....#..i..;cs;. 9@..]..2....L}..]9.G=x..;..1....E..."AQ>.l..&.'.G.h.$..m.xy2.D.v..0....`.X@.U8...y>..Q_.).........'.`..."&...V\w..MF...s..."..%.<$..m~.......]..I,$..cGl,>..#.e..9;..,..{....5.....p..d.a..cA.^.6?.I.a.....G.j!..&..-9[..P...z............y.9M.:.c.Is.D.........Y5N......eJf.Jq...].$.G.L...<...J....n...p5.FnV.2......O..".RN.
                                    C:\Users\Default\Pictures\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Saved Games\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\Videos\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Default\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\AccountPictures\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Desktop\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Documents\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Downloads\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Libraries\RecordedTV.library-ms
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.8538772705982565
                                    Encrypted:false
                                    SSDEEP:24:ee/lCUjFfBUIqALimP6uYte0ln6BvlFl5Og7o8Z7dVRdciEA/NuQSR32IP:eQCKP/f3yuwe4m9JOg7ooMn32U
                                    MD5:FADD10A8398727FF99CDED7DDDD14D76
                                    SHA1:D068984CAEC42D63CD49A4BEEA9832FA0F170BB4
                                    SHA-256:6AC9C86AE8918BEE21BBDE6197DBD328418542475D26E4726D4C07FD4036379B
                                    SHA-512:B27513FCB9BAC893262E4DD58BAA1E781DC19D8A7C2D03DCEBFC509E2E93AC890D96FDAE7AD0E65976DED7AD504E12C266F69F95CB21BEE36520AD3D90531D25
                                    Malicious:false
                                    Preview: ...K..._.....c.v~.{...>...i.Q.^y...4..4.}.....s.q...2.y."N.|c............^\....x.f9......F./K.........S.T7L..]e.|..R....F_}`......NX..0.....i5Bzy>m..+..../..[.q....,..r-'.m..n...T[.X..vJj.....t...G.AC...q.hH...).n.@"[..`.t.%.+@....z.....9.;p.[.%..S.8@...,..H.%....@.X...H.......i..wgB....,..........'..)....=....=y..9..A.8+{T.P..1.....`.G...;.k..>Z.{.....k:'m}.)...t.l.ox{.!.b.\.]v..V.5;.t..V..<....s.C.......n.W}.._7..=.U.....m^...DWm....>.. .J..lh5....K..TT=.....F`...&..t....H...\V...B.I.r.k0.....S.2?.yo.tF.........e.G.......;...$JU..S..9.aEj;.G,_....&d..Xo....L.F...j.p"..R.8.H.'PE'.Z\\d.....0L.....G......L*~....|@$1;q..~.|/G.&.;.....eTZT6H../y.......Pv....Q.8.....(.I~.#......8?.Z.ke..l......C.k..:0l..z.4.G.4................S.I.K...e=...\....:..v.^.0...U.x W._.....3......K.......S...U..#<./._.y'D..y..#..n......%..J..H\.].P6..W.+.={..j..).....^....Lw."..F......8.....j...xl....D'|..&...3.@..>*..w4.+&.).uRa1a.....z...`d...4..u..Q.6...RU
                                    C:\Users\Public\Libraries\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Music\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Pictures\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\Videos\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\Public\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\3D Objects\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\AppData\Local\Temp\r00h7f.bmp
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 32
                                    Category:dropped
                                    Size (bytes):5242934
                                    Entropy (8bit):5.580553169250892
                                    Encrypted:false
                                    SSDEEP:49152:bOdMtG7Dj+UrKYaeBgOphJeJ8iJ4Q+g1DiAzMVZDsFHJfS/I9YkWW9:bE+/i67gbe
                                    MD5:EBC45D36459089F0DDB92BE0C1DCA606
                                    SHA1:06694FB27358AF963430868086EA27B8FF5574A6
                                    SHA-256:6C8C5BFAE9650AA31C31C1AAA92D241C1455193AA76F7ED5886F67AF31D37610
                                    SHA-512:89B49D892922BC885551C1E92BF6AC7128436B4CC96095084CBF7397AF81EFAF6B3F62CB42D330D98740F974CD4B04BC70762E2DB7D3B80E384C472D15AC74B1
                                    Malicious:false
                                    Preview: BM6.P.....6...(............. .......P.................^...6...........h...:...e.......m...$...........*.......d.......&...P...........7...I...R...%.......=......._...r...B.......C...4.......k...b.......[.......0.......6.......m.......X...1...........A...v...R....... ...1...h.......Q...............1...........X.......>...............................n...6.......6.......9.......n...7...........h.......3...8...1.......%..._...N.......r...........e...u...U...l...........P.......x...7...2.......!.......d.......]...v...K.......:... .......y...1...2...#...............-.......u...%...<...9...Z.......c.......Z...i...o.......N.......................R...m.......A...Y...".......[.......8...L...W...7.......#...................7...........@...............<...........G.......`...y...........o...%.......I...O...;...............E...#......./...l...2...........V.......&...............&...[...H...........S...y.......I...Y...R...?...........7.......D...w...d.......>...*...E.......r.......-.......`.......0.
                                    C:\Users\user\Contacts\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\CZQKSDDMWR\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\DUUDTUBZFW.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.833439357323706
                                    Encrypted:false
                                    SSDEEP:24:8oYmm2SB4DDiMbVkFiKg8CwxZ3yJQ9P2jWB5Giz9IEA/NuQ/D1lH:zYDIDDiMWac0i9GWBpz9FUD3
                                    MD5:1EEA172569B9BC42E9E05E9BF5E1B66E
                                    SHA1:090050840285493AFF6C23A2BCA29B2391ABF8FC
                                    SHA-256:24A314435BFB5B7A515CD434379B26B37141E4D5F2D1F16AA2952EDDB0921AF4
                                    SHA-512:CBFC3B2254E66966172D5297F7557F21DF494D62A25BD540AE22FAE196F6FF44900DD798BD69BB1FD872150DBAF2BF1B8798505408B6CD2DF9477E3E394F081D
                                    Malicious:false
                                    Preview: .y.`.\u.C;T2..A.S}.^....BD..{.).._0.....!.f..b.x.E.Z..-...R.>&.@..c=.Z....9..:.....!.T(.$_..~....Cpm\.u,LU.+....5"S\H.r. .H...........~.\..v....K.:...N.... .v.2.L'r.ldL.G....t....9...:.D.\.L.c.]..;...I'Bx.@..j....z.dC.....KY.xT......0...(..x.*;N&.@..$..s. _.D8.].y.....N.!.=djOX......f.L.y..f>iN..b...*.}K(..6+h...+l.QP4....Z.....O.:.n.....&.#I."L\R...m"....W..n|..AEw."c)....2.[......U.....O...L...t.DD.>!y....j...e.t.......R..B.."..[.UyJ.......'t;b.k.^........ ..@k..*...E.[...%%..y.5.9.HN.tvi.\...1%....T..y.[ .,I..'......U..".,st#.......xf{Fsz........BR...qu...2(k'.F...V....^#.\....[..\7.|..%..!T,e.>25%.*...I..h{.>R..58M./.../?...YUt.VV..}~.G...]@.H....>..l..F.M............U$*\.:8^(3.&1SJ..{D..2.N..z3..v...a\]..4...).*.y....E...b...nr.~.4a,n.......Y..D.8...AA.\...An}.R....t......Ub.#.Q..%.[.....`)..J..O.|(f.E.[...Q.q....Vkq.?pB.+W..c....Z.,..K.l2...].........|..9......F.'F.B.P.. ...dj.g..L.%..B.u...:[y...."...hS.I..c#I.p[..p..
                                    C:\Users\user\Desktop\DUUDTUBZFW\DUUDTUBZFW.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.8594518087352885
                                    Encrypted:false
                                    SSDEEP:24:fT6JnCk4hMcTMNEN8EIjr+AoLml7bTecHsQkGbx2rcEA/NuQjGZ:f+MkjcTSfEIjfpHfbMxZ
                                    MD5:D626672514D784A4DA7B4A96D0FE6DFA
                                    SHA1:DB36F21E460FCB6B80B2A290F38C25CDCE898B21
                                    SHA-256:A0464C280451527D5F8D0FB7DC7CFC80B2C9E28CE51AD77D0E68005B7748D2D9
                                    SHA-512:F6D42C8AA22B360AE4118275A674EFA2400636E161EE7CB33D62C9CDDF6F10153AF4BB08690ED9EB1FD575BEAF8BA739F9D08E64865A1BCAF7FCB48FE9111D2F
                                    Malicious:false
                                    Preview: ......|...^@....*..T.La.|\.k..y...8...f....Q.:.`..O..["......!..r.)!"V...$J...u.^m...+....lp....3.um=.4<.n_.fX....3./.#..N...#..;.Z..g............hR9.'&"......21....[M.....cc9..)...G..X..D.*..u..e....*.~.....9L5+..|..Q......Qf,.8]BhaO.^.}.L.(&$..x.z...;pF.."....s.. .SA.T/y.k.'h...;...(...!.....pd2.J.3c...:k...X4.H.qa.c].....\.qR..}$v1...@......v...~.Da.'x..8.+1...ki.w...\......3..........px.@..|...s..7.%z...#......!..t.`u~2........Q..;>..G...R.R..8.;.an.d.'.U8....[6....7C>..M...r........3].f.....GAD..p..nCN.o.Z........o..,..P#r.8...N.=.&.C...=H.~...j.gM0....z.-n.......U...".y.C..uO..IO).:..h...7bN}.F@..%...X....".q..~.T.=.1..a.H.4..`9. Ln...-......O.B.......=cf.`..u..N.q.....?|......G...[.....j..,....>..i.LQ4).j......V...d.b..H9..&.v.*.....b..%.......f...n.......V......S2..=.J..*(V.W.~..;.\.O..2..i0..S..1s.pf=\j..t=L\...l.,..;........l.%ce.R..@D..z.e.....I.Ea.G..W0..<_..b.._..p_.....J5.PmH.."ai...M..X....ko..v.'"<..(...&.0....c.J.
                                    C:\Users\user\Desktop\DUUDTUBZFW\EIVQSAOTAQ.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.859948188481456
                                    Encrypted:false
                                    SSDEEP:24:9uDt6/im5bKBsrt2glJ5iVrobVh1ttt3+lEA/NuQQsz:84WByiVMbVft3Fsz
                                    MD5:5079DCCF7EC0CC8263455BD9B4DA69C9
                                    SHA1:1025529BF7ACB8B181E10269CCC7E9638039A06D
                                    SHA-256:EA7F6F220B5CD83A8607FC9F3441D7E2E88F529F7B73D15B3F00A72BAC59921F
                                    SHA-512:862D3B6406EDF9FDE28895ED157797E8C4C3DFB4BC297452E27E5B4D819E7BB59D32C1C64A69CF39DEB0CFEBA936EBC3510821FCF8A1E17A12A97DEF3F806992
                                    Malicious:false
                                    Preview: .....I....."..^2z...W5..Y...[.......7...._9.....F.0..y.zp..x.;.....{.X1.q.......lt.k.....4o.P..s.x.:....H.lJ..}.^...9.....4...z.{.w.qnF&rp..-....e.Sdg......yi.IO....<...Z4s.p..^.{...~g..?...0s.........'.....G{1@{tN.L..b..A.....h...<S..HnE.....4/...G..m^../<.YP.pcJ...^..........R.r...i..0...y.......?.|.6....# ..sN.T0U>.-w.f78...^.].UL..].4..W.......s.C#r....].p.A.....s.kp...(6..~.l..6.!y.2.]Y....xJ'.-.CG.X&C.......t8.........w..._n..<.#...$z.}.~.A#..i._.Ro...?.g..j..>.?)...... r_j.j.W.}*'.'.U9^...h..[<...=.e...>.O@l}.&w".p..Z.(..5...<).....P...}.....x.Yb%Q......."q.....w.@....d..<...g..0...*..1..-D.....E..HF.y.....#J.....D!C.x..mc.../.b+........].J.oA...=\...L..QM.cw(......;..=..8.-.p[%......'..SQV.......SEi.{k...3....y....Su.W.....=.V......R....F..*xv.r-....1.7.....~..|{ne..G.e.....V\....9.w....T.`....$..B..M_...j#^.R... .ZgI.}.......Sf..}...}p.+....K%..(.bt..z.k)....jY.a....P.@,.i..M...Y}.%.....]L.A.!.D.\..f....]<....<.=..Xr..
                                    C:\Users\user\Desktop\DUUDTUBZFW\EOWRVPQCCS.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.845486665398929
                                    Encrypted:false
                                    SSDEEP:24:g9+GPVoB9salJ5St86QYl0cowoUYgxV4zrrik65w+zjJEA/NuQvd:gRPizpQR94gj4zrrikOnjiKd
                                    MD5:54627C660D7ED9E1E58451844ADF48B6
                                    SHA1:4176E1C563504994B8B4EDA9582942178ABE11AE
                                    SHA-256:0131AA9E505FC6B431EF55AE6779912822B50A7904030BB0032C3D97DE93FBB0
                                    SHA-512:56F6EBD9C605C196AAF3B67128B04D6E77E68273BEB38EDACA1E4DFEC3625132F0355C7206CCD2B9122126E71F2F71CF610B37B54C329756F9AEE4DBD5B48F57
                                    Malicious:false
                                    Preview: .....s....1......#.Nz.....!.Z.f.d.%E!.Q.L.0.h..4e=_.V..e.Y..w.-..=U..{z.....x....<.4M...ka.QA$.#.[....x.j....N.@..b~..S...".u.......(P..#.\.v4.f....'... ........3z6..$..k.;Q{..%.8. C.T{t..3>.@U%...%..*..J...E..0...<4Ma..-zRe.V..0U..4..t....@.^.q..2.....Po...Qy.....1!..d'...~p.x..h....w.1.....Lt.d{..3....d#..&;....kk......S....A..[)>..H..^.....Ai...u..S...h.}...n.J......b....v.*.Y.[G.)i&.T._`..]O..U...v.w..J..)}..9....]i.[..QW@.F..!.L.ad..\2.U..w.T..4...os,5g.....N...g..Z-{0#J!...(...1..."|.........<......#lB.r.+_..6...#.~h\2wC.../.....~._..B3C.f.f\.!.*."EV.,.|.<`Y.R_.o.K.Y...X:b..D....!I.|.6w^AH.....*..l.'..R..\?Cp...vK5....9g0..0....../...s.A.7.w.De.s;[..h.....W.._.z...Si.........5[........D.~.@...O@pBH..T..yg.|.9N#7.x .^@..v...7o...{.O...|?_.;.."=.v".....Z......SH.B..........d.......X[.H./.....J..^W.,{k......c......ZA.B..B..'"..z.9hqJ.T#.>.x....Z.X>.."...[..lr.....>.v..d..C.tA..L......P...V.:m.~M...6..N..>.]...j.wn......qR.z...!...
                                    C:\Users\user\Desktop\DUUDTUBZFW\EWZCVGNOWT.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.845897812717447
                                    Encrypted:false
                                    SSDEEP:24:iEBmXjmFDh51e1/p/oI5DLDe2Ha16RoC75pmp2iDhQLZWMf02IdEA/NuQiG:iBTmFN51KNoI9LDgmFpwQrTPq
                                    MD5:63EC765C4EF9B72D17864AF727E991F2
                                    SHA1:E446EC5D2F1F4223BF48279FBD5CDA603404DA43
                                    SHA-256:CC155597B378573262B9F757DA5D62BF7E06B734DE55983D07AEFBA3626D6CA3
                                    SHA-512:D937406262808A522D968C1BB04396EC6B759E364A5BE50A4C0520B57F8DAF0FCE80FC4B015B10FDEB2AE9FFFA30A7EA7F90600173018F0E467CD3A518A7996C
                                    Malicious:false
                                    Preview: S...Y..eU.e.. \.Stamk...D<..v.v....>^.&...Y?...y.pp2.C..J{.b._...[;P...f.6........^..1.R.G..&.......oQg..H...H........Qm.....?..y.)0....5U..b.....+....,.x..Vw.0./.{..43...+....U....R...P.5.i9.i.5.'..$..#&7Q..\.o....z$..y.$.6.7.......46..+Y...{[G.Q\..X.C.mQ.......G......J.9.+Ay....Tb.6Y..J@....).... .....w..P_.D.}8.......F.K3..;W_..u..cd....|>5h..... ..7.$..~,..;?<i.iz......-....x.K..|......dWx....!.iQ.m.:.NK....;../z..+.+.<..P...)~....w....1.C..6O.....i.AW.}*./4.....,.......h~.f<.[9d..fL...P.....:.wif`........g3..Z..'....0....4m..WC.%....T.r....1.....".P.7..;v..a..'A..L.......&kk'.Pr.........@.u....#?.+... ...%0.h..=6}F*k.f..E..F.g.....U.......m._lEm.H......C...\...5o.c....P...$...>.9...a.....M..bRl.W...?....>.4.V....?i...o.......u....-......Y..9..%6...k@P.(..Wu\.9S...agIK..mf....:}....r..P'.J=..X.W..*.a9.^D3r.X.Y...%.A..n.%t..j......DV:.......7..>..K...6Gx.qYo>r=.K.....lM.....p.F.1b.a.#H.BQ....h...6u5..#.:.I...c.^..L9:...e.`/W.F1.....?.{
                                    C:\Users\user\Desktop\DUUDTUBZFW\GIGIYTFFYT.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.838174007266999
                                    Encrypted:false
                                    SSDEEP:24:8R03PoeA6jsPqC+hBwZecxXkE2B7D55kwJbPxbye1l7AI4EA/NuQH:8R03PK6jCB+XwoT/OwJbPMezEci
                                    MD5:3040EDC8145139C94A4AE013AEE07CCE
                                    SHA1:439442C34051B66C83BBA348E4532A025527E749
                                    SHA-256:DEA45F833EF48CDC9A97CD34F01D44532663FE1D75A91A7528BE282013A19B85
                                    SHA-512:5316A06BC88276F01C090519EB2F37B44D728467CF41FFFFA8A77982AEDFBC35A68126AA3F2B0B97868DF6270BBAC851F16D66EC0B4C9D33F3A3BE5D49B47974
                                    Malicious:false
                                    Preview: .|C={L\.......Q.vr. l2..*.f.,.bp..:..2..:...q;.N*..}..l..W.:.Z&..R..^...Fl..R..:.2i,.Z...i5.?eu...7..\.......y..2.............4..D.......Y.../..w:'h;s...#@.........."......O%..l.q.p.....e.S...^r....8..z.NRY.$...v.I17.:.L....Z.EVb....=J.=...j'}..N...M..0..5../C....~........Zq.!.X....4."...z...\..xt.....)..}......o.1..r...&.+B....+GP....q>.......a>.S.(....E..)1.H..wy..Q.;....=U.{..j.V...1..s..!!Q:V.X..dD'.I. .9s..V..-..|n.".. d.O{............;.F.Q..A$.dG..f..ky.N...R....q.iC,........O..[....F...(.....{?..{.b....V.r....1.2...hO.%j...i%#....._.d th|AM.[.7Q.u..p..<.f..z..OE.........zW.N.OxSf+...?...G.jCN.../;.....%'l....}-.|.8...pF....G.x.S-g...ow-..L?.]H%.G..b...N.6La,.F..kkV.b).!..._.U.h./<E...c.N..It..p.....2.\.....4.....T.y..5M..1.|...WA. 5.p.o.Em.....:.".?X.........>8.@.O2.....1v..(......n.....t!#4....x.........}.../...f.o.K}}.=.....k.....r.H.38+..q..`.l..../..?.8.4}...8..|.O"...w...r?..*.H..Y9..G..R.|..s.}..1.^....A.A..k.5|....bQ%+2{^T.....
                                    C:\Users\user\Desktop\DUUDTUBZFW\ZGGKNSUKOP.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.829757438981962
                                    Encrypted:false
                                    SSDEEP:24:hI0haIGO8k60CR0xIOnDodyWl3Sr/pO3UxHEA/NuQp/rA0:h7hEK6zaxhDodfkCnyzf
                                    MD5:4C4FD99DEFF0B34A17EA299364136444
                                    SHA1:9E9CAA049BD0D866A565996E9A1FC10748DB626F
                                    SHA-256:8AFB980F49C68362914822B6696419B68AD3D9924F1EFA4DC97D07092287FEB6
                                    SHA-512:2699C54632FEDA919D770851CC79FEC107019AA8BFD124E4EA832DE4797ED0FFCF031B906078FC4FA5A4987349D1E4140CCAA7971B4B493E952090775B2B59D8
                                    Malicious:false
                                    Preview: ..{{|w...0r.A.z..+x.O..G.....=|Kc.^N.L...nd,*.4....x.IJ...X....W.d..Z...w.........&Q.O....;..Y1S...;..?.v.....?u.gg]^h)..#8..;..7.Z.0..Uy....d...0..-xm..V..... ..Km.$`m.!..3...py....0........kB.@.k...5....]t E...>!7..J.D.$4.......?}Fgaa9.q....t..x.fm..K...JS..h1.c.."L.28..Q....8._q4..OX....&.B....Y..Vf4...0.8.O...Q.pk|..z....`.............^.^......I.......pi.|.D.e...p|..../&?...k.atB.q.<V@>....W:s.'.).mt...aSZ..UE..~.|.J+.3...]X1......2Gt..RC.......%...A).....T......Y..,ql.`......1..)..N).d..;7.H..#...x0......(K+.U....6g.m<...V.......XY...\Fw.7h0&.9.=+'6....7.......u.....<.h.s...j..^C..?..XU6...-....Y.H{.wu..m..%.....x......R.b....b...a.9V..;.:.-'"....\..m..].xn.}........7m..e).{...J.. dS.8.x)..a1....R..A.H..).....9i$|.M.Kp(nB..m.>%..Qz4.I).&l.T...?.m...@P...&,...8.b..d..hxw.....t....C....?..l.....Q....\.....4b.D....;.}q _..Df.2..d.F.X.........j....}t,..E..P..G!...X...../.......M.S=.,...Ld...I.l..eL.VA?._.&........W...;n.#..nT.......d.x.
                                    C:\Users\user\Desktop\DUUDTUBZFW\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\EIVQSAOTAQ.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.833040707361425
                                    Encrypted:false
                                    SSDEEP:24:CLg7uWhpwgvC7rmazm7wAH8ZUcqs3T3oTIF5kb7PAYclXXBysVdkjakI7EA/NuQ/:CLEumpwjnm7wAuUcqs30TIFQ7Y5XksVT
                                    MD5:CEC12CBBB1BECBE6B683027BAC808AEB
                                    SHA1:D73187FC78B1995E0A568118D69B3F60DF2B353E
                                    SHA-256:543081E7A1F432E216F5754BF604A3915DB073FD8FBAB145ADE6AC38B1827170
                                    SHA-512:84F56586A7E7EADDF4F3AFDB6F2B0BF303C83C85871713AF2815E4709BC636B8D6B9514A65591CB8F74E95DC81C1A549552702B306FB7C8D63CBB324022DCBCE
                                    Malicious:true
                                    Preview: `.(.pVk_..Q....N..{...+..D..ys!..).}../Du...-s@..:..i.|.....\7..+Yp...VnU.6.UZ(8.uK_{......o......9..y.l....).!Ei.....X.nw..}....pVZ....V.t........rr..m+.'.X..yeeF.s.6..-.E....P.L.UqQqD....l..B........'7....GYdN.v($...?.;.d...@Y..gv..H....3.M.....uC.I=......9........CG.S]g&...D.-Fe~..}.m...=..E(.._.^".R.!.n...7...pq.b.}6.:.Nf........{jW..B...=....i.-...h<...T..Q...,J..~..[/...R.A.....c.)..eoz+.%B..0.M.....f.[.e....@.lX=-....K>_.|....b*L.n..'.v.I.ljp...JZ....0...R......1.....a....`J..(....v>7.....h%([AF...p:.7..N..ZXw...]G.)...`.......*.5.:.>*..........K..X..@&FS.~.......JQeB.(,......+,."v...v.kP...3..M.ne..c..P..6.\......8f.ua...dR./...T...g(4..f].,dC.].h..6_/.7.......E|..'e,.A......y..........b7......./....k..B.'.P....|...RS.[G..p.........!I..O`...].2.,..(.:l.u]U.H.96.Tq.....^/#ayV..b}N....O.q,0B5|4./^..`8!..XjD........{..........tT..P..J.....!a....hEBL..c...U{.<Hv}....1.{..4......l..n........3..99..<..b..9@.....I......Ct.sw....W.Z
                                    C:\Users\user\Desktop\EIVQSAOTAQ.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.828600299513526
                                    Encrypted:false
                                    SSDEEP:24:NsICVHVTz0LVgyEqcEFGAM5oTFvpNeow/fWEA/NuQ1K+Xo:NBC3n0BgyKAwoT1qx3YvXo
                                    MD5:9BC0F20B6005528258F3EF9179A9B3F8
                                    SHA1:74B33AB4CD8C7860A3787FECB113844F3B3058A8
                                    SHA-256:654CF697F8834CE3F681675EE9144525F78B98B03CAA436C418162819D5E7516
                                    SHA-512:F70F26BC34B8FACAC6C51A2BB68763F83E91E143B7B62A84CAFDBDF666AFF87F97DDE3A825A92DBEBE588B3DE8008857FFF2276E0A22B969F9F5DE78A4499B90
                                    Malicious:false
                                    Preview: ..5...M..A.L...:...P.B.?h.*....ns<#L.wz..].p..vi..2jADFz.n.b.Sp.M(mi.+j....P...P..[...3E~.G....`.&..9A..x*...........f.O..c.5I...X/8....xk......>!.).3.38v[*V...N....[....:.tq....E.....l..3..S.x.`|........_7......t8......C...Z...:.%s.3e.t&.....k..d..K.!...)..G....;s.jZ.....j...w...Q.$8..pz...=...q.x....C.....!...A.yf...=)..5...\T..Ta.I.(`Q..R.o..`.p........6..Q_.....`.G...g4...y...;.....!;0..Q~.[+s.!UN`.%&...!>.(....X...Mn..............$j....<..L`.k..R.....,."T.$Z<.X?.HS........Q.q..}.......J. RZ..D.6..t.7Z....:6..&I.).C...Q.......).. ?'..I>J..'.J0|..|......:...%.rK...j.9......g...`...`|..."bv..h9...p.(....#'..../r.0........?...p..9...8.......u...J9..)o%"..#..._.O;?.\.;.~..~(....$.{%!......V..h)=<w.,.".t..'....a..5'r....Y..X...4.....q@P.$lK.J=M\E..s.{....d1...f....T....V .g.?q.......X.....R..d|=aZN..`.]....a./YvPa.x.I...^H...Q...m.9kX...b...;..Spm....9.d...]$.H.....r....H.'".S..R..ve..$.h..*....Z....E.I..-/.r.[y_...4..S....w.....0..,.
                                    C:\Users\user\Desktop\EOWRVPQCCS.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.857883847627075
                                    Encrypted:false
                                    SSDEEP:24:hmC28PGhUPbcbYv4brqKbB/yn4SZz/nkjkLaAMmXfu323RkpY+nctn+9EA/NuQiu:hDWU+YQb7dan4SCjkGAMmXfA23Rvz+Oc
                                    MD5:2782D92FC3D2BE8652E601AB001505CC
                                    SHA1:3D758BDACB12F77B2523A196BEA6BC11E3FDBA51
                                    SHA-256:53C0D789FD80EE7541EC25EDF6541940FA36411A5BBCC2E903B55FEDDF0C400B
                                    SHA-512:8CC4FF10818B522CE06F18323EE502D81FAF138D6A54323CF4FF3D51D3733E65C24DF6AAEB9CA9F766B8CD11709790A34AB7C45A940221F8F5D7DDC1BB5E017E
                                    Malicious:false
                                    Preview: .7H..nSn.Z.e..s..+V.p..S.^M.r.3.1..,}1.*.(z...gQ.n...:o..NNq....[..l..8.0 <..7....F.PW.(;.I........J."0....t\.OV.....k....M/ MP.@.N.!....y[.H..I|........_...E.......6............/.^V.R ..B.d3...z+$.I.d..t.?......(....Vz...O..h.{..$.N...>...>.......?T}...WOj.;}....u...~.....N......,.,+o..V/........jr.......Rm..E.XM6....S....V+......X.s...<...~f....$..1.N. -....+..........y.7......)]0....k..g4c.(.)R...P..Y.G.qk...F)f.T....L....s....g.'.k..T...OXL.&..q...l..*...o.3g.......-.#......v..e.d.....5...,UZ?.........?.2;d5..P..Vg..t.......\VS.u.E..._'.&I...1b..P.b.<y..r.;....NOe.*...L............,....r .....&....7.7........1..`..(.." .....2.&...I..m.00.2...%~.c..r[x..).....&...z..!..G.zkDc~..^...+....d.....O..R....C.Tz=...8f|u../S...r.....2..aR.q.g....Iq..Jm.gG.sql.....H~....4.d4.......X$Yu........)..!.....].r.._/ei.O. `..Gw.~C.GX;..L..n...O.,.YR.}`.^..LC.A.a.....$...$R3.[.......O.pJ.....,W&z.s<.2.......#u....6.....z.9.kx..w..?..+m.mcO4..P.`..>
                                    C:\Users\user\Desktop\EOWRVPQCCS.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.846601465983005
                                    Encrypted:false
                                    SSDEEP:24:IZMQdr+kBVFsAzuOn6Yj9/5dK673mi8tpOe0Mi4F3SQgZrEA/NuQqD1:t8r+kBDq/Yj9HKi3v8tpO7IJigbD1
                                    MD5:1E5A2E9D0E4A3C0686A106E5E5F0CB11
                                    SHA1:7D628E065EFCC50AD20B04E354B170390A1CA6E9
                                    SHA-256:BD8D94377C17E75DF9B21D7C9413658E2A62FF27F328C1D894F0C73040239106
                                    SHA-512:4E37C118DB32D8D6FC12B82164410F34FE447C0808E37D971DD1F5FB725BDF65E3DEC5C7943224CCA141817778108E34A9A7E579193D1A566BA715171FA9AFBD
                                    Malicious:false
                                    Preview: $...O...[s$......e...[OA....w..}......-.....3.HP&.W..u.....x...~B.}y.... +iU...~.P.....d2D..cD....B",....V)r].{..#..hn....WF...\*.I]P...".y......m.......at:.RX..(.<.Wz.5.W..do.%-CS/Lq...sT#......`M2......y.........."..$.q..h..]<T.7...f..\='.Y.L.....t....kT?KV.qu9.f...%.{.d....+.....a..6F.(..HFR...lSd....OJ.96.f.pf........J5.G-..-....l.'E..I...k..u1x_>.v~v.q..[pc.M.}.H ;U...o.e...).ZA..+9...U....a?...zZ.lv9.n.8..3.=0..&.m.Q.}_.5B.q+&.67m....(]...?......Syu.N.I.J.H..s2L..?/..+.....&..W?.....Pd..bG.q...=sLid..:............{.&.s.|...7.Ml~...a.w..:ODw...%.......?.q2.+o"..@.~.D&.8.q...M\..].......^..$..Rk....w:T............:.f.|&....s/...D..l5.#.q...6.<C.~.X<E.W.pB...$...?J.:q.e.....qz..W...\..%....|..x0.r.K\X....gs=..3....'.:...1.A..N..).<....t.!...eiR.z9...l..+nH.e:2.I7@......z].$..?.v.....p Y).G..#p.Q..r.}...|.....g]~...j.b/...} g.....PY.S......J.j(.&[.X.Dl.g0.{k..I4......W...(.<.FJ.$..C={\...G2.....~7..w..T].!\?.AmuH....n.Y.3!$e..C2.. %...T6m..
                                    C:\Users\user\Desktop\EOWRVPQCCS\EIVQSAOTAQ.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.831612914233826
                                    Encrypted:false
                                    SSDEEP:24:EkISKbsaxvXxoUV+Q063q818CelwxRcRXtlJccB8aQk4MNkEA/NuQap:EkIS0vxvX7V+QY8+zlIRcRXLhXQkzNJV
                                    MD5:858301ECF94EEAE089B305E20440F825
                                    SHA1:E488A3430C5D1844225DFAFA33F33AB06A09936D
                                    SHA-256:C0F559B281F8953AD276384FBB0C2333862A2E6DA048F59A3B007026D8EF734E
                                    SHA-512:07D166B26830D77B5D78E564DA742C8AF3FFB88F4795761DC23308F11F13EEC4E9C3E8A1AE129FC094EB979ACEAB79D01A22404BB6C0CD5E8F8DB279B6614CE5
                                    Malicious:true
                                    Preview: ....wEB...)'.x..E....V...F...7...m........q..-.}....f....^....?.J.........:.{m.i....<...4b.[#..s.._.8.(.U..".p...e.....5...i^..I.~+1.....Lh..X.\s.x..#.TzvF..=;......^qz.>...Gu.....4... ,..X..E.s...@'...Qh...O..U...*.$..?;fe*/'....z.E...qyP.n.......Re..j.c...tc..K.U..:H..puA..."F."..Ro.j.X.......8MP...x..t>....,e,.Hl...L. ..M.c....{.C.....\..5;..4%5.RTc...?.I...f.Dw6b..w9..H1Wa..i......`...t.6HX.B.z...u.+.2..H........3P..A.+.X..Y...DHt......AA.bzM.s-.!......L...>;.W.i.f/...I2.....C..........l0.4...j....(R.j.....U....'2r..8..1,A..Ay.....o0..Z..z../.x b4\^..'..E9.7f...".3k..WD....f...[l...{.{.).n.#...]....).9...ZCm.B4.S..,.U....;Q..AX....-?..n..{q4.wL....Q..Hq..B-...............kr...?..X.,.h..../l.]S...P..\.o..~*:.q.....-fS.1......Xm\.b..@qf/....?...n....6.]....1=.M...l...`...6.....I...pE\...j..t...Y1rWv.%i.....O..L./..>.w\x.....(\..f...8.}....H;.7U....,K....}t.........`.#.Xu.[..12.[..?.F.(<..DGn7ps>..,`.SF .r.X.II..Y|G....Z..t...
                                    C:\Users\user\Desktop\EOWRVPQCCS\EOWRVPQCCS.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.823042931643237
                                    Encrypted:false
                                    SSDEEP:24:U6Vxfy0l5fD1LNu6gEVXy3T97kIzcrGe/T9f+vD9UBgBEA/NuQx3Zqd:UIfy0l571LQE1yD97kIiGe/TBIo6q
                                    MD5:2741881F49F3727B08A89575A4E5810B
                                    SHA1:2A70C65DCC08FE16E15F843A7A4B8CE6179B8D84
                                    SHA-256:C6EF39472C06E922A0F9E99C6E43BB0A08A08B6F37EE49E33F4B2401D9972CB2
                                    SHA-512:D02F75D0C3E8CEE8F7BE754D90678813CBE2937CB06147C00FE7EF8CAA9BF09DD609B928EA58080EE416912418532833F0C2413C4A7F508E8D894FD68435B004
                                    Malicious:false
                                    Preview: 5Tl.XM......5.../.k6.w.*.85...9Y..=3r.i.....#=......gP.tTEM.j...n....U.d..S......{.{)..7S.=xz0.!_F....k..W3.!....9...&...O.!...r..5.F.L#E.N.VR...2.mR..)..S.....8..$.f..,I.;l.0D,.F'......._I2.;.Xj.4^...^.......a=....:...?.KM.n..k}.._.....v.fXf...e kj"6.A,.....h.GOt.i....qy.t.....X..9..~..|...4.......t.;.$.`..OS...'.D...-.{]....N.7.4.U...:.X.ft...7.h..../?Hb....7.....G.@........P>.....y..L....../zm...!~..2.d...G..V........N.j.Q..t.2.V>/b.-.....K...'.,l.q.A.....Z.ON.>.....)..-.<..".&...t.....1..yX...N}....29...E..7.7....o..I.d.7..#.'~7..V.P?t.|...%....>....6[..:..H.KX.r....7<R....Ja.,<A.......a..Y.....].......!.....k..c....#Z.6@.T.w.6b.R.a...}H.aG.Z.m....A.........Ku..*...a.}_XK.......w.....N....+,.eq.I)vJ6...32.m#..]...r}r..L...=E....r6.KwPW...R...|.M.....[.W.m\PFh...Z...v...[........F'..R..i]...q...P...c...O..Ie...T.h..&......J.q....7q.....T...<....]..q..#....</-.@...G#......u....d..h....m.6..5..r0.[GI..pQ.q.W..(...M4...X.=._.:.b2O.tH..
                                    C:\Users\user\Desktop\EOWRVPQCCS\GIGIYTFFYT.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.862964148724951
                                    Encrypted:false
                                    SSDEEP:24:dBwqIg8KEodMeULXe+2e6f4qAE3L14EIAcK0uQZ4mvuEA/NuQE/q:dpIg8no8LXtJqAYlVEuc4mf7/q
                                    MD5:EB03EEA1E8E4A4D414F0A5D31D550D3D
                                    SHA1:41C91D3CA3069DA4BC16EE43D7DAF9F7DEFFD407
                                    SHA-256:28E413F8E23AE716BE4AD420106312FA0A9EB0E704BCC2D82E155ED40F8556B5
                                    SHA-512:FA0C21834186E4AC6E38885D7D4CA46E0D565C614C7B8171FA4C11343C0C9047EA43FFA086F34DA1036CE1FC053DCBD46471A92C4A706AB688A51AD611C8F24D
                                    Malicious:false
                                    Preview: ...-#.:[.>#...<..l.V&.....#r.\.....T..Zm!.....F.5..'..i.H.2X.....x..i...x..-....h..-|.vy.0 ../V.(.!..B.!!Q........I.....E.q.........6......a......;....ie.r....0!...*..H.s..sJt...B.{..Y....I.-..3.%=...,...._3.....;Q6.cO.Oumd.~...... d..X.......?$.y..96../.....f....Hk.l..jk.......:.{..A..O.....&1~#.<w7..[.&`!jO7k....6.....3....-y.e..[......r..0.dE.Bx....\r.y...z...#..v1.q...$.).y.....u`$..#..B...#9.E\.W.........Wt...C.V=d2rlMb2(..........f..zD.z.....o...P.,.%.......z.Eg..CZH....l...C.C.....& .k...l....#.X.\R.Na...M..S......W.C...s jO.T.O)8...S.i...v..&nC..u...2D.b]* ..C..6...t...1..........3&X...._...C..z.@....G!./vmH....)..Wm.......l...-.5.?..ME.6.z........7.ahN.f.c..h....O2........V....x.-+.bGI.dkJ.eD..%O.H..M.Oo6...A\..;T.'{......ipy5.....\.w.Z/..4.$&.|9].Zj..$...c.{|i.}L.zK.n(......i[.I...(...G....-.k.....@...y......<.......N._..e.A....R.Y...\...8....#y...0.....m.$..{....I.M.[.....I.aP.<&.B.........ND....B..,B&=..*@W.h....mv.M,.
                                    C:\Users\user\Desktop\EOWRVPQCCS\QCOILOQIKC.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.838657414894711
                                    Encrypted:false
                                    SSDEEP:24:4vffB4u85ppwlr4FkQ12U1pYEMZ2kCshRFHrnTDEA/NuQo:4vnB4xE8Fk42U1pIZ17FfIB
                                    MD5:66208DF589B9F443E0EA7879F32C70D9
                                    SHA1:B54DFB864D692464554B63C534977511759EFA2B
                                    SHA-256:D6E2DA735FB15111B8D0A56CD50107CEC4F0B2ACA46F64EF462A833CFD4BED8E
                                    SHA-512:B53FD19297DB8A822BEA7E2913B0A29368FD8B5705B2AC0D0E762953CEC71EC2DD66FB5789730E1BB27CFE8E8CEEF2836402F0ED01E2072722893D5B9A7AEFE6
                                    Malicious:false
                                    Preview: ....q..tk....MxefV..k.\>..q..EH.....4.~Yr...i1..Du!W.\'..?......p.^..M.;.......PS.Q..t..b..z.cz....C...M..!a.....>.8Q.F.(...e...........b..ph..-..e. ..f..(b...+j.....n....].s[.d..c.6.V....~p..n...{.....F,n...!.......^..xW..WH4Ul..9..;.<=yR.!W:&.Yb....9x.e.4PQ. &....u......b.'.....5.Fq........M.xS..`..3...5a..j@)W.u.......:...A.......c...x.8.....X..0.....vm.".T..O.(.jZ.)k8..4@y.(...k..yn....95..4..U...e...n<..mK.s\..j....p..an.r.y5......1^.A.O...........40....}..DA.5..`.....>.....+.......X.V7...BU.GP...U.W.."X.....8)..x...W.....R.7../'./P*H.M..9..8I..V.f.!......)n.}...=.g....M0.O.H+...Q...i..i.)*0..`..k.FsF.Sd..)..b...E...T..2..vF2o..-............QYj..p...].i.V6..E..]|.iAF..r.H.~.z':...t.'7.n....R.|........rU.....6....w....:.^....C..+O..@..E....m.[..I.i.......ZE...R..NN..K.......)+H........,.r.D...v..&f]v...G@.B&.EjP.n.a..J-.).E...7....../.q. .4ARV....N...._G...&I....8DQts.- ...l.(..K.s..Y.n.r^.sn..&..T20kM .u.E...%|R<....y.....p...
                                    C:\Users\user\Desktop\EOWRVPQCCS\TQDFJHPUIU.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.836994420787642
                                    Encrypted:false
                                    SSDEEP:24:xUB9V8b6bIAZe1OIXn1tQJP3Mhe9IEqYc5ysu+r6xixA9EA/NuQYNR:x89VfbIApGYF3MhNysxOxxOh
                                    MD5:4033E172DA4821668BC215D9A8B2B0C1
                                    SHA1:6CBAB23EEABF3B915917A2B1C2DFE1C5B2FF6329
                                    SHA-256:77DC7DEC25BE9EC775E6F43D283C7DF4F8F9F451FE4149E7C0CB62161C16CDC5
                                    SHA-512:70D5E4E4F2719A32C1801F6778CF7F7DF7001A23106A9D461FCF1979D01C0D0C63262F13DBC772BA9C56E1B82DD8DFFB7C65D717CBAAB6BDB0320A2E2CCA50EB
                                    Malicious:false
                                    Preview: }.'......E..)......~...........-).?.*.-j...m`>`..:.A...]..(..O....@.........a.1..=.&E..!..T<.v7........u.PM.R..b{R....gbW.&K...?.....8g.Y.*..........f^.Id..C...!..P._j....l.NCk.A.9 .{Y.?. ...y......B.6..b....*;.6.NLmc.6.w.v.....b..nnCy..~_.Z.3z].x.r.k.p.-...o.7........Y...8.{.s.N..|1.(.T2.e.rK{?.......~.UJ.b5.+Q...*Z.d=hV..-..k[|..[....;.&(+>.-.Dl.hi..%.R9..M..Nx<....}&.a.[...d..HDi.'<&....\s.;5j....b..........6..=..k.[...6..9...h......w.B...'m..)z-eYs.#Q...1U.....5V.>..:.8..j[5.....do..t..)X....@'[h.......n...u.wT..!@....%.$..9X.....m..!s.}..A!.+.y.=.T.kl./....ff..5P.2.....I3..Q'.n...K.!.....T..B.....H)..B.....B..-_...<..h..n.X...%b.2dty..m.,..!....`..%.a`........xTb].8b.ZC...g.9..l...@......#...K.Mqi....U....1.>.~B..2..,..F..O...\...m....J..H.a......N....u:...M?..../.g...(.w....Si..C....{.M.T.#....c._..w.*.....H.R..%.~.>.{..E......>...q.Y.PZ3.xF..u.x1..Y[.!.r.....C...~.0.?..3.......)........j.d.V. ..*0k.y.X..qQ.U.,\.;f...4.?;D..H.wW..|..
                                    C:\Users\user\Desktop\EOWRVPQCCS\ZIPXYXWIOY.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.837425224847928
                                    Encrypted:false
                                    SSDEEP:24:ng2Pt0iCFZH7WaGCDW5h3Mh4/4XS4UkFrCf5yDSZLMbXlrZHLEA/NuQrU9:dJCDH7WaGCi5NMh4/4Xxb7aYzHAt
                                    MD5:04831C5EF40EACE5071C0855B5EA9AFF
                                    SHA1:23A3832E058640B780399186304D1222773CB983
                                    SHA-256:449C29CFC2EEEE8D267693D26CEE4AFCF743AE1C81C1F38F096AF87760C1850C
                                    SHA-512:74D5097361679F6827A00218C448A9B4EE1F42E3776A4EBD3A54305FF7C4122CFCB0B8C668EF7497157177613CACAFF5042A46196A2943DBC1A5CFD4878C1A14
                                    Malicious:false
                                    Preview: k..=#.Y..%........:..MDy.r?.u.W'...KT....S....."j.... ...F..."T.1^......h...7%.P..-.j.v.qf$...!.M.W...../3(..s.b..>R..".H..U.qVB4>.I>..g.../....t.H..7..:\'..Z..1.....v..wy.V..E3....g.B........X..i".W.Ro.KI!".~.....4....i.e...j..'...5..!(....'|.......9....<.2fE......}@DJ7Q(:h.\.8.8.Y.....G.f/....pM..g+u.*.......>..U...}.\...B5H...$.#|......A.D....C||4y.._\.o..........R:l...x...E>.q.{....;..t..ABZ.a@_..E...T.d.....'.....R.1;..o@..\.l@i..L.x...A:.}.U..od.i...x./O...CU...38.'.+..Ct..{O....... }4...k.T.*%.s.!..b.4..z..(E..!8@..7y.8{./.5.......R....zT.w9.L.kx.....h.Nl..kK.p..Q.....55pUDKe...k.mP......WA..]...l:.....?.D.='+T.W2B....B....}....8.j+.IB `2(..1:B.@.+.Vc.tA.\.q.Rih..'....k....z.4.h.0..1x......0...[1*_...^.q7...%........kh...'..fO8>.c..g..y...Oy...Mf..."3.gP.t..K...6..~N.x...p...~..6..%...5E.8E,!..O.]9n.<...F=...q...P..Y.k..[...,..a.Qn.PQF.aY...?.....g....T....W.K.`.8s.pN....t..I!.k2...C..-..a..jWt.....Ql.M.....y.T.....=HC.z.x..v.%f.<d..;....B.
                                    C:\Users\user\Desktop\EOWRVPQCCS\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\EWZCVGNOWT.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.843000818004814
                                    Encrypted:false
                                    SSDEEP:24:XB4JcG0rFtIjCgtR/NRrY9EZp69L7ryJtGhxEA/NuQF:x9GStIjCwzrYCcetGg8
                                    MD5:A776CA114FCD69A574BAD1DD7062618D
                                    SHA1:1D909F897DF1AA05BDF63C490E20C7BC2911064D
                                    SHA-256:4B9B873677F625470632DCD8C7E03678BBF0238A98C05C8F7B13B191D16EE626
                                    SHA-512:1E6BC0CB687E9A2CD84A11F706F2CF146CA77EF33549A28872B80D7D79CE86AD8FB69AB0857FE34CD01593075666F801A810ECA046ACBE9B148BD3267096162B
                                    Malicious:false
                                    Preview: G.4..@.\.T...S........b(vM=U....(....].[......l..k#e...E*....X7~.82iI.=l.....&+.-..c.H;...0.<.....3g......nnl.^a9...3,.b.)..M....O.....(:...c^K.IG.L.........7.....]..k...)...=..J.M...m.3.....j..jA..@.......r.../.A...i#ce0..a...EA.4z....f.&..5.F....T......y.>.u=/rT...9\>.R;..R.?.w.f..VnLVK<.k^........"..;5....z~t.. .......X/.}iZ.b.!..]......g2Xu...cG.`f.e..}....-..Z...}....M...;.`1.....l...:..!..AS......~ \.mi..$Yb..?1V...R...K....~.K+..-.3j.l=...`T.VS;..G5.2.O3...&)GZ.!..\.....R.%#7.&...*Y.Z....8d..V..v.:U~.Z.q.AKd..Ur.b.W...........9 ......}.....Z.N.-D..0L......x.O..e;A .6....Iq..I.......-c|.l.[.....`..J...e-.G...R...I...S.NKF}...!.8....y./E.br..nV..i..F.......1.5.K...K......>y.wp7c.O......tL6..$..m....4]........f.>...D..~..F..oX..<.D............s.......|.V<2.X.3......Q........^g...I."....q.pX.m.....xP...J.,=R..$k.`.H..?.b.R.._]..N-.F.sq.>2......b../J.....}`.@:..`.N.[DF!v#.i..J..%]..-...|7.g.... 5Q..7.....V2.NQu?.y.D..M.E.j.....ry.
                                    C:\Users\user\Desktop\GIGIYTFFYT.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.814812293160431
                                    Encrypted:false
                                    SSDEEP:24:CyxczreGFTckUmi8ZTZwCeL3WtRZT8Syh89LQlHg9z7AoLmDBt9MEA/NuQnIZKFE:DxaKqckBZFOyz18S+vRgW/DxhzZKFCT
                                    MD5:0BE0C77DB3E38E17F417F71896C770B5
                                    SHA1:EEA346393FFE86D2B51C823E46F5894DE90C02CF
                                    SHA-256:3F692F9C6B65CBE3D5B3A5FEE36EE6E8552C5311EF866C01EDCEA9FE12246B66
                                    SHA-512:6751ADCA469F8D3198BF8136EDCCF17296DC9E61B1A4FF502B743E529F1493E114E4C7E1B74FA8BA8E72992161019D085F1C1EF3E149D2C9CED99F72341E3F79
                                    Malicious:false
                                    Preview: 9.....{..d.....I.....D.\.....z..g.m..j.n..B{..]\B"j.|..^.*wb`..%..5:q......x.Kx..k........>.g.`e\......;........G.kD. ...q.E.".Z......9..e......6Q.'.L....HCx....</.J........P&.=.A.b...W.$e....GNFM.Nr.4.~I.*o..*F.b./..I6....J...i..4hI.'.t....W...\G......L.p.7.../h..9i....p...O.M..(.....1Nf.......&.V.L(.{.;......D.2.Z6...)...?.?k6.z..AG...PHV...YX.?.g3.......6.{.F?X'.l.#..Rv_..;.......9...3B(..&.%C.FM.*.U....f............n..".HD..x.Sn.#3.sqm.`.X[p.#qv. t.t........O.......-#.....V.:..&...."t_..R.|rC..Y...4.nPz..(..~..9H.N..*g.....%.M;L.g.<.q.o.p.G..(.t.>]..({7,.M..t<....m. D.#.Z.....b..{.....?.w<..%N..*}.8.C..W... ..Z....K4..v2....R.......9..%........0 ....rD....!n...!....'.G..9....w...}.y@.D-..p..tC.|.O/54..G..6|..0...*Y.fUk......3!....b.}.R.......;cl....A..r.n..i..P...l..;].xg*..;.j#...4..k..{.....f4H>..K.%...h..fNFR....[..N./Ju.m..n..M....a#.1..Et...?..j..m.._.tQ~..."\.2sM. .3e...u....D....R.4[.....0..-.3le......ut..)Q.G.X.
                                    C:\Users\user\Desktop\GIGIYTFFYT.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:DOS executable (COM, 0x8C-variant)
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.852409161259228
                                    Encrypted:false
                                    SSDEEP:24:2u8JJb6Vphsl39saZ/r7VJ/iTJ8FMopA7OR/sJ+uCBVQt10EA/NuQHTC:B8XrtJ/r7f/iTJ8Xl2+74RmC
                                    MD5:04B2521F9AED76FFF532B4ED0EBD8606
                                    SHA1:12099C2DB57CCBD7CA9CF310E7C46F041FCFC4D8
                                    SHA-256:B44A1C1FFBB2B99F167E4BAB4AA7346E175B980D5F8BFB99E13754436290FF65
                                    SHA-512:3569ED1A72FF76A346AB72C4DEF29B30301880526F904AA973D4D1BB2BAF5FE2E0A12F881F5D3ED2C4922987ABA8330BAEF8806AEE75C798769058C9C48FDDC3
                                    Malicious:false
                                    Preview: ..l>s!4.......s..?...G...Y.U.5.{......x./...z..J.f...%U8.n.1...r.:U.UeH\P.%..J4..q.}."h.9.*....C!..wI...7...f...>8...._..S%..(G..bt..w.."....+c........8..-...K.v....1&.W..o..".M...t.~......l....F.B..H.<.....#.....C...w8.3..h...B......9.S...$k.B.N....#1._:...}(..............d~.....i|t.:.=...}o.v.m....p.ruTpw.L'<...,....s]./....9.Crg.a6.....`.7 ... q..W..0\`.f.0..&.....'..,.4.5a.J.)B.......`....,.W-..../23.T..s.1.7...Xj.|D....s...u......u6o.l..).......t[.":|.f..T...$wl\.bw...<..\.L...&.smM/v.1.......1.....x.<..N..}....tYw..O}.0....AC..f.....Mh&:A..Z=.4...L.`2......Y..@QE|..p........4.......=1J.-t...=..$...<.Z...w.......3.=3Kb;-5|.\Y..j.........Z.S...$4I.\..v....e....Y.%%P6C.......IR...j..)QDOU6....(...r..}O.2.".'IAY..Fbp.9$..l..p...!G."n}<..Q^M.2h...vW..$..GD.f9...Jhkj....lr..\'.[2.^.v_..V.T. .......[(..-...AM..M..eT.....BwAg...._4..s,..a.....;Z-#....n3>,F..m M:...w<..u=.i..!r..+b^.)..K...CK.....%H..b...&.....c.A..m+...e4.C:..
                                    C:\Users\user\Desktop\GIGIYTFFYT.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.83475432689267
                                    Encrypted:false
                                    SSDEEP:24:JneVwonvlpvbB7IqhG/FU/VSsDyvfqx2EA/NuQErk:0V5lpzB7VhGGhDHzw
                                    MD5:DF22500DCE19DF0E93211F8677035B15
                                    SHA1:47CC4C524C69785C7E2DCBD1C2E1B551626D5694
                                    SHA-256:34336B60697C218B94F8ED50EAD549D98C00F98BF2DB5B36779447DC886143B1
                                    SHA-512:E2F2FE1F2FC1DD6380960793AC7DBDA02C771776BD759838D6DA6EAD762DB66A6C92046C9CF5DFD7617C580E7B76092556931CF78A4D84EB63EDFFC3C7CDCADD
                                    Malicious:false
                                    Preview: z....F...<.b.9..(..TR.F....K....yl..r'YfcAm.v...!.SC..B.FB.a~F!..?..8.4N"...<.C..4Y.........X.kp.......'.......s..P..H.....Y....M...R.$...m?.n....9?;.....X...E,"]-5......l.B.......?..%Q...xiY.Fs..!6.@.....o...o.N....{*.n........a......G<.YW..Lu(.....s..W.oaY[N.....=....\h\.fO|../....^(../K.x!.?.Z.H~Z.6.O...?....?.G~.`.k.#n'5e......j>xEbs..r.........(...z:..,qzm%S..R....u..M..2\...g....IZ.'...S...@#...}...gj.w!~..W.f.$.........W..B2o...9..Y.....o^m...-...)|nz..Qk.....(,.R.D.H{......#...%...7.~.z.9jT.g8.zp....H....V.,g.a....&...+_ ...Z...h.....X...%#..E..FH0)..p.~C0..*...ZJL.t:MO..d=......x..~..*^..T..U.e"gR,>*.]wz....O.[>.}.....Z3.."..y..7...<.-B...X..h..A..V..Z.C.........g.j3}.?M..@.b..E.Sp.*J....?...F.]....M..3&m.....2..}.....t..".....?...Qlm!..4...0..7.{...aV.tj..........V.^.p:Y.......^....8B.JC..'..#..%....$.*.u..<...=(z]B......NI...cH.....I...Kb...P.$.#....Ko....Dx+.e-...eV...mY......XK._}.+c..#.......i...............Gy...*
                                    C:\Users\user\Desktop\GLTYDMDUST.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.8400515610889805
                                    Encrypted:false
                                    SSDEEP:24:dt/EXCvG/XN1dSQ/+guk7vBb69DyWyHMxj3EA/NuQwYVNOx:jEXC+/X6guoZeDynHMpUlYnOx
                                    MD5:6804EF495AAA97F529DD32941D763CF0
                                    SHA1:CA7E23981398C180A6F53E70A7FA12D6E42567E1
                                    SHA-256:5CBC786AC95E4788026E43A701EC1E2F9D863B6895FFD76F197961383F08FD7D
                                    SHA-512:56A6CD718A580BC9B79CC2C6182DCB7461D0420DEFCC5608169E7201B6C75290AF90FD055A2197DAF06F563CFC22566785CE841F56C50C86E823E6108504F207
                                    Malicious:false
                                    Preview: gtY.RHV...v.}<.R.T.)1..f.............$N.?J!I.^&...sBmC..r.}.m...m.5..7h\....pe..Fr).+r..nAS..X.W.K.6..>(.m..sM)~...I.+.2..z..Y.3...R.....<.."...[.z..K.(g.E.B........+..._.........K...R%.cc4.U..q........6.8V`,.8P .p8ey..9Pl.5l.n`...b....vY.7.(.Y....%b.H.i....LL..1..Z1...9.&6Ou.{5....3'.3.'\.+.....8......J..O*..L..A....Z2...nZ......../\.....om....o;m]Q...k.j*K......;.....b~..j.YW0P.\....g.b.Y....C.3...2.b...D.Oemlx..D.;..X.H...3....].'..V.`.&m.s.$.g.*....H..{... ......h.$.k...NF&..3....@,...._.Q..{n.F..QG.x..X....A-I...\.D...[.&.=..v.^`.ES.....6B..G.......C.s.$...U..Y..Uh.l'...zu.+."r$7Q5.k...|/5....:8<.X.C...JU..`f.Dq. t,....oj,..T..H.%......A.<......z..'g`....rv.n..lr..K.0.......s.3.Q.w.P..1..gI....P.r...ZF.[...)..(4^..O..Ype.I{...S.[...#0.t.+.8'...E..e...6....n[\bh..B..d.5.....FS..$..-D........!.!;...)Mn../_4.Qdh6....U.\..l}.5..t.cvD.....%....e=.V{f.. ,^.X"q.9... .pU.....b......7.V...L....`....4.........?,?9.....L.s.Mv.{.[..Xa....T.g..
                                    C:\Users\user\Desktop\JDDHMPCDUJ.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.8468988823952355
                                    Encrypted:false
                                    SSDEEP:24:3U9DardSnb16y3biYqJPmUfeAfZFJEA/NuQn:36DarybV+YEuQxFiS
                                    MD5:02E47E12BA85D3B90ED94942A16C8799
                                    SHA1:8F5E138A97897A089C286F5E904EB338B2B6631A
                                    SHA-256:BE4E0E83FAD4536516BFD2EA960610BD19BDAD74CA543EB5135D8DC6B234270F
                                    SHA-512:7CBAEFC1AE7C2EEC7618B23483E18CC2D5F91D0CA7218FB59B6378B67C3BC0F957E08085B7CFA8991C9C7935419920506FFAF4CDC2366B4E97006AB695E85E8F
                                    Malicious:false
                                    Preview: ...v.,E.dER=.x+y[.....)x..*... .Q.[_.j.....zBd...J.3;..O......_..>......}.....X..RP&.T&=m.H..].:2.h]..K.......(+.<.-..y. .bX...gw-.\.zP..[...a[-3....e<..s........(\...|...:.< k...3.@.a....'~i...s.1. ..^.{].....6rf........{.:%H...[.[.Q..)..`.~..c.J].7y..>.Y5..5...@l`1U.!..0L{b...X(.W..e.M..$..........Bw.\....{...^.N.t.}Zg..^..m.].o|.T=..m.i.....d.....uB.s..er..?..=....i=.\.H..1X....2..8 .iL.$..V.!......1Su..h...n.J.+./.".G..ryi.bZ1..`_... ..e.......7...Z.1u.lOz.<...)..6~..*..z.....-.h2.S....+L.S#.$..c....)eGb.5.M..OW.tZ...,.....N...w..."..WRi...g...t.N4L.5..F.D....'.%.4`...A.....q.kG..t.._.......3..k..k.,.Ve.#9..'o.U=.Iq..J....,.T....ke.m3...I.....!..W..p=.Z....."bi...z..O}.....c...hA.iw.;..yQ....=.p.j......."...p9...)z...8...Y.??$\%..jm#/..#.....>.R)cpF...A.F3.0...!. .y.>..."/`...R....:KB?..*.....2.g.LW...l..h.xM...(V..=.i.R.....#...s...o.....t8.(..Q...Fr..W..q.2.?.xs.....5.....>.P$3t.0*.......^..*.T...`...{K....F.;x$....h.gMO.11..T$.4....@
                                    C:\Users\user\Desktop\KLIZUSIQEN\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\LIJDSFKJZG.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.839369458782459
                                    Encrypted:false
                                    SSDEEP:24:nZLoSUDdPkKpms2kQ0Vvyv/e+w3PHZ8xW7eizK1KeoEA/NuQqolJE:nJjUDdPk8msmGnf5m1oK15luw
                                    MD5:83750F87F88BA37AA100DECADB6502BF
                                    SHA1:B0E3F1E5144798347455E4C715ED8E88DB4C8E01
                                    SHA-256:E33088DD6167420FA502721C04CC63D2B7C33F253ECF6BF85C587A808A0ED3A7
                                    SHA-512:485A97A7DAA79A85AFA08D4E3E60059A543261F89E28A8BD1462FC8B0E8D01A20C5F27C9FABA97103140298E391390943A7DB28538DD5EFAC1A8B7AD4DBF2B24
                                    Malicious:false
                                    Preview: w/....N.xw)...+...#...k....=.N8......@B...G...o.<...=........8.....+_....E..0.x..x.z2j.k%.Pw..uA..gN9.E.V..r?...!E..N$......3..%.~u+.[>..%7.| ....."\.%......r.i.rQ\.6fO.4=.%..B.....E..jI..G3..5.......w..Y.|..;....Y.....-..|...{....K.[.l.9....=C*s...i..>]S.0?...](../(..6=..].3...\.Ixk...iux..W\.#.).wf(.E...X.Z...4....G...c..3:.p..Us.T.c.z..k*PW..y..8.w.........E..;.....yf..N...t.Q..P.~.Z..ou.....M...;.s=U.9T).....z..*.F/R.........n.~E.A1GS'..........u.Pf....f...D.c. .l`...[..z%...).a...*.5...&VGP...GF.d5]..A..Q......`r._2..zo-..%j.n.4q....&.X"....#.....v).Q.\...........:...]'7.X..M..L...-].}..........|J..Y...Vc.a@u.ruD..J..t..u3.........e2..-....0D.a.2.P..dK...zE.H...I.......>.y.%..._.W.7.K...Y.....w.A.....EvG=_2.I....Pa....iu..b2....y...a.............D5.....\k.....t*.c...5,p..O.v'X{.l.|s.'...U....eN+.GG.ucy..t.....L...FL..aO.n.b.Fp}.1.........P...fJ.R!..(t.[..3D....J..:v..Z.....6....U..YC.J].|.a.W.8..6oA*.k.
                                    C:\Users\user\Desktop\QCOILOQIKC.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.853355930413128
                                    Encrypted:false
                                    SSDEEP:24:j59oxSJmST/do4NmAGoZKlDVAQ7d3NS6ip9EvhaJEA/NuQG3n:FB/ZbNmAGYKlX04Pv
                                    MD5:C8A7DD4323ECAAE1CC191A13FB6CBCF5
                                    SHA1:B5B6FE11CA17231DC4C15862E456C97E2F570A95
                                    SHA-256:6B122A5B1331F513A3BC2CD7F4B934C1277C32451A0F5D38C329FD32A365C4B9
                                    SHA-512:962ED8240E9FE8231FF5BF16CBF7461071A7395CA8DBDD54BF4ACF4D8B1F31B66E6E9F576120877322F0EDD0E1F47D7132895D32C659FDE716055836D8670685
                                    Malicious:false
                                    Preview: e.....9...-..x.K.T.=W....Q._ji.W..1*S..FB"g3Wj..:..^..{.@,..=V..}.j}.2*.....]7...c ...=.'..x..Z+.J......|...A..%4a.I9.DN.CT.....U......H.2.....@.hG..UbvQ.................|.k.[.?..z.G.}.e8.x.....]9..0..K...D....ji.:g..f.!....y........)p......W..6^K.~.c.U..v&.-.."..y.`Q....r\n.......B..u.....s........d.P.y.K].....@..i!.W........My...c..V...oP.."6g....p2.B..x...T..~..z.....+sv.A.b.a...:..xm\{.c._....&...........n.../>..&c.|...._f..<.2;....>.....LS.L...Pq.H.H8../`.`e5..:...e.S...~....(Ujr...3..7.Dk....D!.@.V......w$........8...R..~.....7.m..E...t`g.@\I/.@.r....k..l.....%.H...^...2...<.........?....Q....^..B.5.<.!i78..K.Q.....&.!{.W.......>h.7\.8..a.8..y^P....-pBJV).A...XA..&.N>!....1.yM...0>F..*..l.....k..F.+..5.X...c.wh2.]..(B@U.q.......\y>.j.....cr]...s....Y/6r.^..3....}..".....CN......W.j..;Tr......i.=..'.....c...>..-a..k@..4.bQ..,K3..y.~..c.Y.$....ytn%.5.&q.n....#..J.@q.(bt...oR.S#.a.Y...z.A..B.Re..`.r5...[.~4[....by.`....v:k[...+..=.7./..W.@9.s
                                    C:\Users\user\Desktop\SNIPGPPREP\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\TQDFJHPUIU.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.835394422412222
                                    Encrypted:false
                                    SSDEEP:24:lEJzEQAd6FygKnTouX3ZkBHxluArIfvj/kACoZONlEA/NuQvrMPsf:6JzERwXgTjoxluVHzkACeErMEf
                                    MD5:77E33E01CFC6F7137FA63BFF66A35F09
                                    SHA1:759F4CACEDE47883B4C78402B9C803A25C716172
                                    SHA-256:DF24B9B87ED4C71EA9C6ECB12FAEAB29B36A3B951D8E7FDC12C399510269B370
                                    SHA-512:008F43A2DDF45AFB08185B43815470C8A06C798F97FDB78A6543FF865608986D750D238D8BFB400121F7E790597B87D8A007C64620B17AE189A2802AF0A99193
                                    Malicious:true
                                    Preview: T.2...;..&.w..-....c..........t....... .p<.<.2$DO.t..g..pFkr...w..M...g.......5...;..c....GP...y....wq;.0..g.C..=...(......[..1@XCH....'_...\D.j...6}..k.......X......J'a.....e*I...P.].[.R..4H...!....jzS.5).E1I...hWj.[..iO.......Mp.z=z...Z4........'A[x.Rh!....+.G..v..}:(..gC..^....p....3$.%Y.....f.kQ,._km..HA@.a...o.U..k.t..w.{...N.Cg..N..t.w...*W..d.l..f6.A&.!.o.$go{....4...=.`...J...I$..0E..<....p8oi8.xL*..`..4..b=`..........)jfn.4P{...k.....pFxc."N..'!..%..H....!./y..]...SjJ]......23.L.t,..X..q$Y.=...*....Y..........Z..A.N..X.^...eo..,....T.k.!0...T..Q.(...L..9..H.3.%.(K5.w....P...)5. .5Q..PO..b...c....`.1......aP.p.:+....".H...*....W.m....l.VG2$G...F....X..h.....2..,.u......0...'+sM.2....^..\..5Y.....L.......u!..h.4~...7x............#6O.!..0...P^..5.}...|.|Q. .6.W..("z5...kCy..}....._af..Z..n.S.M;1..aU.h...s.X.O&.[i..j.......v..>\.'.c.%....X{.PkYK..|&_e....!.j2.3.......+...=....j%.......b...._&p.....@9E.4Q..O........ZE).Y.f...
                                    C:\Users\user\Desktop\TQDFJHPUIU\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\UNKRLCVOHV\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\VWDFPKGDUF\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\ZGGKNSUKOP.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.854911443556328
                                    Encrypted:false
                                    SSDEEP:24:f6TABxe5DQybjVQKVASkSv3dQoFROwO5/X9ZbbSZUTEA/NuQC9qU:f6TWxe5sbpC3dnnZGHWD9qU
                                    MD5:5D498860374C8887279D6AA034869BB0
                                    SHA1:62A468D664762363433CE5BAB340A6E81173D7A0
                                    SHA-256:DEA7275D5C943E0739E518C1082705468402145C31E731DD2CFD35E437235542
                                    SHA-512:38E9229F425FBF456D146BB55E693E351AD8C0D68C1BC1F7D82435F7C8E3237BD0D42971C7D5C326DCCBAB67FA1A42EC18ED1C9FD2FA2982D2115185698C82E6
                                    Malicious:false
                                    Preview: ..L.$.RR..d0.s.....z..!H...i.,.a].a .....oS...8..3.+..^p1%...M'=>Z.y..>..B..G.....e)?....;..E.W.e...g..!....@A4.u@jT5.!k].OO...{.....aO.....x...l..k.Gp.x..........J.3r.....F.bfe^..n....?LM._....d.D..O....#..../mY<.#.............*../.n..8Xh...k.Tl......Z...%...._.Dn....f1K...`.rH^adj.3\.#....z...(....g.....X>I:k;.U!..8.....k.Lh.C>....w./...0..q....pY_y.+;..F..~.$.,<o.kl/(......s.NoG..!%|"mI).z...}........C...@....=Gs.kR.A..k.E@...V..^.[......6..+.yO.Y.*1..a..Y.5..VB..j...b..a>%....c..+.....+.Y.L.E.I....L.Ko...=..gA....B..g.......M.'.i8.k.h..f&).B...<9.i...+Y..H..=9....z.y.F...,...=f.@..;l.1..v..$....:....C..].CK........a.L..w..y.pA4..Q..N..I3[......a...h.....J.}SdV..V!.dV.9....'UW.>...6...P?.L...&...b7.N...4.x+...b..e..,+.r.[......$...@L.w./.[Wn.."...Tiy.[e.0.u....87..}...U....W.toZ...w.F...J...k.S..8q...........?75.ae_>x..h..>.7.h.k...]i.D.....P....B`Kv..b....:xO2.1..f,.:..'=..).!....h?.c].gK...q.....Jm.o..3.Z...t9...,...,N':.<.....E."..%..E.U
                                    C:\Users\user\Desktop\ZGGKNSUKOP.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.852174179857096
                                    Encrypted:false
                                    SSDEEP:24:gj1RG87GkycMu5wmM/PkJWx6CX34RsJ75E65FA659SEA/NuQWBSr:gEky5u5wZPeWxj4RGmgt59DlSr
                                    MD5:0C53B8A8FBA237BD47C72CD63E948EAB
                                    SHA1:CDFEF243CD793D9679972E63933958871BC72A57
                                    SHA-256:5A3FCFEFC4841F5DA6CF303FFB6D6DE4CD46C36AADF148577352CE3F496AE89F
                                    SHA-512:CFE51DF562E2BC5CE625EEFBDA4C7D2CED4F8D0C7C76FC1B74B5D310F76FEF8BAE42DEFD5AAFE434D3D6BEDD2F7E50A5B1935981D14B99E9AA4134EED08A0244
                                    Malicious:false
                                    Preview: f"..u.........H2fD.T.mg..6..$ikj(E....i.Y.r..N./C...~Q.b@.7..>...`...xv.\...F.xm.3.8..|5......"..#Rw..O"9....C..{`8.r.C....j....i......=.....Q..vCP.ib.fu|..A..2L.+..:...T.H.Kj..j.TQ..#.'....."L...I...z.=..............-.nN.FI|....%...L...(m...P2..o....l..).c.y..n...A..B.b..J..2OS.m.)..........._o......,5...%...]/.v.]~..oX.....J..D1.......t.....9.*e.$.G9O.O.v.....|.ZN.d.y^..&.......7u...4..;.."i.....*3.E........`...Z....ANh..;k.'...x3......O.k0...*?.A..7..oK.....;".S..cj.w.H.->2.4..8......a..}|.........V.'~YF...y+....=.(/.c...9.]x,Q'.b.d..|.uvw*.Z..z6......|cDU.s.9.{..\...(...>.f..b.9.0.n.i.I."......-G.9...E.....=.(....U.1L..X.v\.tcM.......A..o.'^-).M....I.%...B..@1.A....H..=.....,..I...N.%.EW.).,...3j..U.....Ew....C.7...,......L.<.KX..*Zf.7:....o...f...}.....r.T..w.'..G6.x.. ....1>......(...=.]..x}q....Y.....l0M.W.....Q.C.yR.{......|.~...[0..`.iuS?...7...M..Q......g..g...2`.M..HH..^zlb..V.@yV.....c3.....oMK.j...x...%...q.....MHb).P
                                    C:\Users\user\Desktop\ZGGKNSUKOP\GIGIYTFFYT.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.83649753535272
                                    Encrypted:false
                                    SSDEEP:24:fdC89OQRDe3cwaW8NEjzl+dqQXf5qj404CcoPblnEA/NuQJg:1pDe3cw7UX8cnVoTlEGg
                                    MD5:85C71A927A089E770158850CC1DB2A87
                                    SHA1:F50369E3E583E6E8A0BE058FE207D64D10DC1BD5
                                    SHA-256:73C9829E93FD9B34F4D041CBC3AD36E00758FFD06A097A9A4B9BB9C997AF0687
                                    SHA-512:E96418D6C6FC2202D124D71AC68469E2D22C014F0AAAB9C17684D782CA791BA1F46BD3692EC4381F7B921A81A716398EEBE003A2334706B8D48C0763BD22B4AC
                                    Malicious:false
                                    Preview: =.4_.:...._u..S.tv=..Q..J....\....D>4V./..`...5.#L'..|uF..6W.7...-..j....ei.b.%.Q.2Y.fe.x.~....a..[:z....X.p.;...i.?."...j..]......t.=4.y..).8......i.'PQ;...'.s..'.`.=.F.B..\..)...{.....t...C....B..^&..*..1......O...:.._.....m,.d.D.\;P..Vo.....C.....l..$.m.L....6.L......EQ.....6..... ....nJ)pr..1.0.w......Y0.}@...0.o...|sR5.........`.....X....?{..............k..K.....[xs........g.w.....]+...u.N.......E.*`..T....X.]..v....$...+.../...5m...x^..0..8@i...#...l.,3)..#x.rO.n...P..#.....W.!..f..-...>.\.P...B...X+x<;d...&......l1.&..`.._....h......igim.S..S.......jX..co..Z..:.d..5~...KSk1..............k...]c...ov...`.h...f`.tlo..0.S.23.sQs.%.....#.....u.(.....3....UH.a.......Q...........!.........M.......f....A....`H.SS..p......b.t..V;w.I.....'fr.3.8U..T....]..^.{.......E....1.I.Lc.y.)...].....wdt=.$..j.!..G._}..8g.3.m.N...sho...Dl... ......".....J..`.p....}..}...h....5O.;...s#.-....s.3>]...NF6.&)...O.p.q)...$.k...,..-.......=.....:.i..c7/^./..=..5...~.
                                    C:\Users\user\Desktop\ZGGKNSUKOP\GLTYDMDUST.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.842860168511139
                                    Encrypted:false
                                    SSDEEP:24:H0nOznNJtj06c2LIeRsYx/Tmayuw9rawc3UPnznn3EA/NuQf+Y:H0OznNJtj0Z27TIuii3mnUmH
                                    MD5:B8F65E7A41848A812FF8043D71380028
                                    SHA1:FD4A23010086794593C99A0508FD8A392B05C43F
                                    SHA-256:CB18647E6BB89A79A78920CC315A52A6317B6097D9E824746788FE0107258DC0
                                    SHA-512:6DE820FAB795D70693DAF2B1AE20FB616FC7E9ECBEF685FCE19FB23DE89F3CE704D70EB019DF7BC1C339ACD78BC403E6126D9CF4EF0C30D31F1C21E3DF2EBAAD
                                    Malicious:false
                                    Preview: .m.......#B...d...v...z.:..}y...vPR\o....kpo.:9....8E.Y'J..|..`.&.TtEbd%'.T.<5w.5I....O......k.....N..'lL..+.cA.......Iq../A....(F.C.ay...5j.....K,....+B...f..>..a......Gz...]...s.B...2.in.g..b.....t.&.f&.H.s3;.2E<.....>..4o!....-4.@....d.8._..^...+..G.5..|...0a...w.5..-.Y..J.....uB....&7...b7..4.Gw5.nj..8.K....L2....9..!.MK.}...Y..%...CD`.^....|....(..E.DF.....S.v:k...a7..I..3|....3.{.&?...w..c....s....X8K.....SiS.a.T..]...~H.0?....q......>4LY(..%..I..N;.Oc....B..Y..jW.~...M..o...UbF........y...O..g...F..v.ex..BO..].L.6..W{...(.I.p.).Z..A.l.....2....c..{=[|.X.H ....2~.6.6s.#....;[.l}..%R|z....[....rIL...0i..QU...|...fI..RC1...e..@0J.J:...!.%].....#i.}k..k]...d.@.^..@*..[o...y..yW.Qe=[....&....f........1.A:W.Zd.;....Iy.!..h.:.x.`F}E..@u...Vh./..f.4...T>...P..e.i(.=...^E.z../.8....c!v..;n..=w}+......9....|"{k...V...rO.dm..e..R...YCWt.wU.......C...O<..sP.z.S...1.t..7k'.sIu..Sn.J{.g.;.w.....$..EG.3~...z!i.8.T.ER....sl...`k..{.u.5..@..
                                    C:\Users\user\Desktop\ZGGKNSUKOP\JDDHMPCDUJ.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.834796551823079
                                    Encrypted:false
                                    SSDEEP:24:YhPvomC5CmPV5EARdKSpx6Wu4klhCQ+aVvUaNMqloSyRlL+oDU2SVmnhIEA/NuQN:GvomC5/iAnh6nRVssM0ZYxk2mYhFh6D
                                    MD5:CBC015AEC4F6106F828CABAB15EEE7B8
                                    SHA1:9026FD6DB9108E760D9802D5BC781F6548084A16
                                    SHA-256:76D64155D4E8E15517B8DF62F33BDB05179FE46164A2B78A1973121E5DF5C266
                                    SHA-512:2915CF1A1B84A58F57674EF1B778F046A10C5964C430FF00A34A3E43E15AFE459093ED31267FB864D87F83E9D59D0E6BF337585A181CD33C1643EB539ACA5681
                                    Malicious:false
                                    Preview: ..!.R...7aA.....*...I....$.U.aU$..G...+<.g.0...U".....r;..#.:....w1..s./L.)s....Z1^........r.>...)p8.+..*1!YD..'...,..w..o.....*........i.......c:.=F;^.G.V....K[1....h*.S....5@7.bR!..j.\.>*..r.Y.{emON....$bZC.....E..f.-..x...2f.w6..L...3..Y..m3M.vc....Z...h..Ki..t.2Y.'"..>`.>K>.e..ih..;sR(.....a.....5.b.L4K.wM..C...m.0..:t...f|t.0..I.........9q.YA........:..O.wD:..I.ZJ....=>.J...C.k..*D......T[...2]k.........:.\....D)1iT.C..E.C.D.J...w....T..U.F5.n/...!......r.Ft../D../..D..c=.R...7.J....=.....oC.....1..0f....@............\.m+.r...*..I...f..M$.Y0.|..r.`.C..i9(n.k.Q.........r.(......_+....c..C.......:g....]...)T).;F=G..F.-....LbKYHS(2[.d.w...<p4|.....-..L-..l3...H.p;}h...5......Z-.,..R.E..H......[B....E.~8.Zc.zB....F..R......(..:...l....6.C.......I....3D..%.2}OG/....Sn.I.[.O....vV.........2..M.y....4..pXg...}ws.....,0.st.o6..g....e~r...}uEZ..].....(....o|.....W.}^N..>C....F-...{..%.{.K..Z..v -..>..'...kZ[...v5u.N....d.".....)0.....!u....Y.L ...
                                    C:\Users\user\Desktop\ZGGKNSUKOP\LIJDSFKJZG.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.82247626001944
                                    Encrypted:false
                                    SSDEEP:24:rbRB0kqvBshuWPC4oNPs2nHk9M3dsDh5ehA8E4kClqFEA/NuQ9:rSvBshuWP/KPs2Xmbem8EpGw
                                    MD5:D8A2254F418B10F432925CC82D722D5B
                                    SHA1:FB89216EACF0CA4605920F4DB3EC4551630CA9C9
                                    SHA-256:592CB36C28C336FF38DB8A45A62C2C17656CCCF113EB10E8315BDBCDC6B876F1
                                    SHA-512:47558F38189102EDC3990DB22177A85D8CE81B7BC0FF257A0F37D70F90836A51BFC6BB2A46DEA64DA559B11CEFDCB063D1023A50E076EA90770011FBBCF11F14
                                    Malicious:false
                                    Preview: ..4.LM"N....pR.f.j{.=\....t.A..0.K...i...D...d&.C.3.OPt,.0....,..|.ev...:e&.-I#.s..Ru..X!7.....3........&..w..P.hl......w.....mZRW....baJ.K{.q...<q...'.Yat..UvU4c.(.3>%L....1 .q.....a..r..C.K.....pB2F..7.mp8.Mw:t...^.e...W..d..%.$=9...Pa..w8.".....R.P...}I..x.s.!..!...6q.P,5d...%!..&...$B..&}). .*.e?A...3.=..;...)|..m..6+.j.....2h.......v*+7......R......q.......6j.....z..>....R.'....z..Td.s.V..og.5.....p.hm......k5..,......n...)mK%@....A.0.,..Q..:..m......dy.e..'j.O...P.e.]a.p.m6.6%....l..OE..G*...*.@.._..s5.&...Yh.9......G..X....2...m.L,.G....+".V.Hh*1.svc..WsbX.E...$...xPp...PGIK#}.3.T.xB......>I.^y..........8....l.A.+.%C.vQ..h.0...9....W6.T.a.....$....nb}.....{ q.W...|.Kv?|...,5.Z5SL...;..U..ncR?\...$.(..H..q.Z$.......Q.&!.,S..}...W..>.....J.?|.aX..(...t.OP.u.Y.tU........G.....s8....C.^..%!...'3..:H..YN.....p..H.sj^W5...j.o......eq..e."&6H.........&.L.3....+a..8.>...$...(u...J.G.L.)..}.R.....tS:..-..q.^9..<.;..?.uA.......M.t.`.q.(<...Ay.
                                    C:\Users\user\Desktop\ZGGKNSUKOP\ZGGKNSUKOP.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.850828524644081
                                    Encrypted:false
                                    SSDEEP:24:aROX5iO6nUfrg55IDQB3L77pBVXJoYbbPsciQfEWhcEA/NuQPpytN:uPz7x/lBV5rvxrkpyz
                                    MD5:7DB366A696045A08B7CDE1D7914EE972
                                    SHA1:1BAC88CF89F60870D72AE9C7D6D3005C72E199F6
                                    SHA-256:2704E0C6A34081C3C0B83C3932CC463FFB6A79D060B253615A96C48BCD1D7724
                                    SHA-512:8C8696352A4BF80540646F784179D068051D86ED9162FFADB7F183C3F86D89B7644C72C278C83E81B395050189CE0AC07849BCEA6C987234F4E78799A3F94DE7
                                    Malicious:false
                                    Preview: "..&L.'...ZUK.....G-....1.r.h..z=...r..9.rdF`.;b....g.....6M.P.w0...m.....T..#.r.....}j..I1.@..]o.+O*O..v..V...)...\..............+.3..BX...\(.....p.....?.F..... .wR.4e....,...W......\.W.cD.)'.0.t".h...&.Z....c.i...L..2..N.l.e.U....I.y.+^]......?....X.C....I..w..u..-........;.$...+..v.\..?...d.......3....&.........2.KpFr.I......[..S.3zrk;.*...So.J..~(..L5..q...I.~.&....{]..,..3..=~eq..oe..Xr.5#u^vC.*IVm.E.E.|:.n[....^<...q<......|.?..u.|&]:...F.c.!>...7..a.;......puy-f.......fw.f.......`.LZk........tC.c.c. .........8Q.Q.....?=.yUx..y./.[.^?B.......=.1........4..F....9....|joj...$.......G'F.nL.).r>Q...o.$.6..R.Bp.)...n...5.8?n......e...h+....,.3../....r.nht.....k...R..l...cDx`F......l/<.......R..d...h.A.Q......Y.cr...h...4..P...\.P.O..z...aO.V%e),=.|.u3A.D&7x..P9..j...9.t....Y.A........{um.....2.?&.yl.I..\..~=.)+2.]...H....g....$1...f@.~.za...Q...K.f.....kY.n#..Z...-{....S...`H,...L....9.....kjN.W7..v$MB..-.{.....n.+$...h.-F.j...z
                                    C:\Users\user\Desktop\ZGGKNSUKOP\ZIPXYXWIOY.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.843727345657406
                                    Encrypted:false
                                    SSDEEP:24:6C3QvatCyInlG7WBPLvGfs7HbBMhoIgq7Yl4Ts2pm/Gt59EA/NuQ/:73t7INTj7KVgq83EtwK
                                    MD5:5B445160D927C26F74BD0641B558BD19
                                    SHA1:94CB15DB425912BC84FC6109AB09EB4A526B5547
                                    SHA-256:761D9A6A3DB00ECB3065CC088C61DF838445F6C52F120159B90AFEB32E60E6BA
                                    SHA-512:7AF7103A7BE58E83E4DB0E864386D41A6755C351275A220B8E5DF95029186821953216AE8F692143B267C61966079DF84FE3BDFCCFC464146D72217A1650084F
                                    Malicious:false
                                    Preview: .....\Z.n...3..T.F.8.V....<7.>@X...1.k...^....v...AH).6w%.9...k..i`A|.YB&;7...%....h..............V..u.......u.uf..|...7}.b.C.E.@.=..\~..Z..+E./...UI.-D..........:YH..!.03..H..q.Y...@.SM+....+V.......l....K.S.......N.5..T.).H......[.....8pBF...BVX&....../....h.h2..........3o>...p.H.....I1...C:.s..l).a.B..Y`...6vv.8..H,{~Y.......b.V.g}1...&...i.g.G...w..}";.........}.1...........8...c.0...V.M....jr7T4IR+Q..).q.%............"W.)GC".R..... z.p.$..p.c.&..P0..8*...}.A..{..:.hAap.f.I~...N[......z.5...E=..a.6n.@O.c.0,.p.i..w..w.....E....(..sB..g@...j...c.ny.....D_...?5.....Q=FN.F)N}.,..x.|.5.>?Y...Z..........*..g.0....Y..].W/.t..O....F{9.....U....[....)..qsfH.>7....9.@t.p...\...S.OV.ka..e.}......[)..=...E..3.oY"I..4.........^...)?.........{.Ov.7.].)....f...~......H...).].W....=... .........i.Kj...LOj./.u.-?........d...j. ..i.p.......5?xk...A.p......+JN..N....L.8O/+.f,Y.e.H.y...K.v.T...\...L.OZ..'....m....N...kT1..Q).!............Y..
                                    C:\Users\user\Desktop\ZGGKNSUKOP\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Desktop\ZIPXYXWIOY.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.85876684314488
                                    Encrypted:false
                                    SSDEEP:24:zjZA3qh5wgTNsYKnrJKmuyTGreKOQUUIsr40SnOtuEA/NuQo:fZAahygKnUe+eKPD+CR
                                    MD5:A6C90ECD9123252691BFEB1B4E42F0CB
                                    SHA1:ED659E7D1A12D214BB1656161628DD6193E7D5D3
                                    SHA-256:B1FFC4E4F6A8C3BB97F8856E06409625941826F157E7930566FB75815505F132
                                    SHA-512:8362E05DC23C7B2505022B1DC3CA821619888567F681C84230A62C1D4FBD5912069540158BBB3A70D098AECED02750DB69226B54B4C710A71384C6CBE874C191
                                    Malicious:false
                                    Preview: ..gKUX.L1_%C....7s...G(.|o...m......@..........1.Q..#F.....Gd..s.s..fy.in..rp....p{V....*..V.#.u.2.BAV.^H....#.._.X....h.vB..D[c.h.nN).P..m..\Rp.A.0g...0..l.d86..8.....D.W0.............`8.9UO....x9..l.*i....U..."Q.....\-..f..1.3..7b.]..!0.8.6.c..y......G.Gh.pP'.-.^D....K....5.5T.0....6.+.9......t.....!4r.n_v.~}_.V0.4o.23f.-Z-.....{|6.g....T..3.V.W..b.....t...I^..m..*.nu.k.e_.>..r..I!.n.[4^a....s.....x.u....P...?.....X\J................E|!c.R.u..6U...b.Yr..(}..... +g..:*../..u.I.gH).}cP...i..7...._.:.~...Q....B.....Z.xovO........m..c.m..6./...mGkj.......g&.3....WgC[.........V.NZ.%..~...FC.9.....~O.m7.+...X.....F.Uy....=Z....|0.h@.4..._....pf...N.%T.....c...#..w.N...Zwt..r:.L.)_/.mw[.P.M..........3*E...j.S........>..7f.......R...,....\p<.... .~4D.f.........\c.E.d*.l......C..^E.>...q.Y.u...3<8.b.g..e?....}..%lk.77B._.N.......r......g........j...B.,...fD_C5pS.Un\xT..h@E.E...i...1.!....m...K..flF.4.j&.*.$...........[.x....t.Q.`ik.:._V.....B....
                                    C:\Users\user\Desktop\ZIPXYXWIOY.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.824366494830225
                                    Encrypted:false
                                    SSDEEP:24:Yjl5PHfQWNRapJ/ohoeDt456JvoYqq3CyjHBZ/cRIeyG8uWEA/NuQ3l:YjlR/QWK/o9Jv+ByTBqRIeyc4
                                    MD5:5D2E01462902FF7C4C63B235C6CC0497
                                    SHA1:6B978FD5FA5E7433C68026204F8AFDFE8A6F337E
                                    SHA-256:E98F0B83D8237C6B2F520E0FDA12DB53AFFC4C2EB809134E224D82954CE3C7F6
                                    SHA-512:A9C757A4BD20D9721F27BCDBEE2189865E9E19A3D5DF6368E3E947B181D50BDE86DFBED1193B35BBCD5FE2100C0862F1C4C4544DFE0281116AF95178B11FFD7E
                                    Malicious:false
                                    Preview: ......)....>.Ak..r....I.#..:.G..|.?:>V.....J..M..1.....Grqe.....E....G....I.....9.!.5U..v.y....=....x..+...4....*..~.....{......^..*..0.n"......W8...C...j....V.z.../,1VE.z..J(J-.i5.| ...e.......m.^.O~.g.6._..4-.9.>(.a..oHWE.YC.r..Q..]..l.......!~H+.>0.....dC.j....h(.:....'..... ....TZ.baz..@?...9..M^G.N...Q..i........dFq..m|...k.%8.h$....7."...d%. .I...R.\....O.7.....#......i..` fh....%...L... .Et......K..'.....dLgu..[.b'...K.>HB.E..F...1.S..r*.D=.CM..OD4......"...K.1~c....\..X.. k.d...l\E..X.....7.g.We...8+z...*Y3.Vn...U/..^".......a.F...~...x%..K.>.F..>..JCo.....1^.<a...'z..S.(...........j.....ZD.%..0.=.t',....^.....],....e...4.Yvo-..9]6.1Kj..".......zg.7.h..........{...a...r....h.j\5..D..D'[.|.>......{.&.0.M.6...T.;Z}.(.+*...q4`....A.Rx..e+./}...N.5....)..~..Cy.;.DB.P:/<O.D.~..Z.nL....g".. .-.<..,..RF=$.Z.q.uzA.cIbg\*..z..U..&,...f...q..g..!....5..p.28e..[%.:.'...DOv..W....&.{.C...Mq..=8..j....;0.E1rq{b..v..uK.......]C.....v..7Dr......./+...
                                    C:\Users\user\Desktop\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Documents\CZQKSDDMWR\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Documents\DUUDTUBZFW.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.845446999728481
                                    Encrypted:false
                                    SSDEEP:24:+AH+prFFgOmLUKNEILtWaUAWl+r145Yzi507HDrKjCnt9EA/NuQtwFS:+VlbRmLUKZZW0rbiihtOWwFS
                                    MD5:1C931B5A64F174057936712F2CE8AA8B
                                    SHA1:2A267B85635614C91DE1A6A28AA676BC0FEEA2FE
                                    SHA-256:08EB53FAFE912D83A29FA5A0556C20AD221DAFC447F69356F07EBA5E9F29CA04
                                    SHA-512:69E34868B71E45718A55456164BC342DAB0A3FBEC8A6892BC81ADA2479AA1E5E7489E3C338BE439E1192611E634C30D3BC899EE92B56560D2BF9580631DECDAB
                                    Malicious:false
                                    Preview: ?<...U..?...[.EE....d....\...E....1..FD.K...R1....9H:..."O.oA.....8.....a..R.I.n...}y2."....*..7.\....1.x.So..!."..C..,......0....6...q.........._&.F[.B..[.=.+I.v....+.|...u...... ..~..>N.P$..rTPL.xC.P.....N.j....>.].....d.# ..@.u..];.])1...z.;W..P.c;h.,........<.......I..K_G.Z'.2t..][..-J.,2-.*e..B.k....(e....N..c../..Po.p.0.F.m!.IsH..P.LXI^N.pA.A.2.A..(,.H....Yk...Q"..4..._...RL..FT9.C,.y....._mz..ij.K...l.l......g=YS.RS.K...E...*az|<\.k.........v..%.v.........a..f......U^.... U..*J...,.n\..%.w.%~p.....}........u.!.A.. <(..l.Nu.e.3.pN.O...>Iv.S..%..s..drWoz. ..o.....Z_..d..;6mC...UB.N...f,.Y<.+/..*.6<'M..{...j.i4..Uo.+...O|..=..h}."u}.L..a?...b...9.=Ky.i.1x.....C..'..^S.....Uo.......;...d./{v._{U\.xn.S...e.X.n...<%z.Ov.....o|...1_.............+W.8...&......`...a.C)...`.<.h.....[9}.N.n.....u..J...:..(X..g!.&.z.N...".x...?..LL.o....B#!j.bX/../....Iw....D`+t)...c[;....H....0.......!.../......+..P~..:..a.....`..y)J.q...\r.I<.O...GL../\0.
                                    C:\Users\user\Documents\DUUDTUBZFW\DUUDTUBZFW.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.833274701626464
                                    Encrypted:false
                                    SSDEEP:24:ZY44zgvqGhT4wHB8CfrOeHHsYmAg3dXLmMotehpvbYQiEA/NuQJu1:m44zoqGpfHB8CSwHIdKMo0bXZ
                                    MD5:BE6E15DA644843BB2DF78A41179CE1ED
                                    SHA1:B0497504D825339F1E609642D9AAC327434C9980
                                    SHA-256:C127561476E1B17585D728D981AC3515C49470EB8BF03B13725EEEFC8169F4E9
                                    SHA-512:436BA19640DA0E6402E2F29D2ACB3ECC68C6BAE9BCBBC782CD66661E45A070A020ADE658178D1E2BA8BC9B6CCF9A1F68AE0157C66350A353FE32DBBD6D55DDBC
                                    Malicious:false
                                    Preview: ^....ee..f....^L9...8.....1...9...,.x..t...]..+B1......i.{e....Z..D.....,..,.:.c; ........2.>\\........:q.yW...4.v.(|C.*.........{....;".....t.........l.f5..Y.U..\...h.E...I7.!....h..X#g.PH......#q?...?.Se...)t ..u.y..Q..rx.......z.;:.<.5.k<0 ......#........._....2.\...a"..j...i.\...ZK.........d..*b).`..S.....[......IH.....{l.%.@...!0..<......L...<......M..2......b~L..k.....P......%.........b.2....t....izT.....,.........*...,.........vK...C..f8H.z.g.D.....}.X....c.....+wl..X....T...k.a...QU5.}.L..C....Wj..[Z...d>B[K...Wa.-...B.T..>g./xT_..C.{....x.....R4.W%.5~...t.....b..x...}30yw......P.....V;..|..7..,......D...._....)!.Z..uG......|.-..>.h4..'8<....1..?j..U[.E......7.\......5..OS_.g.,.W<$..P]x7c.".....8.....<.....nd>.7......A......I.>..U.H...(...e[...W....ca.....[s.P...<....U..Q......b.....U.....:|.Z.>.j..6..a... M+..9..X.BXk6>u:..E..;..KZ..g.84Ai..................5...eR.y...9.!...KK. Cw......0&N........I.(..Q.vQ
                                    C:\Users\user\Documents\DUUDTUBZFW\EIVQSAOTAQ.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.844046761889998
                                    Encrypted:false
                                    SSDEEP:24:FJ7ctrRW9Ww2ZScoKzFEZh56jBV9zal6BAnJwU0iPOz6kAgrVqM4vXEA/NuQgO:QrRtw2Zbmh56jJzal6BGCUbGz6ZEqMlO
                                    MD5:A98BFAE70AB96A9EEAC30F82CD750C6B
                                    SHA1:5998C84C9E1BAB423498F79D0B83E4576D10DE9D
                                    SHA-256:FF9AB913B9DDFE56634BEC581E606924CC16BE6DB9453D66AC7E5B8C54B2924F
                                    SHA-512:B8F8F839F2894BAF98F66DC260705D0614BCDC5E849D92B407CD80578E029855BEDA6FC876FFEE9F9F34F878841E23091EB757B3672B41BEDDF99BBA6A12A4F9
                                    Malicious:false
                                    Preview: .v.7 .!........p.J8..E....uk/.G(...'ct......3..I....1.A%\.]......"_8....ssao.B....uI.zP.................&.;..$.T^j....\..~Z...j.*..7....;.hqAaJb.vP%u......?..lN.>"l3..!>....e....P........p....h...,.D....G.......k6......j..L....<.#.Z.Z/...c>.<R..^r60QS."%....>.f....jI.C.\..`.*.?_.b?...j..w=.....=.W.>.;F.j...e.(.........+...lbm..BK..!|..(.N.......(W......l.=...Av......Y.&.h...:..........L...A|.~.2Dy....1...\d..$|\$..q1<.w...=...1.2.{.].0.....f...v.W.(.R..m...83......:O.i..'?*.....c.+...u.n..:.....O!.`B...}...rx...E.O..U...K.!H.9...ieWw....\[.P....}n...w.RZ^@."......v4\......... #K...O.r65...]..1G.w.{..^....em.0.c.ZL,bj...'\....Ba!.......#(..W~.....c.r.1`..X.C..b..^T ..Wl..P........R`.._..z..|Qv>'.e..]5...8]EPvWa..B..I..r..H.&9..g...[.{....G.U..-.dk3r.......WFo.".F.L...3.`..F.i..(K......G.U........7/....b..C.2.{.S.`/.A*...d.IP.........;...q/.....M.....ih....lMM.6...G2y...%P.) ..z}...~..*..E5+.^.g.....1.v.B...w....y>.T7..&0..U~...+mD..9q.j.qd..
                                    C:\Users\user\Documents\DUUDTUBZFW\EOWRVPQCCS.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.851485837652043
                                    Encrypted:false
                                    SSDEEP:24:nH5mtwkZImoM/Ilfif6X/QtTMnEhWSUnskY8JvO233SUAdEA/NuQN982t:ZKwLmoMgYyYmEUrskVJGYNHg9l
                                    MD5:12B80099350E9AC4B5752D122C8729FC
                                    SHA1:CC926D36559ADFB00396A7D0B1E0CD4D5DC8F38D
                                    SHA-256:045680E5E3B42EFA884CFCE7431A20F17AE73BEEAB597779804844BA2B0A598A
                                    SHA-512:2D8985647FB6047C0D22B80F7EE14CAB537F2A138FCC700775CE4E2B985142B2AF3BC5FE7A0C2D3734FFC7A36E7BBA92CA281100296BEDECC90048B523E318D9
                                    Malicious:false
                                    Preview: ..B./.7Nn.c.}.0.....p*lCPT....S..Z&..8`.|.rs.G....,q0.n..,>L-...G.B{.1.;.~1.<.`........l...Oo..T.J;.4Y^}..3...J...r......"Z.gr!.J.qe.9`.t.r.3..8Ffv.B]<\..{Z..`..p..'..>....`..$..c..9.......^o.e.)...O4..n..g...e..:b..j(AfL.@k.!.Now=N|..0..n.!te.*..Ama[{2.O.h[;.....DhOL...q..23.g..M....+R..O..2.....8.$...Z.....Ac.6A..{+.... i.O,......tc..... ...][..Sz..6...+>.1..o..X....{%._E6.K.%.K.B@...h..h7a..j.D..@6.C@ed..._=K...X....!..*3:.D.T1...<...S..r>,).Xu.........LM.=.J...5$u..u.3. h.<.}.....tU......ux......!.#G.y...B..|.V9..4..o..AOv.FN.v.....NY............4....."S...L.._.y.M.t70$.QO...@c..?Yy.*.:j[ZB..sj.;.......cBB...SO-X].Z.....Ye..M...`.h.S..)..e,....piy...m[.G.df)....,...?.S..H.....s...)ad.b@$.s0[A...........]..^*.......f.X.s..\rt..~~M..U..P....$x..A.uYD...W..J..........4.......b.9_.Q]2..dY./.H)s..y.....6.2.l.Fm.P(.=...T......T..L+.....i_.F..y.T..{.H.IZ.6.g.^8..c..|.....CS..+Fw.k..1<u.oo...O."?.}...QA.. ...z.; }....9.0....O....^......p..C..
                                    C:\Users\user\Documents\DUUDTUBZFW\EWZCVGNOWT.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.840144197938492
                                    Encrypted:false
                                    SSDEEP:24:4DVVmPE1KIzCDemUD6LdsF70scTf+hhRhgnTh1THwdEA/NuQK:47mBIzCe8DiMnHwur
                                    MD5:FBA589D2D088FA5890CC9F2D05921CE5
                                    SHA1:7A420A11BC10D1F56FFC8082D85624706D609E77
                                    SHA-256:38F0712B11E93A8ECC026B4EECBDA6D42CDD23219FF452F40583D766CC185EF9
                                    SHA-512:66CE6A629515BA106EBA9634D24621BFB0B749063C464516C03FF0F06A90DE3A65B7FDF9F57B62C714CE09016F4A35866F4B1E79A6E5A642FD2E883C61E47AEE
                                    Malicious:false
                                    Preview: >..Kb..P._0.ng.!).`.l.;O.@.O.....\<,9nvi..%.f..3..P.O....o|.vX.D3k_n..<.{.i..r.=00. 0|.Fd..'.%.]#%lL..j.~..p..._@..iL;...B'.v.*!E...x.....".....g."..^5u._.G...KS.....p,...'g%....NvB:.G.mYF.e....A.A.+....N.L.. .@z7....#.].&.g....7|5..1B.c....{U.....LK...X.....pC..o../...~..i..Hs....=..Fz.B..Y..../.Rt....;P..........d.>.Ic..i.I2...x.a0.J."....?.r.$cL.PGj.%.*.&4.Y[.:.TB...`Mk..M...m.I.,6J|\Y*.....ie....9PQT.......O..7......VHFm.........`.j..y+b.z.Y.{..C.`..x........m..&c.M.!.Z.K:.d..0i_hs..>k.{.?.;,..`.^.;Df.._P pnO..,.L/.$..H......f..?1D..&3.#..7.X.,.....^...I`..|Qh.b..;.?...T...Vf.e,|:.dr...!eR)....P~T.XA.....{G..\L8..c....).R.?-..c.,..sBC............I.#tH........|.'36.y.wS.<.}.c.....>.u.2....Lt..4.Y#d^.V. [......l...;..6.`/.X/.k6.._..b..7.N.B..+N@F7x.~`Z..LB.....l...v.....~I.....h.GH+...P@M...............lu.+.)...Z...L...|....t.._.L.C.......V.w,....XvZO.S.P'.#..y@d{D..R...m.a.-.-..!X.8.pM.&...l.'.3)...3...)u&..B.4.l.s.....A..H0.....V....
                                    C:\Users\user\Documents\DUUDTUBZFW\GIGIYTFFYT.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.812033972638466
                                    Encrypted:false
                                    SSDEEP:24:44nfo1LksAD5IM7wMbgNZs/MUGQb4AyznUii0iI39qt5anE93/W755XEA/NuQV:44nsAsAD5IL7w/1w5ng0ieqCeQ5CU
                                    MD5:A961432931666A911D0288817A9A8C21
                                    SHA1:BDC2A68C9622C88E6C24AF0A1B857E87324657FB
                                    SHA-256:E3823D15264A28F7FF50407F3A8C2483C7D96B6227020A8137183A0B53F38C1C
                                    SHA-512:99081F8AF2D38CC7E36FA88026B9E50DD3595B8C7C591DD23535E6E3146BCE94F982BD6DE78F3827DD49E3ECFA74AAE69CB5C4E03D138E582187C7189C70B1F3
                                    Malicious:false
                                    Preview: ...{@.B;....Y.WQ(,]....H...l........2..@\.........zy8. ......<..b.$....../*@].J.]*{.....h.......ldD'..>.U.+p........a*.m}.l.OL...XPB..@.uB3....l..^&...Xq..'{...O..C{J.Z...@.....L.@Q....R....F.....Z..D.9d.y].........I..|.tDH.....!...W.`...FGh..........;9;.1.....8...f.....V.X*..)mF.....d...c.@.....q..Y.n..|.W|X.Ks.....Q..L.....au'..C.D.`..".^..A.8...4.>2.M.D.-.?.4e...*....).....k..9L.?.c..I7....H..]$..{.nU{.....8(..lCV.ZCW.I..I...'Q.I.Z.?7.(*...?. ..)..2..A\.!F.s......:...W4...K...M........zM#...x.....e.)....6.`s.......L......,.....Y.P...........g.dE...B2....o../....8.p..e./.2.I..L.......O......S.....q.......J.....m..;.....c.........5.L(..@..*..r.`JDg_t..{nN..<....../U...."....1.^...xA.......U_../`.?..AVVG.7.<.@.:9....r.0...4.X`.J.R.M.3'.!..k.t..x.8.......k.W.Ko.@...Z*.o.....v...J......:.I./.X@o.q(i.d@.I#.g^k....qO.N.y..A{..<A.....KE.........V.4z(.s.....VI....;.Y...C......,.N_..T...q.f..*.e....h.<.....T.~..0..pg.. ...*.)..z.J..)Ws..c..
                                    C:\Users\user\Documents\DUUDTUBZFW\ZGGKNSUKOP.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.854876612225098
                                    Encrypted:false
                                    SSDEEP:24:jQuick0GefplWZTaL5qahY6ym8VFah9J9EA/NuQ8xns:viHnw/WZTgom8VFah9gVns
                                    MD5:77EAAB2C6BD615D4D020A0111F91F3CE
                                    SHA1:54A1E82C943B98713E8637B926B58A1E07BDDE35
                                    SHA-256:34C036E5E002540E1E2814D7B4AB2E07383E8CC1EFC8B5E3833F88DE1605DAD5
                                    SHA-512:FEFE319B1D936C40E1D2DC7E97B94CB2A2F4316BB4890D26C9614EEF222D5F4F29014EC3E3EAEFAE6FF2E1DF9E705204B194FC907F081EA56C178F083394E242
                                    Malicious:false
                                    Preview: .c{.t.Fn2R...%......<.;.z..H...~.;g..i w.d.....?;...Y.a.G.......k..k%*K$.e=.>Zh..X.dW..h.=.i..&..#..K.bGf..i...[.tC.x.7..r3R#B..kS.>......3...=.&..#1I.t.~........$.....Sv>.3.....:8.....CS.....8....c..[o.'<b$...N.W.GL..........Q..h(..J.9<...:;S....b.:6..t._.....8x......-.d....W?.......'7..AA.0...,..[I0.i~h.............Gs..X..ps.x.w....:Vz.......Hw.^..i.^...}X..L..b."..E....oWlp...Xr.g)..A.C...R..62..$.......L....cx_.a`s....@.l8[zD...'......~.2...R..M.Fx..s%..2...Ak.[).p&....2....n.{Y.. f.t........)..I......$.....:....7 W.......W.s...oe.......)......o5D.f1.....f...t.....}3..CV".....Y...tJ'..D8..y..-0.S+....w.v....R#9&.%].AEkEn.. .a....".]G..\q1...q.#.........H3...3*..+.;.^U..aL.mg..D.V,[\5'......nN\.A....7.^.T..Q..`..eVfI=..y..iK...N5.....7x...c...."...K.....Z....,6E......F...zCi..'I]...4Km......O..B.t...S....lxW...0k.Q...5u.....4,{CW.c1.k#O.......q..S.......-p!...l....&0r......W>5*.F.x[mZ.(...].....X.kq......R.9p.UL./[e...rZ.y.]...
                                    C:\Users\user\Documents\DUUDTUBZFW\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Documents\EIVQSAOTAQ.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.830925806624931
                                    Encrypted:false
                                    SSDEEP:24:AofAbEURrk8xorbdryIA7DueGAdJWCrB1hZ4+iWWxweGSI4JEA/NuQmV:b0tRoBbQIA2or/rv6weGS7iRV
                                    MD5:6621A6108BFAEDEDE2D0893E7911B863
                                    SHA1:740783A09A2E2014291BC5DF5F6C7888485ECE18
                                    SHA-256:7E29BE762039F6D8AC5AA83E1D03FA2DD17924C8AACC6FC97CA94EF2C95852FC
                                    SHA-512:1D1742E60809D62D7F11D5240970E82EFBD7D2F38B03AA3E280C565E39C2A5A769553BC0C769A8865DEC094FD23C7C82AEC71BEEA72BB5DA3679FA88216AAFAB
                                    Malicious:false
                                    Preview: .....0..}..~H....[..b.......5."F.Q.h3J...=...zOKF.B.w....k.a.[Q.A4.+.I...S...pjA..s.r]=~.,....Z+.'.lA[...._.o%z2m>.Bv.VW4.1Fp..-._../..~...FT......8K.A|........Q.Dq...?.a.W...._GL..K.po..Ym"U.=4.Q(..F...t.TT.....E.|.h......E.......u&..n...TD6...b/..P.....B..c..........R...7K.j...D.......O..e\<m...V.S7%.j*.....V.zw*=\l.....#..!z.GG.!..a+.Y,S.....ID.....q_[o........Wl.B".l9.P..,..a.).t...F.....-.....\...........E..*.*~..S..@8..8..h.6......I.x..QG.(.'.W*.b....9.b.8i..b.0..>4D_6.....+Wm.3.....;r1KJ[(>..3...h..C..b....q.`.Tb.P.b...).X..G.....E..e....(.2=.D.#....|'6^X.c....-zm AG.1..q.2*...#...S..5..+j..LW......*...Q.....fakn..?.......U=p......_k.).;.AbsP2m...J...@....(yj.QD.Xq$A......L9.F...j..~.....[.....{z..4`.m........^F............+.T-...q.-P.E.1.:...uB.@.Z...O.reO;..pl;l.x.0..w..R...o....y.9..Y...A*.l..T.+..gr.P.9N.F.5jC..t|^.g......@..s.....3o.....D.H..............r.~^=......q_@..w..6?.v..F......\4..d:....VF..8....<6...G..8..8p3..qKI.Z %.
                                    C:\Users\user\Documents\EIVQSAOTAQ.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.839746891517541
                                    Encrypted:false
                                    SSDEEP:24:jpEWdOjUsBDAz8nrFbUy2xx+z7uJvYuPTEA/NuQ2gGh:rOjZAz8rFbUy2xoz7uJvYuPYj
                                    MD5:BB8EE3B50A2AD6E65A6FCF3104FC12EE
                                    SHA1:A677AAE45927CCC86D66BDDC9DF39393B7C2CE38
                                    SHA-256:EEC2EEA1D1BE36462273EA60F06E16CE500232B1F5468B8F897F53E1817F4659
                                    SHA-512:A90598F01E6B2F38D7EDC0E2F730F863788C2C6C7D32B9BEDC46C0056977B883CDD4A1914A0C3E32AE03B8A1508FBBB18C21AD9BBAF7E293EA7D631CAEA50F5C
                                    Malicious:false
                                    Preview: 9..qs.s..[,N...H.1(Z..4..#.z.Ph7..=..eE..~....=R.e.zU.1*i...D.S.D.6w.x....i.......x.Z.g7..kNN.....E..l..k.i....@]'F.im0<C...u......B..q:.......v.2....b...(\...g..r.<.$....V.......TtG........q.V/..Q~...,.......u$....]@"...{...;.&....>.J?.;V.w..l .O5OO.....<.....N..5[d..\'..q.......n4.......1..a ......6).......b...a.A.R..s.DX_..A...-.b.$yS.f..W.t>..Ta.m.j.~9.i..q......G{...p.|9.Ev....xM<.].N..Uq~..[LS.).9..t.8X.giG...&_...p(6.,M.Fg...CF.SCS...[...0....X...R.y..@=V.k.!.t.<IK..../..}6#e.o(...L.......Y.r...w...,q...fa..nP0........4.....V.<.?.J.F.El.'<s..3T)Z,B.b:Z...!..~...8*.QQ.....U.j].....o$..lO.<.]..y.-'E..e.sX.......E*swJV.i.j......H.u*....}.j.h....^)..:J2Ix.0x.....4.!.0....ud.n.q.L...."f...W..SK.t!`Q...``.I....d$M.P.98..)AO..R.............H*&..8&..F......9f.Z+.S.[T.......!pxQ.e..!.;.S*..8V3.B..'.?........r........M1...(.s*2.S..T.^.E.8v5`.Xf....."U......7{.....T"..].b....y;.{....M...A...%w.......I.o......-l.-..xD.k.....=\.....5..B
                                    C:\Users\user\Documents\EOWRVPQCCS.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.831229060048701
                                    Encrypted:false
                                    SSDEEP:24:JSq46NhJExI+yBdpQMPRcIVqX43UjdjtzEA/NuQYlXzNtP:sT6N4qvt9PRceqXwUjdx4VtzNtP
                                    MD5:494982473754D08CB2FD31A0D636698E
                                    SHA1:31CE960A92C2E919EFF446EB4EB661BC296F4239
                                    SHA-256:B0F3B31D89D3BC6488D0D5C9BC4273EDD959C1F7F1AF9B5DC6490C67E8F6928F
                                    SHA-512:2E7BF540AD185C9EF54FFB35E743591D3E13D2B8E402154E51DD91FA1C8526FE99230298ECC777E0124E38B888615DD827CE414DC47943BA9C0D8E043B669EC0
                                    Malicious:false
                                    Preview: .;eMN.L....)JL..D......P..]....()..6Ab...4.....J..{D..o..sE!..f1...wfk..a.v.Z......^-.-......P..$...A>|g.GNn...W.De.......3d(......^...QY.U.zv....|...uL...n.9..^.....<.zA.^.....n..o|o..d.........."......4...5j...Ed5Rg..X.(..y.m...^.f:.6.|3..QY.G\.....<.*.H..'0......f.r.$t..........*..^.`[1..n|..n.$......r.b..o.DP.3$..@q-'|..V.g.vg..Z7<.....^...32..do.`[&.txru.......V*Wc.9.`.e{..*..AJ7r.axn....'\..L.U..E...t..:0A...1A.sh...-...kJ...hH....;G...32]z0.Q..m`....*:U..S..0.......FY4..j..........Y^.:....b.).QZ.8.).......7..1.....G..t.*Q.p..0....Hw.....e........g..0"pO..<.....+.........@.C.t...|Gg..H]J.r.ln.Y...".F..PK.......]....!.qV^.&..n../AW.au.&\..Vco.....T....U............L.6.2\..:...hA.y..PK*..L....._+B~...ky....<.v.L:...,].\*....C.{_1-........Y'%Q\....C.]./f.Y.kF!..H5.]..1w....:.._.,..M.Tt->]..Dz....^...e*-.....j%..G`Q....0..X......q=.S|3h...|C.FJ.3L^.Q..W.A[.o..RiYF..k.gH..Y...@.I.[....k.s8...#W............%.%0@.....
                                    C:\Users\user\Documents\EOWRVPQCCS.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.836869072585811
                                    Encrypted:false
                                    SSDEEP:24:KpedM2EbcOaxMz0py+ZPcrhYHcZxPE3X6eH50DEA/NuQKg8CR:oz28cQzEyuENYH8xPEfH2IzxCR
                                    MD5:468B6E60556D4FE527F3832DC40C7DB6
                                    SHA1:C0C029699D0A8C68508F6FC3B4741CF3E367726F
                                    SHA-256:2369D4DF3F76D733A014071B05ED332A90050A9D28A58A7F6735BEED01710C23
                                    SHA-512:4B8977B325D8A5C4C8FA5CC0F304706DD1D4B6964D1A519FDBEF10E48FA81A487A2A29C8494AA5C66B627ED8D8C95AAD04C2453B31A0503D14BD3F300E5C764E
                                    Malicious:false
                                    Preview: 9....De)=O.%.k..[...^.....!b.c......\w.9....e....n"..X.1...?.Y.q....l4..:..`cz.r.G..a....5..[.=.e4O..L...@..WOCo7x...+J.............\....e.....p.2..\M<.a.h..Lm!&.2K~.HE/e.Co..."O.@+..fw.'[k{^|...h$...vb{..H.8Pzo)U...............#..%.y.w%.U..p......4.B...i....8.wa.6k.oa.(.f.r.BJ...>.a|...%.*.!.m%[N)M...6......s...-K_.-E....,..\.}..,.>.7a.q..m..3....Gh.....,...Z5=.1{.+.m3....`kid.ys...D...V...Py<_..../._...v._.3...F]..A ~.....nX..5..}N.j'#.f...;ai.O=....}...c.P.c.:n....Z.BDc:.k..P.`.o..u...9.r....9..q...+@...E,Y.@ .$8..Y..8...<..8....2l<.Q.D..O..iI..?......X.....-.......t.(..6.]..J..2...4..l.r8.$.vU..........X.n-...D......Y.b..\)j.l.Gq.eT{...7..G...A....4...p..:d.m../.K...W..S<.`......Q.g.&./6...r.(...J.2P..OX.."...{.=....kv?y..X.O....C$.sJi...-.....A...1..~Pr....9.^._....>.8U.`'.....s.`.{..+...o.W>TZ..!e5H{s.{\..b.%.;.p....9;n..)..@.`.).<.}..l....U.kD_!..Q..V.7.....[i .a..J#..'..'.R3qm...D..`...r]`.%7B{...}.......rr1.m........g.W..
                                    C:\Users\user\Documents\EOWRVPQCCS\EIVQSAOTAQ.xlsx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.837949422156013
                                    Encrypted:false
                                    SSDEEP:24:burQ31Xgq/I0W2PBCGrDKeeQpVXRC0wlJgooXxMDO7NkhdtzWEA/NuQfd:AiVS0pPBFSPQpKlhoBTkRzvs
                                    MD5:5B3376FBF073DFBBD192C5A9CB69B9E3
                                    SHA1:F3A48755842D23EF651A49FD5BD5E44B0D3F1B4E
                                    SHA-256:22D828F512B2B1B806B96172AF7F66471D1E1777B02D401A9E8469A2A7C0B75C
                                    SHA-512:C421BE7154C7CB4C6603C7013A278FCEE0EB7D3D53372D246DECE2BB2C763A318E9700372AA8ABBF0656E1DEE4DC66FBA5CC1BB89C9521FA78727216C96FE732
                                    Malicious:false
                                    Preview: [...s.[.-K.w....d.[J..f.,.#..3.l..._..%.ek.L...lK.v.....d.6.j..?(....U.4oS.S....K.g.2....O.......G...c.....aRU.T^....r.l|........D@c.X...S.U....o.}$1.B*V..I...v...n;......w.#5......$m...W...3.7I..9}.-.. ..aY.=..B..N.y.DC.. .[..&...G.1v%.R.~....K....^.Q...9.f.3.f..#.-..z.&N.Q.<*.........m.<Yae..{..t...N.3.M}M.].....Nz......!.@.....P`.?....2...p....A.f..Um...|.....$t..(.Y..c1....V.O..1-..zB8....w[...5.Ia>,h{;..g.??..#l..r>j.!.</..../.3.V...m,R.j&c....Y..?...$....\.i..>*...$..6bJ{.....[:......u.O..%.....d..icD.>..bs-..6B...5....)....,N.%8..ea.... .(.9./.1../Z.9.%...V..@+.u/*6.o..1L.$....3H..]..*.c..C]...ew.||._..`..i........j..C.)S}.{md.(.".....+v.P...>....y.4.oUg.A...#..f0..~*.L5......c$....7}..o...:.m......`....!...xc=/...@.L....q.Z".g.?.t?..,..\J....5..2&.V...v..YN..a........L.Qor....{.jhF..G.3.e...eqN........;... Jw[....F5Dz...R......."..1C)..Y?.G...9.....hC.&*........].;.fq8.D..ki.. .N.Z5~T.../..n9+.p......I.!.p60.}...^.c.....
                                    C:\Users\user\Documents\EOWRVPQCCS\EOWRVPQCCS.docx
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.837282717751052
                                    Encrypted:false
                                    SSDEEP:24:GMqkfFnufxxPMkRiPxuCz72Jj8338oc98g9w4LpzcolCHvUEA/NuQ37p:fFnupxPfYP0TBagtL3lCBw
                                    MD5:591FF89BEACCDF20D2F9FA027CDB6A8C
                                    SHA1:628C4528512E76A587EFF16BF482DF2B9BCB8B2F
                                    SHA-256:058CDFA3BA3AC7978F42B372ADC25CCFBD29CBD4C0E1D2B6C67ABC44FD00A259
                                    SHA-512:01CF75B580595CDE1F063A32382A2C2A6F8F5F27E084AAA6FBB85AD13B755C7B217D261BC32C6288CC56D08BA624FCBA212C7D112D18C9F8E2B8CFCE04A0A6CA
                                    Malicious:false
                                    Preview: .....K.....;.@Yo..z.p.......-9e....n:.*...z6Z.r")j.. ..9.~..M.z..k7..P:.<.J]:.P........}.s.B......`v.6..@......k.9{.X...I...s'....oa.x.7l.[.P..-_&@.HZ?....c(.........'..2^A.(...=....PbAXW}'....1.2....+..W@nJ...5l....._..)..x.'J.U.....=P...w...3.y&)4.!.......MP..u.......**t#.8Y...._@...C.b..hh..Z..%..i..`k......U.R.......@,..3........."@wB.".%....S..A.T...Yx....P?bI.7.....L.9.G.s@...}..~.U..)...-..l.y.jT.No._Z.Y.+..yV.....<..=..t.N..<....VK.DX.<.[3`<]....RN.X..P-......So..T[g.v....H... ..|J..4{........1._U.h...`O..."...o...A.P`..|........`4...w!..9....l..E...#..ie....k.....O.....;M.H....;.H0....../.W..2RzX.1.W....RW%.PF.z'.R.G....9..O....{....}&...[..S>B.D.D.)...C..;%B........7.W.pp..B;....E.'.."C..D.&s....ec...t.{s.]...b.?SMu......,C..D.Q6rD.P)R.....8._.L..C...v.;.....Q..H?U...t.V.........l1..c;{+d.;A..~+w..<|..-].c....9.)o.....'i$/..m..w..o.~./..N...j.q.2X+......K.T....mp.......F....".z.......6..}\e..>.\...<&...z...mp.-..B.....I..)}.....N.)
                                    C:\Users\user\Documents\EOWRVPQCCS\GIGIYTFFYT.pdf
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.859218952944182
                                    Encrypted:false
                                    SSDEEP:24:QH8xtx9oTP0f4ojELP5tGOduhNDoZeChtges32nKiGQDeDWX6mPEA/NuQo386:QH8V9uPl+0P5tZmNEgCtXA2nKiGAeDWg
                                    MD5:E4E6414BD6E162257BD57BCFC0E73A70
                                    SHA1:1F4519C95C0937D09DFA64523C2B470009637E57
                                    SHA-256:BFB4B54E13D77110741A5A6EE85C328F5D1A3F93A841BD59F895AFDFA3991126
                                    SHA-512:2D389EB22A2BCF6D77636DBDCFF93012471F03C5A94B362A8B670CD5B59E722BD7B1847056D0993CCA1CF318020433102F07D919805C95200F0A3BD155CDC05C
                                    Malicious:false
                                    Preview: ..9.D8.I.fbDp6.,S.PB..U.t..!.....a.."t,..SC...3V ...{..re#f..Qk.........G....!....5.N.D..=b...3'.....C..&.......|.)..g.....o...a.^.............V1uM!=e.G..k.......6ZO..........Z<...m....@..U..U5...i.*,..!.ks1Jc..X.g`...v.E?Pv.g>.">2s,.*j-..../..V.2e....X.\.b2...+.<......u..)...t.\@.....D.$.G....-...G-`.8..p&.1#@..,.9.....?}.....>.y;`....6|.y..S......<.'.m.z.r._!....; .._m....%....M..."n...;2-.J...P`.......[....('.4q..O....4f.x..;Q....U.....H...kb..c?l...5...Ur.E..W.....!...^..O.>.*....B?.......NH........"..u...J...N...G.F!X.q..l.........H..AC~.......P.L...}.....?H. j~/..b.....g...../Wh@...F...s..D.h..RO.u..s.}.mxG..hR@.........Ib....T..HH.?...:.....6J..c..V..-....k$..W,..\.......Hh..R.....k.....*.5...-....yR.H.3.7...D..u.pIB.o....M..L.....W...}Q..b7F.g..TL....O.VEn.tw.5Dk..........|.....7."....lD..:.f#/\kB.+.z.........y..P%.r.#q.Z..fN..H.b.w"n.{......6w....>!G..T..k.{X=...7.........F#...+.;D.i.3D.]w>M2".....+..7.>?|.0..o8i.R..<....\
                                    C:\Users\user\Documents\EOWRVPQCCS\QCOILOQIKC.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.845556249144181
                                    Encrypted:false
                                    SSDEEP:24:tFwLHu3ydjZIDGApbsZ4owJHIkE3VP8+3yE6Pl/It/8bGl2WQWsEA/NuQ/M:vwLHucjwuZ4oAwO+nQVYUmOM
                                    MD5:96BC75F0AB34774D6C1FDCAC172D4074
                                    SHA1:F3E8BFD640088128F4AADAB6CF22E47466554D67
                                    SHA-256:14AB8B1A1EA09E60D40D577513DC13EEE46A04C4CCDC174BD598ECFDB326900E
                                    SHA-512:04D5F946B7C6B99A264109A452E8E0288B59C70D0DE034386C69A04ECDFFE704E93F6F862E78A45DFFEA496AD4D9C975EBC9709DF2A6BAEA0E16D43F5DD0A261
                                    Malicious:false
                                    Preview: .=^v.La...N.~.....UY#.....Ba..B... .I*^p.....eaTL."qZy...i..}. ..[....H....M..|l....W......HW.4l.i7.._[..&0...5W.["....a.....q..=p.vA...U;.~*U.g\.oX'.&........6....fB(..l.MM..+gR.....<.8P.S.....-.)../3...3...>..Om2....(3.H+...e9^(.{.....Cn.q..]..9=:...2P.....Dj..%(C.fL.}...B......,s..;.g..8R.M..c-....i.Ow..k)T._.b,%.....K...G.*...ut.5`.... ~.....t.3..^.>.y.i.l.puz.....R..V..H..../......z....... P]......W.!K=.44.\>.X......;......?...n.yW.2q..&s...+....J..^"...@.p....~...A\9.. .....H.s~0z~|J.*....l...;.....v..>....`...TK.....V.p=.;...i..<...Y.....uC~.P.q..Q?..K.......)..k.q...5Y.......\..d.s.o.B.jf...`...s..u.W...9E.....mnz...x.Y.\.a....\.L.....efZ..~..p.U........_..;#.i..kv.'.E....s.J.....N.7..v...z.k..l.0&Q..Wm.E..%?P..YhEdn....t..,7...:.w.Z.Z..4.=.cY.C....}.x......B..........T.(.".C:0...U....-1..0.!.......q...T... ...6........u.....Q...D..R.u...{...h....6f......2......5.Z.Ma.st@.\.Kx@.y.T<.&..1;F....7L..<?......O....}.^*.K2.K|-..+-.4.A...'..a...}.o
                                    C:\Users\user\Documents\EOWRVPQCCS\TQDFJHPUIU.jpg
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.858981027340522
                                    Encrypted:false
                                    SSDEEP:24:aRRHNaoOpclTsZaa+g+Vs5lgll0o25luSpN/9dpEJrQChNnu+i9EA/NuQRMQ17:aRRsoIWoZKg+jluoDM/r6rFruKc7
                                    MD5:1B2AEA4067A598C1AF6BA0DA9D74F3AB
                                    SHA1:AB448206AC4D361A502F7AC6780D96B198B5456C
                                    SHA-256:ADF0A5A93194F53FB4766D82FE836FB55CFF15889B1AA017026DF36B556E7558
                                    SHA-512:81E213A7F1ED0D8AA489B2F663285CFE17034C0DF05F9E52F052203D8AAAB5DBE77CA5B4C245F101F1FD01B214E6A414404706B7F7A47EB65C89B5A817176A59
                                    Malicious:false
                                    Preview: <nn5....[.....G...=53*.J.Lx:{.....SX^..~..?V.k...>r...l.`.!3....6o...i1.J.....mw.Aik2.n..w!q0m...z...5|.Z.n.....k.s0......CU.F{...v.m.6.?..N....N[;.N.)-..".H......H2h.....q^"..1...H..{...FCgW.z.........-.\...Z..F-.W.Jl.^.=.sHw.RU.Z..,r.k:...3.FG...R.{........e..x..iO.`.....@.R..E.gNL.}..r...tN.SN..M.8.....AG..n..i...-.....F9rw&.[4...k.j....Q.o.`.....9T}...i.W....qL=..p1)B......:..`.2..{.."....]9.g.m(+..J..Y..^..f.c.S.z[..,0l.5SqN...)1...]3p).q....EM"......H98B}..C...f.c..h..5...m?..<....Tz.....T...3W..*.{.m..b.ol.......N.5..@...6...J)...^.)..P.+.x.....P.[?..-)m..v..."2...r...\V..8A.{....6iyK].........u.er.T.z..r...i...d..S....$.E9.|....n..y..Ir..a..6"*Y.9....1..T.........O...q.z.J)5B.5.=....M...*.0,Yg..r..A...?4..K.z.T..F4<./?....KG+XC...H....^.=...1..Jr.._.2..)83A3.%.L.(.2. .j@...@.._>7z........8?_...t(.6.^...R..0"C.V.........Rq.-.=}.~....L..d.j...Bq)Q.0.#..cm.y..V...4.K...L,.G\...CYm.e..|.7.N....R8.)..$...'.:.O5{'.{..k.4.B..%.pP.~.c..ry.i...
                                    C:\Users\user\Documents\EOWRVPQCCS\ZIPXYXWIOY.mp3
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.841878395225606
                                    Encrypted:false
                                    SSDEEP:24:wzVRDdr6rmZVQ5fbnsLoPPGC5IreFpTbC2b+c7RVBAoHdEA/NuQJvx:wRRJvy5jrmmpLH9EoOwZ
                                    MD5:9E78ABEFF52EE27BE401E9DDEF6F50A2
                                    SHA1:11BC24593D9964216739946FDF538D0B7F77657C
                                    SHA-256:0C57A99AA522AF2F095F051A8901D664025A8AECE38182FFC42E03F2D3DCBE89
                                    SHA-512:7DED53A6823C40D919BCD21430B6E041B3D7193C99C73B373560BA12188E8DABBFA272EC6CB28AC7430ED82981C86A77B7EA16A430195B2C3C1AF339C81241B0
                                    Malicious:false
                                    Preview: .f.+.r..fg............P..........`9.0.4m.i..9q.W...8......_&G..t.}>F.. ..dt>m.'..0.R4."G..a.-r.N...4.{...e...&@.....T./.T.2..8...S...h...\P.M\..V..j.y:S.R.H`&..Y........d.6x5.|..g...c..B...a:.[q|...b0#.}^t^..S4...%Ip(.....q.5D.~W1.9OW...A......W.......-....... ..E..y..(...Fz.....b...J!FH..O.h.6e7.Fs.......,....Jr{...%_. ..C.|.'\.b'*..cY.r.....X....y...>.~Q.\'...............`...d..j..Y.(..4..3;.]..I......*3..;.@I7+.....g.y.../EV.J......oC.ah.CY...2.|.....'=...........UE.L...8..W..6.6....1...d.'....'....p$.....X..q....d4.].{$......5.s1yh..-...R...M..?Sh~..2..M.....r|...dUB.....3.%.U.....>f..7+..p(3;E>..,.O+.bA.. ..S..Rf.7K.j..hp.E.W..>.Z.t..I..0..y.k.,\.i).....x........K.MS.V.<m.&..:....#.MV.q-. ....4.4Z._...j">....K1......2p....bRsVC~......]......1.U.!. ..'....J.dh......'e5.mi|..>M......K....0.s.v.\..hm..6..>|..2...;...6..2#h...e...m...C.z^<..[..4\.o.B..}..ts.........V-.eA.N...<yC....]..Z.\.8.....6........*.....Q2(.W...D.k}.b....;3ka..
                                    C:\Users\user\Documents\EOWRVPQCCS\y97fy-readme.txt
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6934
                                    Entropy (8bit):3.870905813903548
                                    Encrypted:false
                                    SSDEEP:96:GLtiNsQNxU3TPPIWl0mtib28iN9yin44JI/M9gkyd9Pr+5u:GLtb3jP70mMyB9yH4JIE9jSDx
                                    MD5:16E07735A7458D6EEBD4AEC2E9A9AD5D
                                    SHA1:506057B2CCC10A495929471BECE0EC34D4B636C7
                                    SHA-256:5709784D2706C3522E16C1B89599ACDFD5831C2B33C3804E501DCFE0904688D8
                                    SHA-512:7DEFDCBF73BDD7E5BF72C746572ED365AF894553E0BA0BF196894697DA43BF0D7E3CA7DA959ADE81E61F2DA4F7496F7801ECE10FFDCEF9A4BCBD2C29BA18A69E
                                    Malicious:false
                                    Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .y.9.7.f.y.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y. .w.
                                    C:\Users\user\Documents\EWZCVGNOWT.png
                                    Process:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1258
                                    Entropy (8bit):7.845088613331077
                                    Encrypted:false
                                    SSDEEP:24:U9IqNXz3c1qMzeHqtDdPQM0dCrqr+Wzwg6jaEA/NuQO10:0IqtzSFyHNM0dWWzwXfC
                                    MD5:37DCBA2ABF38A9AEA6ECF0913E2A6690
                                    SHA1:D52EA8379327E19281896EC3333D27BFDAAFBA4E
                                    SHA-256:F0A185F04FEA43EA18A6C9FF421B58C26546D1C14F212F9FE43B6D88840C9C5E
                                    SHA-512:B917AB4EDFDC1775830BDA53C23DEB5AD71D3A25B5B651D11C22F2C377EC741E0C290C72C58C751D82A666B241B340DBBAD3B8380510F4ED72FFF2D79643F7A1
                                    Malicious:false
                                    Preview: ...'...E$5,....5..:I...T........QL^..}#N..c.!0S...O%.t.mU..0p..h,.......?d....gvr....n.a.w~.1..f...].1G7 g.].H.......)u!.B..'./...n.YN..2.-@H.._...Gbyn.L.9.wu..dUMG:.....6..c..<,.[..q.!i..U|."..v..d.a.L.<....x%.....es.@!..u.....%....g....Kr#h......v{.=.0._..................@..(..H.......0..73..7z.9..P..p.:.)l...^.UL.k.=hnL....}+..%.JKm......S.:....3H.G.* ..py......Q......g9.GK.?..Y.....k.$.{.X.m....$b}.Fw...8.e]....[.Q.{r.r..L.,..9..(..~wQi....y^n#.......I.m[.I...q`.P.T.u..g"...p.y;..#..!*k@E.Y......~. .7_....w4..=x2-..m..5..lH.....xS........*.4#..a4..E.i*E`..PwN.@.>x.8.g.3.E.*"..F.\....T.~.M...k..)..8.......Fx.j.He^.7..g...p.C?@..XF.....wM.....H.qp.6.{.......R.....`.d.=.U...<...H3..SU...e.z._C..4.l.....`~..r...s.../....?.d?>Q...5g...t:.3..j;HJl../l..2Fiw.....T}.x)A...D.9.u.A&Z.n{...).(a....T...Dx..3.Y.i..3.;...y.......}I...".`...|.h..3..S1....'....&.9.h:..i}... &.~...&o...7?.s......'..|.).G(.....#..|.v....<.h..8)5..E'3o.4...h.U4.N..3...S...

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):6.572013798805503
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:c647b2da_by_Libranalysis.exe
                                    File size:119296
                                    MD5:c647b2da83ef8e1a790d1e0e25898780
                                    SHA1:02871c02e581ad345f1c438b6c8c730cf2d2f534
                                    SHA256:6c5ddbe058da35b2731fe10234520a6bb78604f860ed4188a1bd07e62fe4ec11
                                    SHA512:f169ebc4ffbb3d0cf8f526e0cde89706b4521086ccb0f7653cd881b595aae2727891e8ea3eb6bace263d704b0ef9a0151094c03b7c1800cb5d4e54eaaf3453e7
                                    SSDEEP:1536:/Ilhrm++mJ0eYjT7LUrACph77pS2i/ICS4Anv++nUSAXvzSPe0+WMpi1NjJiBty:bfcrh7tJFLUdAj11Ji
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............[...[...[...Z...[...Z...[...Z...[\d.[...[\d.[...[...[...[\d.[...[...Z...[...Z...[Rich...[................PE..L...8SY_...

                                    File Icon

                                    Icon Hash:00828e8e8686b000

                                    General

                                    Entrypoint:0x404132
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE
                                    Time Stamp:0x5F595338 [Wed Sep 9 22:12:08 2020 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:5
                                    OS Version Minor:1
                                    File Version Major:5
                                    File Version Minor:1
                                    Subsystem Version Major:5
                                    Subsystem Version Minor:1
                                    Import Hash:51cbf4b0582030975a5fc6e5d582538b
                                    Instruction
                                    push 00000000h
                                    call 00007F2344B75296h
                                    push 00000000h
                                    call 00007F2344B75B7Ah
                                    pop ecx
                                    ret
                                    push ebp
                                    mov ebp, esp
                                    sub esp, 2Ch
                                    lea eax, dword ptr [ebp-2Ch]
                                    push esi
                                    push eax
                                    push 00000018h
                                    pop esi
                                    push esi
                                    push dword ptr [ebp+08h]
                                    call dword ptr [0041108Ch]
                                    test eax, eax
                                    je 00007F2344B754A6h
                                    mov eax, dword ptr [ebp-1Ah]
                                    imul eax, dword ptr [ebp-1Ch]
                                    push ebx
                                    push edi
                                    xor edi, edi
                                    inc edi
                                    movzx eax, ax
                                    cmp ax, di
                                    jne 00007F2344B75316h
                                    mov ebx, edi
                                    jmp 00007F2344B75338h
                                    push 00000004h
                                    pop ebx
                                    cmp ax, bx
                                    jbe 00007F2344B75330h
                                    push 00000008h
                                    pop ebx
                                    cmp ax, bx
                                    jbe 00007F2344B75328h
                                    push 00000010h
                                    pop ebx
                                    cmp ax, bx
                                    jbe 00007F2344B75320h
                                    cmp ax, si
                                    jnbe 00007F2344B75318h
                                    mov ebx, esi
                                    push 00000028h
                                    jmp 00007F2344B75323h
                                    push 00000020h
                                    pop ebx
                                    mov eax, edi
                                    mov cl, bl
                                    shl eax, cl
                                    lea eax, dword ptr [00000028h+eax*4]
                                    push eax
                                    push 00000040h
                                    call dword ptr [0041109Ch]
                                    mov esi, eax
                                    push 00000018h
                                    mov dword ptr [esi], 00000028h
                                    mov eax, dword ptr [ebp-28h]
                                    mov dword ptr [esi+04h], eax
                                    mov eax, dword ptr [ebp-24h]
                                    mov dword ptr [esi+08h], eax
                                    mov ax, word ptr [ebp-1Ch]
                                    mov word ptr [esi+0Ch], ax
                                    mov ax, word ptr [ebp-1Ah]
                                    mov word ptr [esi+0Eh], ax
                                    pop eax
                                    cmp bx, ax
                                    jnc 00007F2344B75319h
                                    mov cl, bl
                                    shl edi, cl
                                    mov dword ptr [esi+20h], edi
                                    mov eax, dword ptr [esi+04h]
                                    xor edi, edi
                                    add eax, 07h
                                    movzx ecx, bx
                                    cdq
                                    and edx, 07h
                                    mov dword ptr [esi+00h], edi
                                    Programming Language:
                                    • [LNK] VS2015 UPD3.1 build 24215
                                    • [ C ] VS2015 UPD3.1 build 24215
                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xfc000x50.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1f0000x67c.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0xd0000x38.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000xb1d40xb200False0.577203300562data6.55872143942IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rdata0xd0000x2d320x2e00False0.672639266304data7.81370312055IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0x100000x1f980x1e00False0.872395833333data7.39252711758IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                    .cfg0x120000xc8000xc800False0.5702734375data5.50158276777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                    .reloc0x1f0000x67c0x800False0.72021484375data5.93627126096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                    DLLImport
                                    KERNEL32.dlllstrlenW, SetErrorMode, VerSetConditionMask, CloseHandle, GetExitCodeProcess, VerifyVersionInfoW
                                    USER32.dllMessageBoxW, wsprintfW
                                    OLEAUT32.dllVariantClear, VariantInit

                                    Network Behavior

                                    Network Port Distribution

                                    • Total Packets: 71
                                    • 443 (HTTPS)
                                    • 53 (DNS)
                                    TimestampSource PortDest PortSource IPDest IP
                                    May 3, 2021 20:03:42.429181099 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:42.592386007 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.594321012 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:42.604743958 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:42.769817114 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.770767927 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.770792961 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.770806074 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.770813942 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.770960093 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:42.773155928 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:42.883337021 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:42.965646029 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:43.129564047 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:43.180524111 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:43.263318062 CEST49721443192.168.2.5216.55.169.119
                                    May 3, 2021 20:03:43.345144033 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:43.345176935 CEST44349720108.179.242.122192.168.2.5
                                    May 3, 2021 20:03:43.345318079 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:43.345340967 CEST49720443192.168.2.5108.179.242.122
                                    May 3, 2021 20:03:46.267539978 CEST49721443192.168.2.5216.55.169.119
                                    May 3, 2021 20:03:52.268959999 CEST49721443192.168.2.5216.55.169.119
                                    May 3, 2021 20:04:04.486130953 CEST49723443192.168.2.5204.11.56.48
                                    May 3, 2021 20:04:04.648471117 CEST44349723204.11.56.48192.168.2.5
                                    May 3, 2021 20:04:05.148896933 CEST49723443192.168.2.5204.11.56.48
                                    May 3, 2021 20:04:05.311674118 CEST44349723204.11.56.48192.168.2.5
                                    May 3, 2021 20:04:05.812963963 CEST49723443192.168.2.5204.11.56.48
                                    May 3, 2021 20:04:05.977421999 CEST44349723204.11.56.48192.168.2.5
                                    May 3, 2021 20:04:06.203001976 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.252749920 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.253766060 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.256027937 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.316993952 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.317024946 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.317043066 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.317054033 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.317101955 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.317146063 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.330259085 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.380120993 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.417773008 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.417910099 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.467710018 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946131945 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946176052 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946198940 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946222067 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946243048 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946285009 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946296930 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.946307898 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946333885 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946377039 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.946414948 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.946440935 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946461916 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.946511030 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.998754025 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.998776913 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.998790026 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.998873949 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.998891115 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.998943090 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.999011993 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.999020100 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.999027967 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.999058008 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.999118090 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:06.999403954 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:06.999437094 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:07.049047947 CEST44349724141.138.168.129192.168.2.5
                                    May 3, 2021 20:04:07.050683975 CEST49724443192.168.2.5141.138.168.129
                                    May 3, 2021 20:04:07.137819052 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.184533119 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:07.186055899 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.186919928 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.233795881 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:07.239290953 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:07.239320040 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:07.239331961 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:07.239437103 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.244786978 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.291922092 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:07.300544024 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.300602913 CEST49726443192.168.2.5188.68.47.33
                                    May 3, 2021 20:04:07.347260952 CEST44349726188.68.47.33192.168.2.5
                                    May 3, 2021 20:04:10.076471090 CEST49726443192.168.2.5188.68.47.33
                                    TimestampSource PortDest PortSource IPDest IP
                                    May 3, 2021 20:01:58.300434113 CEST53522128.8.8.8192.168.2.5
                                    May 3, 2021 20:01:58.602488995 CEST5430253192.168.2.58.8.8.8
                                    May 3, 2021 20:01:58.670954943 CEST53543028.8.8.8192.168.2.5
                                    May 3, 2021 20:01:58.806092978 CEST5378453192.168.2.58.8.8.8
                                    May 3, 2021 20:01:58.856895924 CEST53537848.8.8.8192.168.2.5
                                    May 3, 2021 20:01:59.210128069 CEST6530753192.168.2.58.8.8.8
                                    May 3, 2021 20:01:59.258919001 CEST53653078.8.8.8192.168.2.5
                                    May 3, 2021 20:01:59.294553995 CEST6434453192.168.2.58.8.8.8
                                    May 3, 2021 20:01:59.343189001 CEST53643448.8.8.8192.168.2.5
                                    May 3, 2021 20:01:59.457005024 CEST6206053192.168.2.58.8.8.8
                                    May 3, 2021 20:01:59.519371033 CEST53620608.8.8.8192.168.2.5
                                    May 3, 2021 20:02:00.613730907 CEST6180553192.168.2.58.8.8.8
                                    May 3, 2021 20:02:00.665494919 CEST53618058.8.8.8192.168.2.5
                                    May 3, 2021 20:02:02.219238997 CEST5479553192.168.2.58.8.8.8
                                    May 3, 2021 20:02:02.268049002 CEST53547958.8.8.8192.168.2.5
                                    May 3, 2021 20:02:03.311141014 CEST4955753192.168.2.58.8.8.8
                                    May 3, 2021 20:02:03.360574961 CEST53495578.8.8.8192.168.2.5
                                    May 3, 2021 20:02:04.473522902 CEST6173353192.168.2.58.8.8.8
                                    May 3, 2021 20:02:04.525070906 CEST53617338.8.8.8192.168.2.5
                                    May 3, 2021 20:02:05.505935907 CEST6544753192.168.2.58.8.8.8
                                    May 3, 2021 20:02:05.557316065 CEST53654478.8.8.8192.168.2.5
                                    May 3, 2021 20:02:06.859144926 CEST5244153192.168.2.58.8.8.8
                                    May 3, 2021 20:02:06.910713911 CEST53524418.8.8.8192.168.2.5
                                    May 3, 2021 20:02:08.440289021 CEST6217653192.168.2.58.8.8.8
                                    May 3, 2021 20:02:08.491761923 CEST53621768.8.8.8192.168.2.5
                                    May 3, 2021 20:02:09.616789103 CEST5959653192.168.2.58.8.8.8
                                    May 3, 2021 20:02:09.667256117 CEST53595968.8.8.8192.168.2.5
                                    May 3, 2021 20:02:10.796694040 CEST6529653192.168.2.58.8.8.8
                                    May 3, 2021 20:02:10.848139048 CEST53652968.8.8.8192.168.2.5
                                    May 3, 2021 20:02:12.728827000 CEST6318353192.168.2.58.8.8.8
                                    May 3, 2021 20:02:12.779517889 CEST53631838.8.8.8192.168.2.5
                                    May 3, 2021 20:02:15.593241930 CEST6015153192.168.2.58.8.8.8
                                    May 3, 2021 20:02:15.651591063 CEST53601518.8.8.8192.168.2.5
                                    May 3, 2021 20:02:19.079441071 CEST5696953192.168.2.58.8.8.8
                                    May 3, 2021 20:02:19.226677895 CEST53569698.8.8.8192.168.2.5
                                    May 3, 2021 20:02:40.577353001 CEST5516153192.168.2.58.8.8.8
                                    May 3, 2021 20:02:40.626161098 CEST53551618.8.8.8192.168.2.5
                                    May 3, 2021 20:02:54.374624968 CEST5475753192.168.2.58.8.8.8
                                    May 3, 2021 20:02:54.426657915 CEST53547578.8.8.8192.168.2.5
                                    May 3, 2021 20:03:20.809473038 CEST4999253192.168.2.58.8.8.8
                                    May 3, 2021 20:03:20.861149073 CEST53499928.8.8.8192.168.2.5
                                    May 3, 2021 20:03:26.428952932 CEST6007553192.168.2.58.8.8.8
                                    May 3, 2021 20:03:26.490875006 CEST53600758.8.8.8192.168.2.5
                                    May 3, 2021 20:03:42.219316006 CEST5501653192.168.2.58.8.8.8
                                    May 3, 2021 20:03:42.403294086 CEST53550168.8.8.8192.168.2.5
                                    May 3, 2021 20:03:43.191808939 CEST6434553192.168.2.58.8.8.8
                                    May 3, 2021 20:03:43.259711027 CEST53643458.8.8.8192.168.2.5
                                    May 3, 2021 20:03:54.419575930 CEST5712853192.168.2.58.8.8.8
                                    May 3, 2021 20:03:54.492471933 CEST53571288.8.8.8192.168.2.5
                                    May 3, 2021 20:04:04.302891016 CEST5479153192.168.2.58.8.8.8
                                    May 3, 2021 20:04:04.483977079 CEST53547918.8.8.8192.168.2.5
                                    May 3, 2021 20:04:06.136522055 CEST5046353192.168.2.58.8.8.8
                                    May 3, 2021 20:04:06.198676109 CEST53504638.8.8.8192.168.2.5
                                    May 3, 2021 20:04:06.875736952 CEST5039453192.168.2.58.8.8.8
                                    May 3, 2021 20:04:06.925107956 CEST53503948.8.8.8192.168.2.5
                                    May 3, 2021 20:04:07.067534924 CEST5853053192.168.2.58.8.8.8
                                    May 3, 2021 20:04:07.134623051 CEST53585308.8.8.8192.168.2.5
                                    May 3, 2021 20:04:09.060240030 CEST5381353192.168.2.58.8.8.8
                                    May 3, 2021 20:04:09.117513895 CEST53538138.8.8.8192.168.2.5
                                    May 3, 2021 20:04:10.082936049 CEST6373253192.168.2.58.8.8.8
                                    May 3, 2021 20:04:10.585884094 CEST53637328.8.8.8192.168.2.5
                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                    May 3, 2021 20:03:42.219316006 CEST192.168.2.58.8.8.80xa05dStandard query (0)quemargrasa.netA (IP address)IN (0x0001)
                                    May 3, 2021 20:03:43.191808939 CEST192.168.2.58.8.8.80x8276Standard query (0)wraithco.comA (IP address)IN (0x0001)
                                    May 3, 2021 20:04:04.302891016 CEST192.168.2.58.8.8.80xe972Standard query (0)dubnew.comA (IP address)IN (0x0001)
                                    May 3, 2021 20:04:06.136522055 CEST192.168.2.58.8.8.80x85adStandard query (0)zweerscreatives.nlA (IP address)IN (0x0001)
                                    May 3, 2021 20:04:07.067534924 CEST192.168.2.58.8.8.80xd34bStandard query (0)eaglemeetstiger.deA (IP address)IN (0x0001)
                                    May 3, 2021 20:04:10.082936049 CEST192.168.2.58.8.8.80x7913Standard query (0)highimpactoutdoors.netA (IP address)IN (0x0001)
                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                    May 3, 2021 20:03:42.403294086 CEST8.8.8.8192.168.2.50xa05dNo error (0)quemargrasa.net108.179.242.122A (IP address)IN (0x0001)
                                    May 3, 2021 20:03:43.259711027 CEST8.8.8.8192.168.2.50x8276No error (0)wraithco.com216.55.169.119A (IP address)IN (0x0001)
                                    May 3, 2021 20:04:04.483977079 CEST8.8.8.8192.168.2.50xe972No error (0)dubnew.com204.11.56.48A (IP address)IN (0x0001)
                                    May 3, 2021 20:04:06.198676109 CEST8.8.8.8192.168.2.50x85adNo error (0)zweerscreatives.nl141.138.168.129A (IP address)IN (0x0001)
                                    May 3, 2021 20:04:07.134623051 CEST8.8.8.8192.168.2.50xd34bNo error (0)eaglemeetstiger.de188.68.47.33A (IP address)IN (0x0001)
                                    May 3, 2021 20:04:10.585884094 CEST8.8.8.8192.168.2.50x7913No error (0)highimpactoutdoors.net72.52.245.6A (IP address)IN (0x0001)
                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                    May 3, 2021 20:03:42.773155928 CEST108.179.242.122443192.168.2.549720CN=*.hostgator.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBThu Sep 03 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019Sat Sep 04 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                    CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                    CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GBTue Mar 12 01:00:00 CET 2019Mon Jan 01 00:59:59 CET 2029
                                    May 3, 2021 20:04:06.317043066 CEST141.138.168.129443192.168.2.549724CN=www.zweerscreatives.nl CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed Mar 31 00:37:16 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Tue Jun 29 00:37:16 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                    CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                    May 3, 2021 20:04:07.239320040 CEST188.68.47.33443192.168.2.549726CN=eaglemeetstiger.de CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sat Apr 03 06:58:04 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Fri Jul 02 06:58:04 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                    CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021

                                    Code Manipulations

                                    Statistics

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Start time:20:02:05
                                    Start date:03/05/2021
                                    Path:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe'
                                    Imagebase:0x1190000
                                    File size:119296 bytes
                                    MD5 hash:C647B2DA83EF8E1A790D1E0E25898780
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000001.00000000.236641692.0000000001191000.00000020.00020000.sdmp, Author: Florian Roth
                                    • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000001.00000002.504853514.0000000001191000.00000020.00020000.sdmp, Author: Florian Roth
                                    • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000001.00000003.236999216.0000000002B1F000.00000004.00000040.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000001.00000003.236930717.0000000002B1F000.00000004.00000040.sdmp, Author: Joe Security
                                    Reputation:low
                                    Start time:20:03:19
                                    Start date:03/05/2021
                                    Path:C:\Windows\System32\wbem\unsecapp.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                    Imagebase:0x7ff797770000
                                    File size:48640 bytes
                                    MD5 hash:9CBD3EC8D9E4F8CE54258B0573C66BEB
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Start time:20:03:29
                                    Start date:03/05/2021
                                    Path:C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\c647b2da_by_Libranalysis.exe'
                                    Imagebase:0x1190000
                                    File size:119296 bytes
                                    MD5 hash:C647B2DA83EF8E1A790D1E0E25898780
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000016.00000003.419064477.000000000304F000.00000004.00000040.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000016.00000003.418914620.000000000304F000.00000004.00000040.sdmp, Author: Joe Security
                                    • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000016.00000000.417930502.0000000001191000.00000020.00020000.sdmp, Author: Florian Roth
                                    • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000016.00000002.427975755.0000000001191000.00000020.00020000.sdmp, Author: Florian Roth
                                    Reputation:low

                                    Disassembly

                                    Code Analysis