Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report gVz4ueFL8n.bin

Overview

General Information

Sample Name:gVz4ueFL8n.bin (renamed file extension from bin to exe)
Analysis ID:321427
MD5:0e285f30f30dedd812295d2408f4b84c
SHA1:24e8a7a0b9fdf929e6cc4b52b0470bf4f7b6f244
SHA256:d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95
Tags:Revilsodinokibi

Most interesting Screenshot:

Detection

Sodinokibi
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Found ransom note / readme
Multi AV Scanner detection for submitted file
Yara detected Sodinokibi Ransomware
Contains functionality to detect sleep reduction / modifications
Found Tor onion address
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to delete services
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • gVz4ueFL8n.exe (PID: 5916 cmdline: 'C:\Users\user\Desktop\gVz4ueFL8n.exe' MD5: 0E285F30F30DEDD812295D2408F4B84C)
  • unsecapp.exe (PID: 5364 cmdline: C:\Windows\system32\wbem\unsecapp.exe -Embedding MD5: 9CBD3EC8D9E4F8CE54258B0573C66BEB)
  • cleanup

Malware Configuration

Threatname: Sodinokibi

{"prc": ["firefox", "oracle", "visio", "xfssvccon", "steam", "winword", "mspub", "isqlplussvc", "ocssd", "ocautoupds", "mydesktopqos", "outlook", "dbeng50", "sql", "agntsvc", "tbirdconfig", "encsvc", "thebat", "synctime", "onenote", "mydesktopservice", "thunderbird", "excel", "powerpnt", "dbsnmp", "sqbcoreservice", "ocomm", "infopath", "wordpad", "msaccess"], "sub": "5891", "svc": ["veeam", "vss", "backup", "sophos", "svc$", "mepocs", "memtas", "sql"], "wht": {"ext": ["msc", "mpa", "hta", "ani", "themepack", "com", "ps1", "icl", "dll", "ldf", "ocx", "lnk", "theme", "nls", "386", "cmd", "wpx", "diagcfg", "cur", "prf", "ico", "nomedia", "sys", "bat", "exe", "deskthemepack", "spl", "shs", "hlp", "rtp", "msp", "scr", "ics", "key", "msstyles", "mod", "cab", "diagcab", "adv", "rom", "drv", "bin", "msi", "idx", "cpl", "diagpkg", "msu", "icns", "lock"], "fls": ["boot.ini", "bootsect.bak", "bootfont.bin", "ntuser.ini", "iconcache.db", "ntuser.dat.log", "desktop.ini", "autorun.inf", "thumbs.db", "ntuser.dat", "ntldr"], "fld": ["system volume information", "program files (x86)", "mozilla", "application data", "windows.old", "msocache", "appdata", "$recycle.bin", "$windows.~ws", "program files", "windows", "programdata", "google", "tor browser", "perflogs", "boot", "intel", "$windows.~bt"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "dmn": "notmissingout.com;employeesurveys.com;delchacay.com.ar;sw1m.ru;sofavietxinh.com;samnewbyjax.com;pawsuppetlovers.com;panelsandwichmadrid.es;frontierweldingllc.com;antenanavi.com;nokesvilledentistry.com;partnertaxi.sk;tomaso.gr;levihotelspa.fi;myhealth.net.au;midmohandyman.com;kirkepartner.dk;zewatchers.com;lapmangfpt.info.vn;purposeadvisorsolutions.com;fitnessbazaar.com;brigitte-erler.com;lescomtesdemean.be;supportsumba.nl;deltacleta.cat;mastertechengineering.com;dontpassthepepper.com;apprendrelaudit.com;whittier5k.com;ladelirante.fr;mariposapropaneaz.com;nsec.se;shsthepapercut.com;adoptioperheet.fi;labobit.it;retroearthstudio.com;ahouseforlease.com;greenfieldoptimaldentalcare.com;renergysolution.com;xtptrack.com;sandd.nl;euro-trend.pl;christ-michael.net;bigasgrup.com;plv.media;wacochamber.com;jyzdesign.com;facettenreich27.de;echtveilig.nl;mbxvii.com;igfap.com;noskierrenteria.com;strategicstatements.com;itelagen.com;burkert-ideenreich.de;cleliaekiko.online;baronloan.org;slwgs.org;wolf-glas-und-kunst.de;hardinggroup.com;mousepad-direkt.de;4youbeautysalon.com;suncrestcabinets.ca;zzyjtsgls.com;commercialboatbuilding.com;stemenstilte.nl;maasreusel.nl;bloggyboulga.net;vitavia.lt;skanah.com;autodujos.lt;leoben.at;filmstreamingvfcomplet.be;mediaplayertest.net;travelffeine.com;ungsvenskarna.se;securityfmm.com;rushhourappliances.com;ziegler-praezisionsteile.de;drinkseed.com;live-your-life.jp;deko4you.at;comarenterprises.com;despedidascostablanca.es;lebellevue.fr;schraven.de;daklesa.de;musictreehouse.net;imadarchid.com;karacaoglu.nl;oneheartwarriors.at;cheminpsy.fr;dr-seleznev.com;ilcdover.com;baptisttabernacle.com;malychanieruchomoscipremium.com;tennisclubetten.nl;bigbaguettes.eu;pcprofessor.com;pcp-nc.com;berliner-versicherungsvergleich.de;bouldercafe-wuppertal.de;rafaut.com;c-a.co.in;modamilyon.com;financescorecard.com;darnallwellbeing.org.uk;houseofplus.com;urist-bogatyr.ru;parkcf.nl;maratonaclubedeportugal.com;launchhubl.com;anteniti.com;mirjamholleman.nl;faizanullah.com;gantungankunciakrilikbandung.com;blgr.be;sachnendoc.com;smejump.co.th;minipara.com;lefumetdesdombes.com;arteservicefabbro.com;thee.network;walter-lemm.de;adultgamezone.com;dubscollective.com;tongdaifpthaiphong.net;todocaracoles.com;girlillamarketing.com;abl1.net;pinkexcel.com;smartypractice.com;ravensnesthomegoods.com;unim.su;deepsouthclothingcompany.com;leather-factory.co.jp;romeguidedvisit.com;leeuwardenstudentcity.nl;mymoneyforex.com;levdittliv.se;vihannesporssi.fi;bildungsunderlebnis.haus;abogados-en-alicante.es;nurturingwisdom.com;naturalrapids.com;micahkoleoso.de;tux-espacios.com;manifestinglab.com;effortlesspromo.com;boosthybrid.com.au;huesges-gruppe.de;kikedeoliveira.com;simpkinsedwards.co.uk;synlab.lt;expandet.dk;acomprarseguidores.com;yourobgyn.net;kariokids.com;x-ray.ca;serce.info.pl;run4study.com;seagatesthreecharters.com;dr-tremel-rednitzhembach.de;kath-kirche-gera.de;peterstrobos.com;liikelataamo.fi;littlebird.salon;kevinjodea.com;morawe-krueger.de;ilive.lt;iwelt.de;ai-spt.jp;gemeentehetkompas.nl;foryourhealth.live;koken-voor-baby.nl;d2marketing.co.uk;seproc.hn;porno-gringo.com;geoffreymeuli.com;camsadviser.com;garage-lecompte-rouen.fr;mdacares.com;andersongilmour.co.uk;havecamerawilltravel2017.wordpress.com;kedak.de;uranus.nl;tandartspraktijkheesch.nl;kojima-shihou.com;pomodori-pizzeria.de;advizewealth.com;blog.solutionsarchitect.guru;nandistribution.nl;desert-trails.com;celeclub.org;bouncingbonanza.com;toponlinecasinosuk.co.uk;revezlimage.com;modestmanagement.com;stoeferlehalle.de;pointos.com;wurmpower.at;marcuswhitten.site;1team.es;abitur-undwieweiter.de;hihaho.com;brawnmediany.com;coding-marking.com;paradicepacks.com;ymca-cw.org.uk;mdk-mediadesign.de;latestmodsapks.com;danskretursystem.dk;highimpactoutdoors.net;waynela.com;ki-lowroermond.nl;puertamatic.es;tulsawaterheaterinstallation.com;aarvorg.com;visiativ-industry.fr;systemate.dk;calxplus.eu;profectis.de;dsl-ip.de;fax-payday-loans.com;otsu-bon.com;iviaggisonciliegie.it;ontrailsandboulevards.com;spacecitysisters.org;odiclinic.org;zweerscreatives.nl;entopic.com;alysonhoward.com;8449nohate.org;sporthamper.com;schmalhorst.de;hvccfloorcare.com;danubecloud.com;gastsicht.de;corendonhotels.com;solinegraphic.com;kissit.ca;thewellnessmimi.com;presseclub-magdeburg.de;marietteaernoudts.nl;ncid.bc.ca;myhostcloud.com;commonground-stories.com;darrenkeslerministries.com;forskolorna.org;personalenhancementcenter.com;drinkseed.com;olejack.ru;projetlyonturin.fr;webcodingstudio.com;antonmack.de;ausbeverage.com.au;marketingsulweb.com;xltyu.com;syndikat-asphaltfieber.de;jsfg.com;ikads.org;i-arslan.de;figura.team;themadbotter.com;international-sound-awards.com;rebeccarisher.com;nicoleaeschbachorg.wordpress.com;parkstreetauto.net;helenekowalsky.com;bristolaeroclub.co.uk;csgospeltips.se;rerekatu.com;blood-sports.net;spsshomeworkhelp.com;plotlinecreative.com;hhcourier.com;birnam-wood.com;zflas.com;love30-chanko.com;sportverein-tambach.de;funjose.org.gt;oncarrot.com;cursoporcelanatoliquido.online;yamalevents.com;bimnapratica.com;schlafsack-test.net;jenniferandersonwriter.com;id-et-d.fr;satyayoga.de;ecopro-kanto.com;xn--fnsterputssollentuna-39b.se;vyhino-zhulebino-24.ru;spectrmash.ru;maineemploymentlawyerblog.com;cnoia.org;turkcaparbariatrics.com;zimmerei-fl.de;nijaplay.com;montrium.com;lecantou-coworking.com;fitnessingbyjessica.com;copystar.co.uk;igrealestate.com;groupe-frayssinet.fr;creamery201.com;mrtour.site;jusibe.com;mank.de;sportsmassoren.com;austinlchurch.com;dekkinngay.com;35-40konkatsu.net;stacyloeb.com;hkr-reise.de;diversiapsicologia.es;norovirus-ratgeber.de;mercantedifiori.com;kmbshipping.co.uk;brevitempore.net;psnacademy.in;2ekeus.nl;praxis-foerderdiagnostik.de;devstyle.org;tanzschule-kieber.de;layrshift.eu;homng.net;insigniapmg.com;mapawood.com;zenderthelender.com;smogathon.com;dramagickcom.wordpress.com;tanciu.com;clos-galant.com;connectedace.com;wasmachtmeinfonds.at;tips.technology;atozdistribution.co.uk;thefixhut.com;harpershologram.wordpress.com;kafu.ch;bodyfulls.com;daniel-akermann-architektur-und-planung.ch;123vrachi.ru;lange.host;kingfamily.construction;petnest.ir;rota-installations.co.uk;caffeinternet.it;brandl-blumen.de;ralister.co.uk;oceanastudios.com;hugoversichert.de;xn--rumung-bua.online;cityorchardhtx.com;extensionmaison.info;real-estate-experts.com;wmiadmin.com;abogadoengijon.es;verytycs.com;southeasternacademyofprosthodontics.org;jbbjw.com;bxdf.info;pt-arnold.de;xn--singlebrsen-vergleich-nec.com;mir-na-iznanku.com;mindpackstudios.com;linnankellari.fi;web.ion.ag;stupbratt.no;aurum-juweliere.de;roadwarrior.app;crowd-patch.co.uk;jadwalbolanet.info;dlc.berlin;wari.com.pe;fairfriends18.de;femxarxa.cat;thedad.com;bhwlawfirm.com;muamuadolls.com;resortmtn.com;sexandfessenjoon.wordpress.com;tanzprojekt.com;epwritescom.wordpress.com;div-vertriebsforschung.de;hypozentrum.com;www1.proresult.no;drnice.de;ecpmedia.vn;aco-media.nl;lusak.at;chavesdoareeiro.com;zonamovie21.net;tinyagency.com;parking.netgateway.eu;miraclediet.fun;oldschoolfun.net;smhydro.com.pl;mirkoreisser.de;starsarecircular.org;modelmaking.nl;corelifenutrition.com;raschlosser.de;greenko.pl;kaotikkustomz.com;paulisdogshop.de;craigvalentineacademy.com;catholicmusicfest.com;sarbatkhalsafoundation.org;mikeramirezcpa.com;eglectonk.online;simulatebrain.com;allamatberedare.se;lascuola.nl;zso-mannheim.de;kindersitze-vergleich.de;baumkuchenexpo.jp;vermoote.de;freie-gewerkschaften.de;cactusthebrand.com;iwelt.de;1kbk.com.ua;mytechnoway.com;polzine.net;xn--thucmctc-13a1357egba.com;krcove-zily.eu;bodyforwife.com;sauschneider.info;woodworkersolution.com;admos-gleitlager.de;stingraybeach.com;body-guards.it;hotelzentral.at;compliancesolutionsstrategies.com;gopackapp.com;dutchbrewingcoffee.com;intecwi.com;nvwoodwerks.com;reddysbakery.com;directwindowco.com;liveottelut.com;citymax-cr.com;waveneyrivercentre.co.uk;kunze-immobilien.de;yousay.site;rocketccw.com;troegs.com;jiloc.com;friendsandbrgrs.com;castillobalduz.es;basisschooldezonnewijzer.nl;hrabritelefon.hr;calabasasdigest.com;fatfreezingmachines.com;berlin-bamboo-bikes.org;controldekk.com;xlarge.at;conexa4papers.trade;yassir.pro;bierensgebakkramen.nl;asiluxury.com;conasmanagement.de;joyeriaorindia.com;tetinfo.in;the-domain-trader.com;servicegsm.net;firstpaymentservices.com;gasolspecialisten.se;jvanvlietdichter.nl;takeflat.com;freie-baugutachterpraxis.de;huissier-creteil.com;scenepublique.net;atmos-show.com;interactcenter.org;lloydconstruction.com;bestbet.com;hotelsolbh.com.br;healthyyworkout.com;hoteledenpadova.it;bockamp.com;quizzingbee.com;thedresserie.com;plastidip.com.ar;devlaur.com;kojinsaisei.info;zervicethai.co.th;newyou.at;myzk.site;siluet-decor.ru;sabel-bf.com;poultrypartners.nl;boisehosting.net;socstrp.org;actecfoundation.org;offroadbeasts.com;aunexis.ch;stormwall.se;nativeformulas.com;jolly-events.com;luckypatcher-apkz.com;centromarysalud.com;mylovelybluesky.com;cranleighscoutgroup.org;radaradvies.nl;fotoscondron.com;sloverse.com;theshungiteexperience.com.au;onlyresultsmarketing.com;bowengroup.com.au;artallnightdc.com;space.ua;gratispresent.se;sevenadvertising.com;bingonearme.org;carrybrands.nl;12starhd.online;transliminaltribe.wordpress.com;tigsltd.com;esope-formation.fr;global-kids.info;xoabigail.com;milestoneshows.com;balticdentists.com;pogypneu.sk;elimchan.com;vloeren-nu.nl;pmcimpact.com;westdeptfordbuyrite.com;charlesreger.com;narcert.com;argos.wityu.fund;outcomeisincome.com;appsformacpc.com;importardechina.info;alten-mebel63.ru;thailandholic.com;ra-staudte.de;henricekupper.com;twohourswithlena.wordpress.com;nachhilfe-unterricht.com;koko-nora.dk;dinslips.se;longislandelderlaw.com;digivod.de;woodleyacademy.org;knowledgemuseumbd.com;hairnetty.wordpress.com;memaag.com;richard-felix.co.uk;edv-live.de;kamahouse.net;truenyc.co;fizzl.ru;shiresresidential.com;proudground.org;carriagehousesalonvt.com;fibrofolliculoma.info;drugdevice.org;kaliber.co.jp;sagadc.com;collaborativeclassroom.org;mmgdouai.fr;quickyfunds.com;waermetauscher-berechnen.de;asgestion.com;praxis-management-plus.de;i-trust.dk;sobreholanda.com;phantastyk.com;beaconhealthsystem.org;moveonnews.com;spargel-kochen.de;portoesdofarrobo.com;nataschawessels.com;jorgobe.at;dubnew.com;art2gointerieurprojecten.nl;glennroberts.co.nz;licor43.de;hellohope.com;coastalbridgeadvisors.com;seevilla-dr-sturm.at;kenhnoithatgo.com;talentwunder.com;flexicloud.hk;lubetkinmediacompanies.com;promesapuertorico.com;anybookreader.de;operaslovakia.sk;krlosdavid.com;slupetzky.at;argenblogs.com.ar;remcakram.com;gadgetedges.com;vannesteconstruct.be;iwelt.de;humanityplus.org;patrickfoundation.net;lykkeliv.net;hexcreatives.co;punchbaby.com;socialonemedia.com;vickiegrayimages.com;greenpark.ch;alvinschwartz.wordpress.com;danholzmann.com;pelorus.group;rksbusiness.com;dw-css.de;theclubms.com;rieed.de;antiaginghealthbenefits.com;baylegacy.com;autodemontagenijmegen.nl;boompinoy.com;cite4me.org;pickanose.com;meusharklinithome.wordpress.com;huehnerauge-entfernen.de;summitmarketingstrategies.com;perbudget.com;gmto.fr;physiofischer.de;chefdays.de;roygolden.com;vorotauu.ru;agence-chocolat-noir.com;ulyssemarketing.com;tophumanservicescourses.com;vibehouse.rw;airconditioning-waalwijk.nl;carolinepenn.com;sweering.fr;igorbarbosa.com;marchand-sloboda.com;hairstylesnow.site;creative-waves.co.uk;thaysa.com;kostenlose-webcams.com;spylista.com;amylendscrestview.com;allfortheloveofyou.com;kaminscy.com;deprobatehelp.com;ditog.fr;rostoncastings.co.uk;naturstein-hotte.de;backstreetpub.com;celularity.com;tonelektro.nl;caribbeansunpoker.com;merzi.info;solhaug.tk;mirjamholleman.nl;whyinterestingly.ru;htchorst.nl;restaurantesszimmer.de;devok.info;consultaractadenacimiento.com;innote.fi;senson.fi;cwsitservices.co.uk;tandartspraktijkhartjegroningen.nl;mbfagency.com;thomasvicino.com;filmvideoweb.com;michaelsmeriglioracing.com;artotelamsterdam.com;pubweb.carnet.hr;philippedebroca.com;lynsayshepherd.co.uk;all-turtles.com;hokagestore.com;eadsmurraypugh.com;theletter.company;pridoxmaterieel.nl;buroludo.nl;trapiantofue.it;christinarebuffetcourses.com;ilso.net;selfoutlet.com;chaotrang.com;jameskibbie.com;alhashem.net;insidegarage.pl;the-virtualizer.com;fotoideaymedia.es;craigmccabe.fun;saxtec.com;opatrovanie-ako.sk;lbcframingelectrical.com;testzandbakmetmening.online;cuspdental.com;rosavalamedahr.com;behavioralmedicinespecialists.com;joseconstela.com;helikoptervluchtnewyork.nl;coursio.com;hashkasolutindo.com;baustb.de;parebrise-tla.fr;ouryoungminds.wordpress.com;dutchcoder.nl;bundabergeyeclinic.com.au;smart-light.co.uk;simpliza.com;ceid.info.tr;4net.guru;americafirstcommittee.org;ncs-graphic-studio.com;myteamgenius.com;ianaswanson.com;lightair.com;planchaavapor.net;crosspointefellowship.church;maxadams.london;humancondition.com;rimborsobancario.net;navyfederalautooverseas.com;jasonbaileystudio.com;new.devon.gov.uk;theadventureedge.com;tecnojobsnet.com;globedivers.wordpress.com;mezhdu-delom.ru;pivoineetc.fr;quemargrasa.net;xn--logopdie-leverkusen-kwb.de;dareckleyministries.com;gporf.fr;judithjansen.com;augenta.com;stoneys.ch;accountancywijchen.nl;better.town;smalltownideamill.wordpress.com;amerikansktgodis.se;gasbarre.com;architecturalfiberglass.org;kao.at;asteriag.com;evergreen-fishing.com;notsilentmd.org;kamienny-dywan24.pl;ussmontanacommittee.us;mountsoul.de;lachofikschiet.nl;xn--vrftet-pua.biz;heidelbergartstudio.gallery;waywithwords.net;galleryartfair.com;stopilhan.com;victoriousfestival.co.uk;instatron.net;chandlerpd.com;blacksirius.de;surespark.org.uk;almosthomedogrescue.dog;bafuncs.org;fannmedias.com;penco.ie;people-biz.com;lukeshepley.wordpress.com;pferdebiester.de;d1franchise.com;mepavex.nl;happyeasterimages.org;ecoledansemulhouse.fr;exenberger.at;slimani.net;imperfectstore.com;oslomf.no;schmalhorst.de;smithmediastrategies.com;nacktfalter.de;hatech.io;klusbeter.nl;videomarketing.pro;madinblack.com;mediaacademy-iraq.org;destinationclients.fr;torgbodenbollnas.se;farhaani.com;boulderwelt-muenchen-west.de;nosuchthingasgovernment.com;wellplast.se;harveybp.com;psa-sec.de;schoolofpassivewealth.com;transportesycementoshidalgo.es;jerling.de;craftleathermnl.com;bsaship.com;wychowanieprzedszkolne.pl;abogadosadomicilio.es;streamerzradio1.site;pv-design.de;johnsonfamilyfarmblog.wordpress.com;delawarecorporatelaw.com;herbayupro.com;irishmachineryauctions.com;macabaneaupaysflechois.com;milsing.hr;pasivect.co.uk;walkingdeadnj.com;sportiomsportfondsen.nl;durganews.com;oemands.dk;maureenbreezedancetheater.org;otto-bollmann.de;lillegrandpalais.com;dirittosanitario.biz;naturavetal.hr;monark.com;theapifactory.com;sairaku.net;marathonerpaolo.com;abogadosaccidentetraficosevilla.es;ogdenvision.com;thenewrejuveme.com;mooshine.com;dr-pipi.de;stallbyggen.se;handi-jack-llc.com;babcockchurch.org;jacquin-maquettes.com;shonacox.com;siliconbeach-realestate.com;qlog.de;blumenhof-wegleitner.at;katketytaanet.fi;worldhealthbasicinfo.com;trackyourconstruction.com;centrospgolega.com;centuryrs.com;bayoga.co.uk;theduke.de;solerluethi-allart.ch;strandcampingdoonbeg.com;caribdoctor.org;liliesandbeauties.org;cortec-neuro.com;kadesignandbuild.co.uk;advokathuset.dk;bouquet-de-roses.com;noesis.tech;denifl-consulting.at;vanswigchemdesign.com;uimaan.fi;dpo-as-a-service.com;iqbalscientific.com;tomoiyuma.com;sahalstore.com;sotsioloogia.ee;nmiec.com;zimmerei-deboer.de;katiekerr.co.uk;nuzech.com;corona-handles.com;crowcanyon.com;bbsmobler.se;allure-cosmetics.at;jobcenterkenya.com;edgewoodestates.org;id-vet.com;steampluscarpetandfloors.com;microcirc.net;ostheimer.at;colorofhorses.com;eco-southafrica.com;hebkft.hu;bookspeopleplaces.com;ino-professional.ru;alfa-stroy72.com;mank.de;cafemattmeera.com;associationanalytics.com;edrcreditservices.nl;dezatec.es;blewback.com;allentownpapershow.com;bastutunnan.se;comparatif-lave-linge.fr;mirjamholleman.nl;bogdanpeptine.ro;kosterra.com;tsklogistik.eu;erstatningsadvokaterne.dk;chrissieperry.com;wraithco.com;idemblogs.com;homesdollar.com;completeweddingkansas.com;gymnasedumanagement.com;executiveairllc.com;haar-spange.com;mrxermon.de;skiltogprint.no;candyhouseusa.com;aprepol.com;eaglemeetstiger.de;sanyue119.com;kuntokeskusrok.fi;charlottepoudroux-photographie.fr;classycurtainsltd.co.uk;denovofoodsgroup.com;kidbucketlist.com.au;stoeberstuuv.de;faronics.com;atalent.fi;mrsfieldskc.com;fensterbau-ziegler.de;ruralarcoiris.com;heliomotion.com;besttechie.com;321play.com.hk;apolomarcas.com;biapi-coaching.fr;sojamindbody.com;pocket-opera.de;bradynursery.com;loprus.pl;plantag.de;thomas-hospital.de;ftf.or.at;insp.bi;groupe-cets.com;tarotdeseidel.com;c2e-poitiers.com;tenacitytenfold.com;pay4essays.net;rehabilitationcentersinhouston.net;shiftinspiration.com;gaiam.nl;jobmap.at;buymedical.biz;bargningavesta.se;aakritpatel.com;lucidinvestbank.com;nakupunafoundation.org;dushka.ua;fayrecreations.com;alsace-first.com;answerstest.ru;lmtprovisions.com;bordercollie-nim.nl;foretprivee.ca;norpol-yachting.com;naswrrg.org;slashdb.com;webhostingsrbija.rs;evologic-technologies.com;polychromelabs.com;precisionbevel.com;hannah-fink.de;prochain-voyage.net;milltimber.aberdeen.sch.uk;mylolis.com;DupontSellsHomes.com;tampaallen.com;piajeppesen.dk;kampotpepper.gives;limassoldriving.com;finde-deine-marke.de;danielblum.info;cirugiauretra.es;dnepr-beskid.com.ua;101gowrie.com;officehymy.com;courteney-cox.net;vetapharma.fr;lichencafe.com;broseller.com;fiscalsort.com;rhinosfootballacademy.com;campus2day.de;mooreslawngarden.com;sipstroysochi.ru;crediacces.com;platformier.com;ampisolabergeggi.it;justinvieira.com;spd-ehningen.de;anthonystreetrimming.com;micro-automation.de;pier40forall.org;agence-referencement-naturel-geneve.net;forestlakeuca.org.au;coding-machine.com;imaginado.de;falcou.fr;ateliergamila.com;homecomingstudio.com;elpa.se;vitalyscenter.es;bricotienda.com;aniblinova.wordpress.com;ihr-news.jp;aminaboutique247.com;xn--fn-kka.no;veybachcenter.de;ccpbroadband.com;geisterradler.de;urmasiimariiuniri.ro;easytrans.com.au;pasvenska.se;lapinvihreat.fi;lionware.de;botanicinnovations.com;leda-ukraine.com.ua;tradiematepro.com.au;vdberg-autoimport.nl;neuschelectrical.co.za;seminoc.com;vibethink.net;iyahayki.nl;grelot-home.com;iphoneszervizbudapest.hu;y-archive.com;sla-paris.com;parks-nuernberg.de;newstap.com.ng;jakekozmor.com;tinkoff-mobayl.ru;ledmes.ru;teresianmedia.org;rozemondcoaching.nl;bigler-hrconsulting.ch;irinaverwer.com;wien-mitte.co.at;symphonyenvironmental.com;body-armour.online;lenreactiv-shop.ru;aodaichandung.com;educar.org;seitzdruck.com;eraorastudio.com;iyengaryogacharlotte.com;triactis.com;vesinhnha.com.vn;osterberg.fi;cuppacap.com;ausair.com.au;cursosgratuitosnainternet.com;aglend.com.au;izzi360.com;miriamgrimm.de;readberserk.com;abuelos.com;analiticapublica.es;corola.es;psc.de;architekturbuero-wagner.net;coffreo.biz;stampagrafica.es;sanaia.com;manutouchmassage.com;tastewilliamsburg.com;braffinjurylawfirm.com;spinheal.ru;deoudedorpskernnoordwijk.nl;klimt2012.info;galserwis.pl;pixelarttees.com;testcoreprohealthuk.com;edelman.jp;unetica.fr;hiddencitysecrets.com.au;grupocarvalhoerodrigues.com.br;qualitus.com;smessier.com;sinal.org;familypark40.com;degroenetunnel.com;croftprecision.co.uk;jeanlouissibomana.com;teknoz.net;embracinghiscall.com;evangelische-pfarrgemeinde-tuniberg.de;shhealthlaw.com;ivivo.es;faroairporttransfers.net;werkkring.nl;villa-marrakesch.de;nestor-swiss.ch;associacioesportivapolitg.cat;makeitcount.at;fransespiegels.nl;work2live.de;beyondmarcomdotcom.wordpress.com;drfoyle.com;promalaga.es;upmrkt.co;herbstfeststaefa.ch;ligiercenter-sachsen.de;pierrehale.com;artige.com;digi-talents.com;cimanchesterescorts.co.uk;stemplusacademy.com;ctrler.cn;ceres.org.au;oneplusresource.org;toreria.es;bptdmaluku.com;ftlc.es;mooglee.com;finediningweek.pl;mountaintoptinyhomes.com;rumahminangberdaya.com;autopfand24.de;boldcitydowntown.com;triggi.de;mrsplans.net;tuuliautio.fi;geekwork.pl;songunceliptv.com;simoneblum.de;jandaonline.com;sterlingessay.com;bargningharnosand.se;smokeysstoves.com;fundaciongregal.org;markelbroch.com;saka.gr;juneauopioidworkgroup.org;assurancesalextrespaille.fr;schoellhammer.com;verifort-capital.de;first-2-aid-u.com;zieglerbrothers.de;vietlawconsultancy.com;rollingrockcolumbia.com;lapinlviasennus.fi;campusoutreach.org;corelifenutrition.com;mardenherefordshire-pc.gov.uk;enovos.de;makeurvoiceheard.com;pmc-services.de;onlybacklink.com;365questions.org;nancy-informatique.fr;hmsdanmark.dk;maryloutaylor.com;ncuccr.org;wsoil.com.sg;julis-lsa.de;carlosja.com;bee4win.com;live-con-arte.de;aselbermachen.com;ivfminiua.com;webmaster-peloton.com;blogdecachorros.com;softsproductkey.com;latribuessentielle.com;biortaggivaldelsa.com;chatizel-paysage.fr;vancouver-print.ca;bridgeloanslenders.com;simplyblessedbykeepingitreal.com;autofolierung-lu.de;cerebralforce.net;higadograsoweb.com;cyntox.com;smale-opticiens.nl;gonzalezfornes.es;upplandsspar.se;slimidealherbal.com;verbisonline.com;kalkulator-oszczednosci.pl;teczowadolina.bytom.pl;shadebarandgrillorlando.com;paymybill.guru;gamesboard.info;ora-it.de;dublikator.com;lorenacarnero.com;tstaffing.nl;datacenters-in-europe.com;luxurytv.jp;binder-buerotechnik.at;vox-surveys.com;team-montage.dk;polymedia.dk;highlinesouthasc.com;nhadatcanho247.com;n1-headache.com;trystana.com;bunburyfreightservices.com.au;makeflowers.ru;urclan.net;icpcnj.org;milanonotai.it;refluxreducer.com;bauertree.com;blossombeyond50.com;kisplanning.com.au;em-gmbh.ch;saarland-thermen-resort.com;haremnick.com;ohidesign.com;stefanpasch.me;deschl.net;beautychance.se;manijaipur.com;withahmed.com;balticdermatology.lt;heurigen-bauer.at;logopaedie-blomberg.de;trulynolen.co.uk;ventti.com.ar;iwelt.de;extraordinaryoutdoors.com;goodgirlrecovery.com;winrace.no;qualitaetstag.de;noixdecocom.fr;schutting-info.nl;mediaclan.info;hushavefritid.dk;no-plans.com;iwr.nl;gw2guilds.org;fitovitaforum.com;podsosnami.ru;journeybacktolife.com;you-bysia.com.au", "dbg": false, "pid": "$2a$10$hIPnYTfL4yAd01j./DIPs.Tdwq.QURm2fbUM4pQFInKQ45tak6xW6", "nbody": "LQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoAWwArAF0AIABXAGgAYQB0AHMAIABIAGEAcABwAGUAbgA/ACAAWwArAF0ADQAKAA0ACgBZAG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAsACAAYQBuAGQAIABjAHUAcgByAGUAbgB0AGwAeQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAuACAAWQBvAHUAIABjAGEAbgAgAGMAaABlAGMAawAgAGkAdAA6ACAAYQBsAGwAIABmAGkAbABlAHMAIABvAG4AIAB5AG8AdQByACAAcwB5AHMAdABlAG0AIABoAGEAcwAgAGUAeAB0AGUAbgBzAGkAbwBuACAAewBFAFgAVAB9AC4ADQAKAEIAeQAgAHQAaABlACAAdwBhAHkALAAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABpAHMAIABwAG8AcwBzAGkAYgBsAGUAIAB0AG8AIAByAGUAYwBvAHYAZQByACAAKAByAGUAcwB0AG8AcgBlACkALAAgAGIAdQB0ACAAeQBvAHUAIABuAGUAZQBkACAAdABvACAAZgBvAGwAbABvAHcAIABvAHUAcgAgAGkAbgBzAHQAcgB1AGMAdABpAG8AbgBzAC4AIABPAHQAaABlAHIAdwBpAHMAZQAsACAAeQBvAHUAIABjAGEAbgB0ACAAcgBlAHQAdQByAG4AIAB5AG8AdQByACAAZABhAHQAYQAgACgATgBFAFYARQBSACkALgANAAoADQAKAFsAKwBdACAAVwBoAGEAdAAgAGcAdQBhAHIAYQBuAHQAZQBlAHMAPwAgAFsAKwBdAA0ACgANAAoASQB0AHMAIABqAHUAcwB0ACAAYQAgAGIAdQBzAGkAbgBlAHMAcwAuACAAVwBlACAAYQBiAHMAbwBsAHUAdABlAGwAeQAgAGQAbwAgAG4AbwB0ACAAYwBhAHIAZQAgAGEAYgBvAHUAdAAgAHkAbwB1ACAAYQBuAGQAIAB5AG8AdQByACAAZABlAGEAbABzACwAIABlAHgAYwBlAHAAdAAgAGcAZQB0AHQAaQBuAGcAIABiAGUAbgBlAGYAaQB0AHMALgAgAEkAZgAgAHcAZQAgAGQAbwAgAG4AbwB0ACAAZABvACAAbwB1AHIAIAB3AG8AcgBrACAAYQBuAGQAIABsAGkAYQBiAGkAbABpAHQAaQBlAHMAIAAtACAAbgBvAGIAbwBkAHkAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIAB1AHMALgAgAEkAdABzACAAbgBvAHQAIABpAG4AIABvAHUAcgAgAGkAbgB0AGUAcgBlAHMAdABzAC4ADQAKAFQAbwAgAGMAaABlAGMAawAgAHQAaABlACAAYQBiAGkAbABpAHQAeQAgAG8AZgAgAHIAZQB0AHUAcgBuAGkAbgBnACAAZgBpAGwAZQBzACwAIABZAG8AdQAgAHMAaABvAHUAbABkACAAZwBvACAAdABvACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlAC4AIABUAGgAZQByAGUAIAB5AG8AdQAgAGMAYQBuACAAZABlAGMAcgB5AHAAdAAgAG8AbgBlACAAZgBpAGwAZQAgAGYAbwByACAAZgByAGUAZQAuACAAVABoAGEAdAAgAGkAcwAgAG8AdQByACAAZwB1AGEAcgBhAG4AdABlAGUALgANAAoASQBmACAAeQBvAHUAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIABvAHUAcgAgAHMAZQByAHYAaQBjAGUAIAAtACAAZgBvAHIAIAB1AHMALAAgAGkAdABzACAAZABvAGUAcwAgAG4AbwB0ACAAbQBhAHQAdABlAHIALgAgAEIAdQB0ACAAeQBvAHUAIAB3AGkAbABsACAAbABvAHMAZQAgAHkAbwB1AHIAIAB0AGkAbQBlACAAYQBuAGQAIABkAGEAdABhACwAIABjAGEAdQBzAGUAIABqAHUAcwB0ACAAdwBlACAAaABhAHYAZQAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5AC4AIABJAG4AIABwAHIAYQBjAHQAaQBzAGUAIAAtACAAdABpAG0AZQAgAGkAcwAgAG0AdQBjAGgAIABtAG8AcgBlACAAdgBhAGwAdQBhAGIAbABlACAAdABoAGEAbgAgAG0AbwBuAGUAeQAuAA0ACgANAAoAWwArAF0AIABIAG8AdwAgAHQAbwAgAGcAZQB0ACAAYQBjAGMAZQBzAHMAIABvAG4AIAB3AGUAYgBzAGkAdABlAD8AIABbACsAXQANAAoADQAKAFkAbwB1ACAAaABhAHYAZQAgAHQAdwBvACAAdwBhAHkAcwA6AA0ACgANAAoAMQApACAAWwBSAGUAYwBvAG0AbQBlAG4AZABlAGQAXQAgAFUAcwBpAG4AZwAgAGEAIABUAE8AUgAgAGIAcgBvAHcAcwBlAHIAIQANAAoAIAAgAGEAKQAgAEQAbwB3AG4AbABvAGEAZAAgAGEAbgBkACAAaQBuAHMAdABhAGwAbAAgAFQATwBSACAAYgByAG8AdwBzAGUAcgAgAGYAcgBvAG0AIAB0AGgAaQBzACAAcwBpAHQAZQA6ACAAaAB0AHQAcABzADoALwAvAHQAbwByAHAAcgBvAGoAZQBjAHQALgBvAHIAZwAvAA0ACgAgACAAYgApACAATwBwAGUAbgAgAG8AdQByACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBhAHAAbABlAGIAegB1ADQANwB3AGcAYQB6AGEAcABkAHEAawBzADYAdgByAGMAdgA2AHoAYwBuAGoAcABwAGsAYgB4AGIAcgA2AHcAawBlAHQAZgA1ADYAbgBmADYAYQBxADIAbgBtAHkAbwB5AGQALgBvAG4AaQBvAG4ALwB7AFUASQBEAH0ADQAKAA0ACgAyACkAIABJAGYAIABUAE8AUgAgAGIAbABvAGMAawBlAGQAIABpAG4AIAB5AG8AdQByACAAYwBvAHUAbgB0AHIAeQAsACAAdAByAHkAIAB0AG8AIAB1AHMAZQAgAFYAUABOACEAIABCAHUAdAAgAHkAbwB1ACAAYwBhAG4AIAB1AHMAZQAgAG8AdQByACAAcwBlAGMAbwBuAGQAYQByAHkAIAB3AGUAYgBzAGkAdABlAC4AIABGAG8AcgAgAHQAaABpAHMAOgANAAoAIAAgAGEAKQAgAE8AcABlAG4AIAB5AG8AdQByACAAYQBuAHkAIABiAHIAbwB3AHMAZQByACAAKABDAGgAcgBvAG0AZQAsACAARgBpAHIAZQBmAG8AeAAsACAATwBwAGUAcgBhACwAIABJAEUALAAgAEUAZABnAGUAKQANAAoAIAAgAGIAKQAgAE8AcABlAG4AIABvAHUAcgAgAHMAZQBjAG8AbgBkAGEAcgB5ACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBkAGUAYwByAHkAcAB0AG8AcgAuAGMAYwAvAHsAVQBJAEQAfQANAAoADQAKAFcAYQByAG4AaQBuAGcAOgAgAHMAZQBjAG8AbgBkAGEAcgB5ACAAdwBlAGIAcwBpAHQAZQAgAGMAYQBuACAAYgBlACAAYgBsAG8AYwBrAGUAZAAsACAAdABoAGEAdABzACAAdwBoAHkAIABmAGkAcgBzAHQAIAB2AGEAcgBpAGEAbgB0ACAAbQB1AGMAaAAgAGIAZQB0AHQAZQByACAAYQBuAGQAIABtAG8AcgBlACAAYQB2AGEAaQBsAGEAYgBsAGUALgANAAoADQAKAFcAaABlAG4AIAB5AG8AdQAgAG8AcABlAG4AIABvAHUAcgAgAHcAZQBiAHMAaQB0AGUALAAgAHAAdQB0ACAAdABoAGUAIABmAG8AbABsAG8AdwBpAG4AZwAgAGQAYQB0AGEAIABpAG4AIAB0AGgAZQAgAGkAbgBwAHUAdAAgAGYAbwByAG0AOgANAAoASwBlAHkAOgANAAoADQAKAA0ACgB7AEsARQBZAH0ADQAKAA0ACgANAAoALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAA0ACgANAAoAIQAhACEAIABEAEEATgBHAEUAUgAgACEAIQAhAA0ACgBEAE8ATgBUACAAdAByAHkAIAB0AG8AIABjAGgAYQBuAGcAZQAgAGYAaQBsAGUAcwAgAGIAeQAgAHkAbwB1AHIAcwBlAGwAZgAsACAARABPAE4AVAAgAHUAcwBlACAAYQBuAHkAIAB0AGgAaQByAGQAIABwAGEAcgB0AHkAIABzAG8AZgB0AHcAYQByAGUAIABmAG8AcgAgAHIAZQBzAHQAbwByAGkAbgBnACAAeQBvAHUAcgAgAGQAYQB0AGEAIABvAHIAIABhAG4AdABpAHYAaQByAHUAcwAgAHMAbwBsAHUAdABpAG8AbgBzACAALQAgAGkAdABzACAAbQBhAHkAIABlAG4AdABhAGkAbAAgAGQAYQBtAGcAZQAgAG8AZgAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5ACAAYQBuAGQALAAgAGEAcwAgAHIAZQBzAHUAbAB0ACwAIABUAGgAZQAgAEwAbwBzAHMAIABhAGwAbAAgAGQAYQB0AGEALgANAAoAIQAhACEAIAAhACEAIQAgACEAIQAhAA0ACgBPAE4ARQAgAE0ATwBSAEUAIABUAEkATQBFADoAIABJAHQAcwAgAGkAbgAgAHkAbwB1AHIAIABpAG4AdABlAHIAZQBzAHQAcwAgAHQAbwAgAGcAZQB0ACAAeQBvAHUAcgAgAGYAaQBsAGUAcwAgAGIAYQBjAGsALgAgAEYAcgBvAG0AIABvAHUAcgAgAHMAaQBkAGUALAAgAHcAZQAgACgAdABoAGUAIABiAGUAcwB0ACAAcwBwAGUAYwBpAGEAbABpAHMAdABzACkAIABtAGEAawBlACAAZQB2AGUAcgB5AHQAaABpAG4AZwAgAGYAbwByACAAcgBlAHMAdABvAHIAaQBuAGcALAAgAGIAdQB0ACAAcABsAGUAYQBzAGUAIABzAGgAbwB1AGwAZAAgAG4AbwB0ACAAaQBuAHQAZQByAGYAZQByAGUALgANAAoAIQAhACEAIAAhACEAIQAgACEAIQAhAAAA", "et": 0, "wipe": true, "wfld": ["backup"], "rdmcnt": 0, "nname": "{EXT}-readme.txt", "pk": "PcGaG/OPoFiNzu1LUC2Qhz905YYQChX9SFo+MuXEV2M=", "net": false, "exp": false, "arn": false}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
gVz4ueFL8n.exeMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
  • 0x4d44:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
  • 0x99c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
  • 0x9fb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
  • 0x91eb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
  • 0x99b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.202573050.00000000031CF000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
    00000000.00000003.202518189.00000000031CF000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
      00000000.00000002.421931885.0000000000DC1000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
      • 0x4944:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
      • 0x95c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
      • 0x9bb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
      • 0x8deb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
      • 0x95b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
      00000000.00000000.202262320.0000000000DC1000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
      • 0x4944:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
      • 0x95c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
      • 0x9bb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
      • 0x8deb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
      • 0x95b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
      Process Memory Space: gVz4ueFL8n.exe PID: 5916JoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.gVz4ueFL8n.exe.dc0000.1.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4d44:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x99c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9fb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x91eb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x99b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
        0.0.gVz4ueFL8n.exe.dc0000.0.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4d44:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x99c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9fb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x91eb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x99b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Antivirus / Scanner detection for submitted sampleShow sources
        Source: gVz4ueFL8n.exeAvira: detected
        Found malware configurationShow sources
        Source: gVz4ueFL8n.exe.5916.0.memstrMalware Configuration Extractor: Sodinokibi {"prc": ["firefox", "oracle", "visio", "xfssvccon", "steam", "winword", "mspub", "isqlplussvc", "ocssd", "ocautoupds", "mydesktopqos", "outlook", "dbeng50", "sql", "agntsvc", "tbirdconfig", "encsvc", "thebat", "synctime", "onenote", "mydesktopservice", "thunderbird", "excel", "powerpnt", "dbsnmp", "sqbcoreservice", "ocomm", "infopath", "wordpad", "msaccess"], "sub": "5891", "svc": ["veeam", "vss", "backup", "sophos", "svc$", "mepocs", "memtas", "sql"], "wht": {"ext": ["msc", "mpa", "hta", "ani", "themepack", "com", "ps1", "icl", "dll", "ldf", "ocx", "lnk", "theme", "nls", "386", "cmd", "wpx", "diagcfg", "cur", "prf", "ico", "nomedia", "sys", "bat", "exe", "deskthemepack", "spl", "shs", "hlp", "rtp", "msp", "scr", "ics", "key", "msstyles", "mod", "cab", "diagcab", "adv", "rom", "drv", "bin", "msi", "idx", "cpl", "diagpkg", "msu", "icns", "lock"], "fls": ["boot.ini", "bootsect.bak", "bootfont.bin", "ntuser.ini", "iconcache.db", "ntuser.dat.log", "desktop.ini", "autorun.inf", "thumbs.db", "ntuser.dat", "ntldr"], "fld": ["system volume information", "program files (x86)", "mozilla", "application data", "windows.old", "msocache", "appdata", "$recycle.bin", "$windows.~ws", "program files", "windows", "programdata", "google", "tor browser", "perflogs", "boot", "intel", "$windows.~bt"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "dmn": "notmissingout.com;employeesurveys.com;delchacay.com.ar;sw1m.ru;sofavietxinh.com;samnewbyjax.com;pawsuppetlovers.com;panelsandwichmadrid.es;frontierweldingllc.com;antenanavi.com;nokesvilledentistry.com;partnertaxi.sk;tomaso.gr;levihotelspa.fi;myhealth.net.au;midmohandyman.com;kirkepartner.dk;zewatchers.com;lapmangfpt.info.vn;purposeadvisorsolutions.com;fitnessbazaar.com;brigitte-erler.com;lescomtesdemean.be;supportsumba.nl;deltacleta.cat;mastertechengineering.com;dontpassthepepper.com;apprendrelaudit.com;whittier5k.com;ladelirante.fr;mariposapropaneaz.com;nsec.se;shsthepapercut.com;adoptioperheet.fi;labobit.it;retroearthstudio.com;ahouseforlease.com;greenfieldoptimaldentalcare.com;renergysolution.com;xtptrack.com;sandd.nl;euro-trend.pl;christ-michael.net;bigasgrup.com;plv.media;wacochamber.com;jyzdesign.com;facettenreich27.de;echtveilig.nl;mbxvii.com;igfap.com;noskierrenteria.com;strategicstatements.com;itelagen.com;burkert-ideenreich.de;cleliaekiko.online;baronloan.org;slwgs.org;wolf-glas-und-kunst.de;hardinggroup.com;mousepad-direkt.de;4youbeautysalon.com;suncrestcabinets.ca;zzyjtsgls.com;commercialboatbuilding.com;stemenstilte.nl;maasreusel.nl;bloggyboulga.net;vitavia.lt;skanah.com;autodujos.lt;leoben.at;filmstreamingvfcomplet.be;mediaplayertest.net;travelffeine.com;ungsvenskarna.se;securityfmm.com;rushhourappliances.com;ziegler-praezisionsteile.de;drinkseed.com;live-your-life.jp;deko4you.at;comarenterprises.com;despedidascosta
        Multi AV Scanner detection for submitted fileShow sources
        Source: gVz4ueFL8n.exeVirustotal: Detection: 69%Perma Link
        Source: gVz4ueFL8n.exeMetadefender: Detection: 48%Perma Link
        Source: gVz4ueFL8n.exeReversingLabs: Detection: 72%
        Machine Learning detection for sampleShow sources
        Source: gVz4ueFL8n.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC549C CryptAcquireContextW,CryptGenRandom,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC5D90 CryptBinaryToStringW,CryptBinaryToStringW,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC5D2F CryptStringToBinaryW,CryptStringToBinaryW,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: z:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: x:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: v:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: t:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: r:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: p:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: n:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: l:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: j:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: h:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: f:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: d:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: b:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: y:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: w:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: u:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: s:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: q:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: o:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: m:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: k:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: i:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: g:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: e:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: c:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile opened: a:
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC766A FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,

        Networking:

        barindex
        Found Tor onion addressShow sources
        Source: gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C1
        Source: gVz4ueFL8n.exe, 00000000.00000003.377775643.00000000031EF000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
        Source: 3pp6h54-readme.txt34.0.drString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C1
        Source: gVz4ueFL8n.exe, 00000000.00000003.377775643.00000000031EF000.00000004.00000040.sdmpString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
        Source: gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmp, 3pp6h54-readme.txt34.0.drString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C1
        Source: gVz4ueFL8n.exe, 00000000.00000003.377775643.00000000031EF000.00000004.00000040.sdmpString found in binary or memory: http://decryptor.cc/
        Source: gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmp, 3pp6h54-readme.txt34.0.drString found in binary or memory: http://decryptor.cc/44BE4C1AA85AD2C1
        Source: gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmp, 3pp6h54-readme.txt34.0.drString found in binary or memory: https://torproject.org/

        Spam, unwanted Advertisements and Ransom Demands:

        barindex
        Found ransom note / readmeShow sources
        Source: C:\3pp6h54-readme.txtDropped file: ---=== Welcome. Again. ===---[+] Whats Happen? [+]Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension 3pp6h54.By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).[+] What guarantees? [+]Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.[+] How to get access on website? [+]You have two ways:1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C12) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/44BE4C1AA85AD2C1Warning: secondary website can be blocked, thats why first variant much bJump to dropped file
        Yara detected Sodinokibi RansomwareShow sources
        Source: Yara matchFile source: 00000000.00000003.202573050.00000000031CF000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.202518189.00000000031CF000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: gVz4ueFL8n.exe PID: 5916, type: MEMORY
        Modifies existing user documents (likely ransomware behavior)Show sources
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile moved: C:\Users\user\Desktop\QNCYCDFIJJ.pdfJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile deleted: C:\Users\user\Desktop\QNCYCDFIJJ.pdfJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile moved: C:\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docxJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile deleted: C:\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docxJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile moved: C:\Users\user\Desktop\QCFWYSKMHA\EEGWXUHVUG.pdfJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC3B6E OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DCB7A2
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC8AF8
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC85D5
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC8377
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DCAB0D
        Source: gVz4ueFL8n.exe, 00000000.00000002.421914322.0000000000D70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamempr.dll.muij% vs gVz4ueFL8n.exe
        Source: gVz4ueFL8n.exe, type: SAMPLEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000000.00000002.421931885.0000000000DC1000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000000.00000000.202262320.0000000000DC1000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 0.2.gVz4ueFL8n.exe.dc0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 0.0.gVz4ueFL8n.exe.dc0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: classification engineClassification label: mal96.rans.evad.winEXE@2/207@0/0
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC4CD4 GetDriveTypeW,GetDiskFreeSpaceExW,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC5425 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\program files\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeMutant created: \Sessions\1\BaseNamedObjects\Global\C67C4A76-40FA-FD1C-B814-F8203DB0F283
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: C:\Users\user\AppData\Local\Temp\539.bmpJump to behavior
        Source: gVz4ueFL8n.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: gVz4ueFL8n.exeVirustotal: Detection: 69%
        Source: gVz4ueFL8n.exeMetadefender: Detection: 48%
        Source: gVz4ueFL8n.exeReversingLabs: Detection: 72%
        Source: unknownProcess created: C:\Users\user\Desktop\gVz4ueFL8n.exe 'C:\Users\user\Desktop\gVz4ueFL8n.exe'
        Source: unknownProcess created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeDirectory created: c:\program files\3pp6h54-readme.txtJump to behavior
        Source: gVz4ueFL8n.exeStatic PE information: section name: .axh
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DD30F8 pushfd ; ret
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: C:\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\program files\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\program files (x86)\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\recovery\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\program files (x86)\microsoft sql server\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\program files (x86)\microsoft sql server\110\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\desktop\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\documents\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\downloads\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\favorites\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\links\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\music\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\pictures\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\saved games\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\default\videos\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\3d objects\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\contacts\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\downloads\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\favorites\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\links\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\music\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\onedrive\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\pictures\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\recent\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\saved games\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\searches\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\videos\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\accountpictures\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\desktop\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\documents\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\downloads\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\libraries\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\music\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\pictures\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\public\videos\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\program files (x86)\microsoft sql server\110\shared\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\bnagmgsplo\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\czqksddmwr\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\eowrvpqccs\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\klizusiqen\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\lijdsfkjzg\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\palrgucveh\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\pivfageaav\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\pwccawlgre\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\qcfwyskmha\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\qcoiloqikc\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\qncycdfijj\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\desktop\zqixmvqgah\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\bnagmgsplo\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\czqksddmwr\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\eowrvpqccs\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\gaobcviqij\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\klizusiqen\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\lijdsfkjzg\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\palrgucveh\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\pwccawlgre\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\qcfwyskmha\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\qcoiloqikc\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\qncycdfijj\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\documents\sqsjkebwdt\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\favorites\links\3pp6h54-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile created: c:\users\user\pictures\camera roll\3pp6h54-readme.txtJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect sleep reduction / modificationsShow sources
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC595D
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC58B3 rdtsc
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeWindow / User API: threadDelayed 9999
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exe TID: 5920Thread sleep count: 9999 > 30
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC766A FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC53F1 GetSystemInfo,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC58B3 rdtsc
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC5083 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC5408 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC494C HeapCreate,GetProcessHeap,
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: OpenProcess,QueryFullProcessImageNameW,PathFindFileNameW, svchost.exe
        Source: unsecapp.exe, 00000009.00000002.467619289.000001A3A5C30000.00000002.00000001.sdmpBinary or memory string: Program Manager
        Source: unsecapp.exe, 00000009.00000002.467619289.000001A3A5C30000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: unsecapp.exe, 00000009.00000002.467619289.000001A3A5C30000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: unsecapp.exe, 00000009.00000002.467619289.000001A3A5C30000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC4C25 cpuid
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\Desktop\gVz4ueFL8n.exeCode function: 0_2_00DC5126 GetUserNameW,

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Replication Through Removable Media1Windows Management Instrumentation1Windows Service1Windows Service1Masquerading3OS Credential DumpingSecurity Software Discovery12Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
        Default AccountsService Execution1Boot or Logon Initialization ScriptsProcess Injection12Virtualization/Sandbox Evasion1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothProxy1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsPeripheral Device Discovery11SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Service Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowFile and Directory Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Information Discovery25Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        gVz4ueFL8n.exe69%VirustotalBrowse
        gVz4ueFL8n.exe49%MetadefenderBrowse
        gVz4ueFL8n.exe73%ReversingLabsWin32.Ransomware.Sodinokibi
        gVz4ueFL8n.exe100%AviraTR/Crypt.XPACK.Gen
        gVz4ueFL8n.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.0.gVz4ueFL8n.exe.dc0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        0.2.gVz4ueFL8n.exe.dc0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://decryptor.cc/2%VirustotalBrowse
        http://decryptor.cc/0%Avira URL Cloudsafe
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C10%Avira URL Cloudsafe
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0%Avira URL Cloudsafe
        http://decryptor.cc/44BE4C1AA85AD2C10%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://decryptor.cc/gVz4ueFL8n.exe, 00000000.00000003.377775643.00000000031EF000.00000004.00000040.sdmpfalse
        • 2%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C1gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmp, 3pp6h54-readme.txt34.0.drtrue
        • Avira URL Cloud: safe
        		unknown
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/gVz4ueFL8n.exe, 00000000.00000003.377775643.00000000031EF000.00000004.00000040.sdmptrue
        • Avira URL Cloud: safe
        		unknown
        https://torproject.org/gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmp, 3pp6h54-readme.txt34.0.drfalse
          		high
          http://decryptor.cc/44BE4C1AA85AD2C1gVz4ueFL8n.exe, 00000000.00000003.421781625.00000000031DA000.00000004.00000040.sdmp, 3pp6h54-readme.txt34.0.drfalse
          • Avira URL Cloud: safe
          		unknown

          Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:31.0.0 Red Diamond
          Analysis ID:321427
          Start date:22.11.2020
          Start time:02:44:09
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 4m 31s
          Hypervisor based Inspection enabled:false
          Report type:light
          Sample file name:gVz4ueFL8n.bin (renamed file extension from bin to exe)
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:15
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal96.rans.evad.winEXE@2/207@0/0
          EGA Information:Failed
          HDC Information:
          • Successful, ratio: 98.2% (good quality ratio 94.3%)
          • Quality average: 87.1%
          • Quality standard deviation: 24.9%
          HCA Information:Failed
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          Warnings:
          Show All
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, VSSVC.exe, svchost.exe, UsoClient.exe
          • Created / dropped Files have been reduced to 100
          • Report size getting too big, too many NtOpenKeyEx calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:true
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Program Files (x86)\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Program Files (x86)\Microsoft SQL Server\110\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Program Files (x86)\Microsoft SQL Server\110\Shared\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Program Files (x86)\Microsoft SQL Server\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Program Files\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Recovery\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Desktop\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Documents\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Downloads\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Favorites\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Links\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Music\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\NTUSER.DAT.LOG1
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):57576
          Entropy (8bit):7.996531053929097
          Encrypted:true
          SSDEEP:1536:VNma7YrVh+hSErSIG84dBh2xbWGm9EIp90fNd:vmSYDErG84Lh9Eog
          MD5:5E6877F156E44FE35202E86DB414296A
          SHA1:22B14F3916C0A3EDA9A58453D656B073AF04B3DE
          SHA-256:F06F4AD00C1B019D3A06A24C036A1527A354A6112AFE0E9AFF6CF2411DDD8995
          SHA-512:77F006BA8934701B1E2FD4C1B2F527C243556DEBD2D3CB09E8F0F0FD83F59D814EC3CF75BE0A367F2610C79301BB0E15EDAE36D927FAB9C55ACC47FEDA2A2735
          Malicious:false
          Reputation:low
          Preview: .`(.AK.......-t.b}d.Vnl.jO8...h.7w..L....0..xT..L.v#.z....P.'0..7.W........J...n]....CM.9b.o&...:..V....%.=F.......w..+....\>..R|.@PgO*.N...3..k......Y..-./..."..i......=r....#..&...x.......I......0......?.|+r...Y...J..y.$V..C...H@.8W.$...../.3.S@.......6>..xmX...zNI..SI...........^._=2...{.....o..3..*Y&1.>.C^S..rM.... .T....._JbGb.y....x.Z.S.5......9D.ZX(...d.P.9...OS?..sJ...#...0...3L +-...D..l..>]}...0.@.-.izf.:(..s....9.9`4.%.7..p...t".\sn-4.........T.9....v.X...bCa7 C.`.w..+.@R.&o....S...^.(.........R..mj.3...]h.P..,.D.#..IN7KXB...m..IA/."..na....enj$..F._.8..u..%.\ ....=L...P..l.....RG.66......]...........A.)8.j<..:..dh.1..\.:......3Gp..Tn!`.l.@#.J..,B.......fW.......+.A.l.......C.Pf....4.+u....n.A..`.U.G..d.V (Y`....?z..*sx...Q.S...U.....OcbnvN.1.Q......{.r<.,$......|"..?}...E.}...C4/Ai.M.V.Y...pmM...,v..9.....`.`..4..*8.)}.sg5'~.H..@.;V.i.;-A..;~Z.L..`.c..O...b.!~..............W\c.J.O.l....Q.m..:...94Kz...+.....OF.9IP....'
          C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):65768
          Entropy (8bit):7.997011115701715
          Encrypted:true
          SSDEEP:1536:lxaOmBDVrQc3sv2h4tKyZ2OGAKNBMEOY7SNDkKFaHRhM2:lPmBD9Qc8vG4tF4OG5NBMEOAYDkKFOM2
          MD5:14BCB6A54E547EE01F919ABCDDF69B57
          SHA1:7EA9F3B57160FD138807E42FD3252D727305AD55
          SHA-256:BFB600801372BE22A497B0772B68383CE57174CEE01EC4B0A8BE2B43E60C83F0
          SHA-512:373F813C8DEC06C9DADB45308AEDF97B439BF0CBBA03324AF8B9635272BA8FEB56B8029D0C8D38CFC4A456FEB35296057A9168E5F4E97977BFF99F39F7D18883
          Malicious:false
          Reputation:low
          Preview: 0=.<c......w.,...R..x.nd:.Ga.....l.G.z...'.2..g.(...M4.k.qY..9F#m).f:..6.M...?.z.g...W.....N..-....M...kJ.'..s].. ..MY.E.of..;n..p...v.Ps......G.....$/L)...@..]...iXA...........KF..........U2.8.....6........|......E-..9..W...w;7....s..... .<...\w.$......u...ce.E..Tzd<KaL...r_.kNx... >.j..Ry..N..3..........:.9..|......'r.o..n..@.W2d..8..YNN.z.sv.I%.i.o.:d..(...a..G.-;Tk.?....n..j.}..w./....k......F~.H:..Tevt.......U...P..Ks...>..."...^.>.-.{...Z.`.*.5...6._.L.8...1_.&......F~T7.u.=./...1o.F...."..m6...$.r...F..k...B..An/mDKn5"e......X:IV&4T,.....9.)P }U...).X)-.!r=./........_-....k.]...F}.....C.T..{8;..%... {..^.}..Co..}..]....5.g.70....bN4wR.|.i=.y...,8."B..]..R...O.s....8W.~f..6.......C,.....p....K,=(&O...t0..4e....EOY..<...K10.891M,......qX:...t...Z..Nb.|..K.w&..gu(..(.u...%..x"...|6..\..|B-<.A.........v........dK..m....u.U.8...D.2..V.}|...;%.....TZd.....F|9...5?ov..;...XQ.?...s;.Q..V .G....D).r.W.....hfcz}.m.g....P...w..~r5....h.Ak._0EB_.x...6
          C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):524520
          Entropy (8bit):7.99963919639652
          Encrypted:true
          SSDEEP:12288:uXdnKmXZrOWHY3l1g5G9Xc1fdqfWHHDvMrOr6O1uz:YlKsZJclnufdqfEjvzb1a
          MD5:1255B3F809FCA6C099510FBC69DBC05A
          SHA1:4D7ECB093A30DCCEE0DE07348D46FA3EA8C4E500
          SHA-256:8DDB71A1DB6E0EC87D30140BBBCCFD77A36A6458FC95C225F25EBCB0D88D0317
          SHA-512:8B16BD9E044061A6084ACDC79D3D70D25085B2D00BADFA40B4424E72E4FEDA20480F34648228025C513F6C563DF31FEF72B9E8FC1C8DE66CDA8EB0A597188A0C
          Malicious:false
          Reputation:low
          Preview: ..f.w............rT...\../.N.*.pW+.".|...0.^S.x..T.2(~%.T...f3.;....'....r....Za...0<....j....\..A...k........"...!..Q.H?......;.-/..ZM9Y..'.b.#^........._dGw.....\...C.....C....#.5.^.jj........@.......X..M?.-U*.0...L7......7.y..]..T1..\.dw.%......?......."...*K.E..D?.N%..4...G.G..z.8|U...N[..%[...s.N.t.....9...#..0...b....J....&...%..h.<..A.M2Q/.yoV..u#.....;.v.!...%...e.....Vb..4........\J..gP... ...../.PHZT.......`...U...;|.x...v?..>....|/Z/..jH..4.p'.sh.%.{>./...n.......dH.x.R]7'..g?..g.@...;i?.i.$[...=....<..@.-.#..6J.c.......%.h...?..(t.n..`t..........U?.T.]....sk.j/....E.-..Bep+\...JMB....vl.._.....-=..0.M.s.j.]e;.r...G...Psg.'A.j.t.p..}...!...T_.DQ((.i8.. ...aN..Y... ..........g.V...C84.%$JM5....[J......"........V...`H..mk9..;.OD.nu*.?......(WQ!.Eg......|.y......v)..w..j.w.2k....&8 ...c&...EY(.Jm...7.e.m.sI..Q...h......r..)......:.O...c.$.,i..GY..*@.0...Xh.i..-..<.W"c#..JG..z@}.!U9..S..I.\U.....{.,c".JaY....p..@.*...
          C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):524520
          Entropy (8bit):7.999629315528931
          Encrypted:true
          SSDEEP:12288:BV6tyvBWKjS/XQyzGR7HHwMEeTGItTZMnA7kFb5iJ8WHoj:z6typlpyzG5QdeTGItKAa568WHoj
          MD5:1CB5FF6B9A4C5B174BFF717EE7F8A2C6
          SHA1:4BC8C3A98325026866057E61559DE62C11BBE545
          SHA-256:5534329D5623B356C174BAE109022CE423CA7D50EA69E1EAAB1329B785EAD481
          SHA-512:1F334D2A77D7B7AF4B2881CCFD5901936AD4297075B2E4E5BA3B059714513B74E76DD402F2B12E0687326C7008920720C6A45F8F2B29A2BBDBBFAC98E89CB55C
          Malicious:false
          Reputation:low
          Preview: ....0d=.k7.....c*....cR5..\k.Q..pLc.R.#C..4]'9...y..!.l/...o.!..Bo..\.I..0.y..p4....@$.R........u.K..@.y38...>.B.B.,"_.$...JI....9..o..0.d.zL.y..../.e.2[G..(k.W....AS.A.8..l%A....X;.K.x.....u....A.....v%......./....7.0.i......ga..s.f.I.....^<a..NO.....1.H..9.*.A.|..b%G...&J|.1..k.?W.....kY.....qY.. .;.*.....G~..d..)...DN...XX....UF...kq....../.F.d[..%P.(...\{.b......k...j.....5...q...;.{k.j...H.....>"....".N...?.92{.8...Ay.val..U.Ox.....uw.5L....p%....s.e.).;.f..<k...fK.e%.%."..j}{f/..CO...`..Z....0Wt}.d..L....j^-l.K`......-xih...6qS...=.SP..6&.D8..3..(.;*.C...n...x8. n.^#.."....K..../.l.>"..}?=.....;H.q..uAs..9.u... ...9Qjq.^1".X.../..D;....5..!.m......Gg...Q...>9...e..++...}oZ.....[.. ...FEm.#..S...&..S..(@....F6..U.X.......C..J}..&.T.....@|..J.6.KH'.2.5>.H.D..dlj......0u.m...8....BH.`...m..d..}&...72UL.k.I..8x|M|2(.....b.yp.p..:9..u.....q&Qp+G.4... ...a..R....d-..i.g....}..l.....L..?.5n.1...T...*.V.....P.%..R..o.aO]'....4V^.I.%R...3.u.0R
          C:\Users\Default\Pictures\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Saved Games\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Default\Videos\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\AccountPictures\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Desktop\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Documents\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Downloads\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Libraries\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Libraries\RecordedTV.library-ms
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1231
          Entropy (8bit):7.832316696220066
          Encrypted:false
          SSDEEP:24:WIAUluh0F171oJTEX1n8SLFkFeYLmxfwp0w5zPUhY2i:jPA0DAQXFvLYLfpBP2Y2i
          MD5:B50E2546847D61348726FC286DA47824
          SHA1:46B47C98D1E244EA767DD51CF8C8939A47A42E19
          SHA-256:C4C910BED6E41E13AD528B12126ECA81EE77C4A4B0DD998995729B65DDDCF6CB
          SHA-512:CF810A23BC8ABE59592883E1F9C0644DBB9F604267E43D0FCCC8149150255116722ACA8FCDF59701F335DEA825A009F89BF2247ADCA16840863362C506098E3C
          Malicious:false
          Preview: .IP..9..=..u^\..P.g.t^1.q..N.qU..p>.... g+...+..4g....X.}V.M.qW*y..._.Y..j(..I.l .TW......Q.OK.....)..8..r..J....](.F]..`?.....SIM;.e/'.U}.P..M...c.up..L.....~...=...'...PCn2B.....@..!'{.....&).-..XEr....`^.}p.@........wt..'...t>.W.%..a4...gw........q..K+..'..H..O[...,..u.}.(.*.3..c.n.I .!>Y...b..G}.`....G..`.G....s.I...t.Bh...85..j.].s.../.).X.q....r.....h..~q....._7..o.G.|t...0(m......8N_.../.c.B.^.[.....&.:}lA..)@.,..1..w.rtX.....hB.5g...z:M..7_.=....h..a...3a"U...3.m.....1..B".w5....i.(...][N.m...9.Sz..@M...(...:.0){=v;.`~....q.v.6..$(.."....../..w..-.O......dg.p...j.h.1.{G._.nK.g......W}......6....V{...&`.....p.tj.l.2...G.I.....l...U.;...&..$b.p..%._.e.C".H.....-k..>..7.../...2..|..<..p.f....s..G.B.:|....f.x.;..jd]Q..C.....mX...VS.....dOp.m..j.)X..^...yM...I.h1(#....W.%. ..@L.&..Ys!......I.~"..Fr.x.......%....2./..T.*...+...o.pQ}U....t.2<"oC.I..Y.~.G......F.y.*./.R............I...=....t.....yf,^......j....b..ffd........G.r.E6....f
          C:\Users\Public\Music\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Pictures\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\Public\Videos\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\3D Objects\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\AppData\Local\Temp\539.bmp
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 32
          Category:dropped
          Size (bytes):5242934
          Entropy (8bit):5.581461259852313
          Encrypted:false
          SSDEEP:49152:/0ip6wSQ+WQbjx7yXHipboMJpBwhIjd320qeg6JKdzA+ZDQ/BIqmpybfA:cVO2tboMqURVY
          MD5:2D7DA452FFFBAC16847D03F5B181A4F7
          SHA1:3BDE43AAAAA38FA129B032B725DB3EDE0B794203
          SHA-256:524EB10E04D8A1790BF44C087450C83D99008610E4FD5659F000156C8B2EDFB1
          SHA-512:6A64166BE833C7BCA9BC2B7212BA0BD7D9C69FBF50A92C9889101478E884676A4556E2945D9B274A87AF1118BDDCF93C64A9FCE2DB3792759661C9987331D062
          Malicious:false
          Preview: BM6.P.....6...(............. .......P.................................(...................^...........................e......./...................7.......~.......a...........6...........B...+.......A...i...............................................................u.......z...........9.......,...........2...........A...6.......0...........U.......z...Q...>...........F...........Y...........L...f...........1...E.......L...h...................i...@...a.......j...............4.......d.......f...=...U.......}...<.......{...4.......1.......;...v.......;...........................O...|....... .......Z...............a...P...c...:...s...z...?...K...........?...5...................Q...D.......O...f...............D...0...*...!...........C...................L...'...x.......J.......3...................|...T...............t.......d...................@...m...........t...|...........................f...k...................!.......l...8...~...g.......{...e...........,...........0...:...N.......N...8.
          C:\Users\user\Contacts\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\BNAGMGSPLO\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\CZQKSDDMWR\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\DUUDTUBZFW.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.845680765978511
          Encrypted:false
          SSDEEP:24:grssE4TFKmx4HunK/U3s2iIFzTsnu6w5EGcyJcPUhNvY:grVnTiU3HFz0cNcP2m
          MD5:7823B69D34001AE4C3FEE84C8749EC60
          SHA1:ACCEC20A6C30E1B53C26F6DDB707B60CA392807C
          SHA-256:A98068EDE474B097346E4B5ECDE322814B0150F9BDB1215C0BB8C940A313FF45
          SHA-512:4414A44C819C8D77BB6637B1ED1FEB6FA210C8140E6EC67A53E732FCBBE912045B9BE26DDA57B94387EB28954DDD482DC75CE4BF5F412D403D1A99389B0F3924
          Malicious:false
          Preview: ..{...I=........;'.....xv3.o.2..K.... ..B.....0.%..Y0G.....D..SK...Gv,..p.'nt.8.....)N. 5.DiI#.4....A.o:v..j'........YB.2...?4.wI.....i...a._C.%..S.RO..AZx....../.....gK.VH..2...s...P~.~.>.z.8z.Q(.....H.Cw..^Z......2k..m>..l.}!..1.1.U..BV.(..G..t...x.C{52.!3u..l...&.x..r..iuyla.l/...b...r.T@..M*..?.A....D..<.G...p.[aQ...U.U{.!..Kk..cB.p&.%.=.fOI...V.....x...jH.X.......(.e..:v..^.eK../..".WY..v.).z.`..:........qr*f.\..0X.<.0..1..F...._1.o...Z.x0..1.#Y..}..o.B.'.%.H.......Tp..7=:.....]S...N2...zx|...#I,)\eERM>.-8Mc_...RX.<.."...~(..HWM..........~.....U..*!P.;!.y.QN.Ed-8.c.N6......w|5.M|..N.*.j..^f.......,..:4F'es...........L...<..)...R..~.TW.4/i..@.W$sii..E*t..=.d.?.._.h!s.~..M."._...'..#f..wO..)....6..Z...d.)`..6.|.G.....[%.l....Y97.F....15z.Q@%.b...a.j.p....qQ...G....Wu.........N...v.....^=a......m.... .!.>q....'...._....cR.j.E.`4.4.....N...r..4...n.F.........4|!@..Y.>..*..?.Q.&.@..S..T.l........U........p~......a%......].w..6!.o....(u..'.
          C:\Users\user\Desktop\EEGWXUHVUG.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.832066633699258
          Encrypted:false
          SSDEEP:24:MdN8jlEAHD2qFddrExi2l6w1/i+ggDQ0PUhg:Mv8jybgddo02f/ivgD/P2g
          MD5:AB6C4A9E5241F9F2E7F7EADAA7A03286
          SHA1:E83EF54DFD79902EF70FA3CB8D78350B3C0A2F0A
          SHA-256:A706B4BA1470B8D42B17E12A3E79C1685D132B9B916A2C8E0AD949BED85E49BE
          SHA-512:8CD9EF33ECAA4556474E8E6B28AE98F2DED234FBE73BD89C4C7528A2BD7FCEA6A73B34B4AAB63A1F6D74521A1FF5F149D7874B6EE521B0384F07E329F1043FDA
          Malicious:false
          Preview: ...7'.4.......G......>2$.4....W.X....@..g..H~.........I`rKW.`......<..&1..`.L....~2d.Tcl.u'6E8.c"Bd.4.......<....T}wR..`.d..E..]..$.....e...s.8.{y....I4Mc0..g.@.34.^...Ps6.~.,.?...E.h'..g.5:K).>1..vDFQ..DT.6}p..{L.,Q.\..{=f.........VV...G..2p..y.BJ..4...M&.W.3.G..~R..Z......'.:}..:OI.BU...i9!.n.U.HV./q...S.1..&k.-..7NkG.-....4n.$..x.D.0..V>...(..{._....Xw...R.=.s..S4..{.@...mN....M.2....:.6..>x.1A.wYk1Z...`..1..F..KX.V....v..=.."....y./`.t+..0..n.A..(^..ak.].MS.t:O...F/2I...$uX.G..Q....w.._LYQ.....U6e.....&...r.....?..&y.}.....WU..{l..F.1)..R..'_...0.k..`...?...WL.}EvUq....5.D.."..;.`...]..:>.....RN....&.7.Q.$w)w.'>..Gc.1...YyG.....lgZ.*..x...C.{...B.. .8z....k.....O.x(.>.......,.L.;X...q..";.2A.G .Lu.....@.l|.~.$U..;a.=Hs..a?*..........Y...2b7...Z}..E./..`f..2,--.b&9........m...... s.GmH.9E.~*..H~M..t..{...%.X/.XCF1.D.e..[..dd].K..z;..8x@....N.......u........S.}......%.fq..9.*..Da..I7..?#...x..}.....7`FF.............(.9./?2l.../..z..-..tE J.QG...
          C:\Users\user\Desktop\EIVQSAOTAQ.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.832735885131642
          Encrypted:false
          SSDEEP:24:ZrfqDR0UZ4vh30y2rGSLLIpfDV8S3X3lq3MV1AnQIB8LPUhNu7n:ZG/4vhkyQB3I9DVt3lAMmraP2A
          MD5:DA5061E2BBA216F94A60BE29BEC54EA5
          SHA1:CCE4B0C1F0194BDF01446921657EFB627EDFC71E
          SHA-256:435C6DB20479A84FB6F4F83423B450ECB312E820816C8F02EE8B8F8C39507311
          SHA-512:710D42C81F8290D7E072E4FA2456969C9EE8C980F309FB69E76F5D6A8954E03617857DA15E40209D587064764F78DD1C6F4D4AD1A17291D70638324858F7769C
          Malicious:false
          Preview: ..!#...~Z.T.q.U..}...@Y..td......_..:...)..0E.^$.Bj......YG}ST...........&'...g1...%..Zn....5..!C.3..e.\^...}..M..a...>.d....^.i4.G..P..U1.....^T./"Z%{X.5`q.w.*.....0...D.0....jE.3k.(.B.~.t...=9.H].:.^.....Wm....`......s...lw.....^....L...>.Y......] ......\B*.5.&.........d..y.N...i6\.....KM.y......x..6(..:..:N..6...i..v..q.D.?.#w.f^..i{..+H....jS....?<....).S...2..ot...U...?.P...e........^.4..*.@....h.....R>..9W..V.HW.&.8Y..LQ.@.......q... ...@.z.T..F...dEc...j.7..o.iN....A..n:..(.!.+..*+...F?. {.a..]R.s.4~.c...F..p$9-.+...=.hF8C..F...\.PI..O...j}.C...G..q...].r.r..M6...].c...1.zfJW..3....E.QA.3Pc..u.X...........=..@.....Gd-(......aLq^)(....}}.v"..y...=Z.O...(.........P.(......}>..a.4..O..o.... .#.c........p.Wp..5.f..;.0@%..Qzd.%4>..3(.n....$...8..3..0......5.X.|..x.s.p...xa..!.....+....,].u.....D!.Y.[...67....Akz....$...8..F1a.6^.....?.*..I:..........G.f#`9.....R|.v...+i...".V.R.4.......fqG..qS..*.eW.8..o..-..>.m.i....U...R.....
          C:\Users\user\Desktop\EOWRVPQCCS.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.827381185835031
          Encrypted:false
          SSDEEP:24:jLVMhRSd3gVlaAY68rDWqyqxhVemeKlnWpWlDvaBraYPUhENL:jLVVd3gLaAY2q9hV1ln78rjP2yL
          MD5:899EFB44E4B6856EBB53516C1AC4E78F
          SHA1:581D49FEA335C108A4C1C5E622CC5001F1495A68
          SHA-256:33499D857763D5767474574AEFD89E3E4D54B8A7BF77C192DE05332F2F2412C8
          SHA-512:27FF1E57FAEEEA45D9450A7B49ED4326C6FE9F64DDE8F1DE0F765E576BF9DAA1B6BD966FBCC0B6CE358D3C344EE92E1B9C307D365F5601399CC5AF5CB16DBE62
          Malicious:false
          Preview: .....).$|\8`m!}s...F....U.l....It.AM.G....D..g@@...7..Y..X..D..}..B.H...I..Q.......@y@..T.M.b..O57B.........c....0..B.H....wX|......../.5...Q.......RT(./..g....fmt"[.-..S..2xC....D....F.......X".q....q....$...R.e}..y....X...E.`?.A=Wi..oU.?..0.6.......V.....>..O...:+.k\.K.MF..%.OO.I..|1..V.e..=.g6X.S.dZy..|psr(.$b.H...[...O..i'..^k....|v....<...f....=e.)...$...U}g...6.o........x.E=...{.{H..6).....<..Ql|.(.#.....;.#...o.'...j...9%.....HD.Bv&....S0.%=......8.........pR...)M..G........R.Z.i.......V.{....%.T^.....JE-.....m.wR...4.).n.........^..........C...8......Z..$..}".|^84O+...0.....R..(..P.8..@..g.~.A..g.|..F..*m;#XJl......0..o0W........E2.?.Q.kRp..%'.;a.L.eF..R&.[e..U"...|..[-.M.k../..\....'G8..}..._...JZU..r.....]. JKJ.o.-..IC.S..M..6.Qa.1.Fy...Lw.%iV....:.....L...k.sn..-.Q../.}..j<..>.[.?S..H.(D.\....lQ..r#..?.@.0.....Xe.....[....X....[cC.>y0<..H.XK.j6........g........Er..+.....U`...uT.A..&Kh..&....H..>....m.>.W..C.6.X1*......J.y}.;.~
          C:\Users\user\Desktop\EOWRVPQCCS\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\GAOBCVIQIJ.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.871985549802738
          Encrypted:false
          SSDEEP:24:WFvNGl39TwE2hCKtIhipsuvc+JQo/BnvioKJ33qKF/iR5PUhXEm0d:UQeFhOTuvc+J3viowlS5P2XEm0d
          MD5:954E0FDA2AE1C1AAFBB21CC9C2C33A7A
          SHA1:668A95C6B54D70C540799825E68CA73F6FEC86F5
          SHA-256:7C9229BACDD5D9BE1DF9E511AD872CD52B279550181617A60763355FC4D1FFBA
          SHA-512:D0E13074E8D5CD3A91E7F90AF6055C393112A0525AC1844AFFB49B9B88552228AEA77627AF320F41D71C755E7CDA04355EB8CAA41DFE6A02C8D975A4529BF044
          Malicious:false
          Preview: C.t......^.}...@....@.W.....%F...P..A..7.^a.a97....=.6.hA.o{..j.,>.$?Z..vK...tw...:..cm.u.9.0......C..\....'87g...g...E7.`.....K...?..4@T_>@..)!&.d."..`.r.I...[..Pa.x%...{.b..a..H......\m.y;e...E...l.8...@..`.X...\?O,...9]...ONK.....v.zE..+.....i....&.f...bwa.d. ..q.mF.p!..c#Dh9...EI...7$.....]....^..V2...l.c..$lb...rE...K.VH.D&.....W.......gg)<|C.$.....VN....*...Mua.bKV.a?..s..I..lB...w....F.5.>.})b.U.f.(.[..0...X~/`Q...^Y...k.@..#..1..'PN.U. o+}._.[.w.._G.Y..Y.......9!....bx..t.w_....0.!v.....q....>..b....mK. #q..h{.O.....:....S..&.zB.q...]...yP....|.o.....kHh......OX........yp.....l...+.h@..h<...?..9.O..^2.!...,..d.Bw..7HoO;....;...0XY.j].Y....1.S...._..%;.b.....3.d...G.A.~.M.aNk..v.%.tZ....?...c....h..]C5.'...d.48.T.2!..9.q.'..w.EM...&.}.u.........U.d....$.*.....5.E3..U2...TtB.Wi{...i.;..^R.~.y.y...{..H...Lp...."............t.....)...F.v_....!o..[J......V.:X."[6W-H....P..93..&R.Jab....d......s.....v. .}....K..=4k&)..37..M:..NX=..l.`L....
          C:\Users\user\Desktop\GIGIYTFFYT.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8310739327069925
          Encrypted:false
          SSDEEP:24:Y0T7uy/DKKknjv3HXIrPOQ3jraqfRdyCq6x8fcxJbyOMhxDAPUhf5/:Y0fKpnjvHIrba4DjJP2R/
          MD5:9F7FE91065234A220033850F4B57678E
          SHA1:CE331DAB4F0982878C3FBCE9F7B713609429D340
          SHA-256:55F78E8BA0BDEC6D2443076C7187E654F9F149CD863BAC5FA29E3EE34FDC4D5E
          SHA-512:6B8C71F75B24D3F0D0C812A4034076B17FEC0762CE55E02FE9C986E8C8CC6CE872FFC5818C5DAE69210BE6F4E6F9ABE3D2ADB43A3F8AB985920E86DF68BA8FCA
          Malicious:false
          Preview: .....4.7..=..1.....J..d.r.....t7.5.R.I....}.].....gE..>...W.M..6...ygP..q5..Jdw{>.b.8....B..5..Z.~.X|.._.T..:q..hHD?5..{..v.........{.^S...x...Y. ........#.H..t..xUQ#S%L...TT......=L...+"..[,E...yj./\7H..}.....B.j.......x.%...../..#..e..`.Y..dzB.$;...5wef...].*..2;......E %~.R..G<rX3S.........uh4..2V..........Jh..6...8..W...0.Q..$V.O.d........(X...{...D.......e../A..F..B..r;..D.....gE.9...g.K...s.U|.G..%..-l...........[ea.....i...9.E...^.3.E.|b}}...2.....7~..J 0.L5"n%.g6..CXg..H9....P'....u..X..J.p.L....s..? ........C^T.t2.o..n...q...IV.vJoF.?tA.o..53..~...........-{8)J.@.e.H..?W./m.....m......LZ#..f.o;..BZXA=.hp...h.M(@d....-T....V~b..f...E.J~Q.W.. ,.D..t.1_.k7*Qu.-....g...Z.YzuP...<D....Q...l*.k.l..4.XV.....Y.."..S..z..]z...@D.n.G...l..."...Xd.E,......#.y....=V=^..I...K....5.RK:.O..?iF2....^.6Q.I.Y..Q.....8]...1.x..aJ....R...0..uR. g..?.uV..y..2....."..y.F.`N(...#..+..H..#.E.X|ml.L-..-..y^.*(.9j....8.T.It.....*oS.h......:O.P...
          C:\Users\user\Desktop\GRXZDKKVDB.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.814078013143221
          Encrypted:false
          SSDEEP:24:EPBnqn4g1mDox0E0Q33T1HkASj04Eco5/L+CfaoeBgPUhc:kzE0QnT1Fu0vB+Cfj1P2c
          MD5:F2AFD6EDAE0730633205CC85F53F0CDE
          SHA1:AC8638AE57C31E76A459FBB9A7B3BD7066F4B490
          SHA-256:8561987CEEDD4C612D4B687EEF0C0E053C34229D969042C958DBEB12E02B2B1D
          SHA-512:E9DAAADB8A2648B97B8153D7252DF7DB915527F88EC23BF219052C0491C33037B1502389D79BEEF8C2AFC78F419B989E60BD245E0562954E3022555E19A95CAB
          Malicious:false
          Preview: .5nP...uvM."..p&b,.or .U.K.!c:..C52.t*.S.B..y.....x.G.i.y6...../PM..F.p.....".c..,..8.*l..Z.U.....3e:?W......8c(e...j........&p.6^!1.p...U.!,..y..qc....G=.5.6L!j..*x..r;.%..............RKe.5..M..#h..U...;K.z.9d..2..f.uC..q.."~..q./......|..p..xE...._.d.K.~p....u.......H..@.}........{'....f...r..1.M. O.{..{.D..(..}.aZ....L....Dl~.XLK.:.i.<..r...."a..*..z....o.?.).6z..E6.S......7.dz.n..V.0.o/.l.a..6.l.X.[j..e(Z.5F.$.....-ou......JN..P....D..V.(.j*...^K....E.1mQ......U-zN.(@..e]..x)+.&=q..LJaD!!.......}.....2.r#.g......t...a.....P....9.maE.<o[.........,.....R..4..0...b...T1../N@..oT.i.Y ...=........f.....z...Boj.#Z ^..J:q.DW.D..."......@.........l..$.I.A9.........0.cA.B.;.a...3z...N.lsz..[.v._m.&..P..%..i(`.tyz.?./.s....d....P."...-B.Ot2..../.......6...5....l%..NJ.hIS>{....H._.5....WZ...:.'.h..L..1.=K....L. BS.0..D..+..&Z:.I..b..EYu~Y.s.t.2t.....q..22el;.....H{j..7..\.bI..Y{..........{..rB5h.0.!_..........`...H..c.d;....>./z.X..6.Hjr.i.....iz .)C
          C:\Users\user\Desktop\GRXZDKKVDB.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.837794979549778
          Encrypted:false
          SSDEEP:24:tWcRFm1c19IEdWBEC4LCOkimBAiJxer5KL3E7ARfxbXPUhu7:tfLILBEB/eB5JE+07AZxbXP2u7
          MD5:EE4B7AD747AB8D142698E8C42CF42C01
          SHA1:408C02B7FCEF38108276D38AB2145FD3BDEAB3C9
          SHA-256:A8E6DF79680B3FE55F1D6E35552CAC594AD4608328E662B5B9934C6855A81C4C
          SHA-512:628B29853D22C4D910BAE89EE6D6635FCEDB933D78AE6ECBD707188758A8C1C3588BA28833AF3337A5EE1520EFD3B3A996BEF3FCDCB69656CDDFEF41CDEF6FA3
          Malicious:false
          Preview: +1...../W..|.*R..B....o..A..sZ~#sP<w...5.wZKE.y......-...Ls..T.p.q._(v.m.....n...v"y.J...3.o...w.C..z.Y...D|...!.9.D...9D..\....2...%.. '.C.*.N. m.q+.....Y$.iUm.1m.....G..%..^^i....k-....>L....d...{...~R......:t...UJy..Y..|.`.......h.*..>.]4.p`M.Dk...|w16>........wWYH.o.. ..F..hn>.':..<2j....'s..A...L.R..'F..E...DN...,...H......ew...v..25..I...zYX..2.T..3...|..B..c..G..w5..\...?...bp....1.B.....q...nc......W;...^E...E.K..\........0.f!.Tn.....O.G..1~j.......A^....[%...k<.0..5f..+..~P.%.I..XF...s....T0|.E..}...P.yN..3.^.M...U.9.....EQ....;..X.0E_p..4.38A.~Lm.k^..^.....e<i.l6.l.... .._((..jf.....x0*5..^....}.I..OV...q..1Iv".........k.BA..=.D....6..#PC....t..I.hjs.....2d.F.. ...t..D.....a.%.CgA....F....DQ.....p.u.\.$...wfx....ge.^3).f...E.IB.q)|P;..,.Xj^....Mq...J.....F./m;.ng.VuL../s.....l..U&.v.. ;`.Bly.S.iJD..o.q..A...j......4.n."V.#.bM.U.n../<.~.Gsl....S...h.OjB.`u...D.S..>^....)D...#;..`....}..ies...V...."V.T....B.......>....V........[
          C:\Users\user\Desktop\GRXZDKKVDB.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.849567925371056
          Encrypted:false
          SSDEEP:24:alvUTFxGGVkrTmc3AameVOssOpt5wOhTcB+XIMDrPUhN4g:yv6F4qKac3NmIOsvVhcBqrP2N4g
          MD5:84C443EF28AC370F408FA3E681F23DD6
          SHA1:E344BB2C49D6160CFCEDDA9282AB35A0E86042AE
          SHA-256:0E5CE996A3FD5D238E0AEB8521AE3912A9759E6115DD91C5DDC38324DB03AD08
          SHA-512:2062F6291BF179A71A6EEA0660681E8B1FE4BCC4A35F460FC8F4EE8E609B03ECC7D665C8FF174B052EC7702D7DCFAFF2E32EF430F2028692B2CDD05516AF7D91
          Malicious:false
          Preview: ...}a.ux....-..Z.Of.l..|o&..:.+..?........#.M..+.@....4_..cZ.z.}...P%?...!....B......Q..8....T.&....H.........{.Si..p.R*4.}.6.`..C..qJ..a..T....Sq...h.>.<abD$...S.#.r3.N.p....[..v....ap.....j.t..*...8>Y~...~.A=D..:.....4......xL4.OR..VV..q|X.?.Y..i......S..mxt0.c!).40^C..j..Zf..|.=.^.H/.'.......w..w...n.a.k...K..%.....QS..-..:D......B..O=.'.....K{.:1....yB.0....w.4.9..(JP".....=...a/..I....j.S.a.&.{......Hi..2.0 K4...=.J..8XX....t.......N%..C...Z3..k ...Uo..~..tF..>.nH..X^..z.. ..&O.7Mp..Zv.B...4.......T.@...J....Mw.....T8.`...Gm.1....s{)..)..o7"..l]......).. .B..'cw.....P2CG.8v...I..b.|.YtiW.../`..y".!..-5.....R..n/.TU.P.!.aw.\..!......../98..c.u...L..g...16...-..G?`.....e{`..J.H.{.".X.....d...G...H.....d.H.QYt.9.........LP......~~.....s...9....>........j.]*.8!{...$.h..q........i.......+..p.>:.V7}....Q...8..[......L6N..j.....>.%ax6r.v#h1..E..MM.r..^p.j..v..g0JD..i......F ......%.$..v....|(P..5..........{R....0..6:.u..m.
          C:\Users\user\Desktop\KLIZUSIQEN\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\LIJDSFKJZG\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\NVWZAPQSQL.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.866887978240865
          Encrypted:false
          SSDEEP:24:IBbc7J6C/XYYf3K/8mSZ/ndS+wzdf/OUfU2nxPWbMy8/uPUhjaN:IBbc7Jp/53KzSZPdrwFLxOdP2+
          MD5:1C61F1AD208125CE575FB93B51181269
          SHA1:3A693ACA98C5C5E1849CFAE1470389EC712D4A7C
          SHA-256:DA6D9CFB6351614FCEFB014C4755F80441C5D2EA74103C853881D64D48783D35
          SHA-512:0C5A7E3776CE45622A3AC28CED89B3B7A2A7E0AF99EA87006492AF6F26806FF316697EE1A49A49A0B17A53160704C9899F019176055CF777F8C303963B4CC7C0
          Malicious:false
          Preview: ...F...i...e.y......e.Z.....l.n.-.X....AFQ.....'{...5J[..)1 ...*.P%..M..ApZL..P....']..p...=.:.<....*.....K..2..s.=...}t...._T.R0...;**.`........uSB.#...N..#..0.}.u.V3...rq.......~"....d.5..MX.T|..O.P"&..u.a...8......X..J~qz.x..A/}lW3:.5.6g.... R..H.wTP.......&..B......{.7.E.j<...L..7AQ...*..[..%c.H..a.[i._i%...]..............7...z.....6...!%b..`.W .......p..r.Qq.....:...5 3.E=0.s>t..x_...{MI.xkf.........*V%Qm.1ED.5.5C.?I.K]r^GI.c........y"E.O.[.n,~m..@-yQ..u.......7u.......2...a..)..:....b........fk4.....<...X#....^.,........g......3._..\O.o...wnn...VaC..hR...}Z.Fm.5..V...$......f:jq...>.k.h.$..=w....).d....i.MBt(<S...6....o..ED......u.....5....".r...re.2.~..O..pwl.BY........p.........eu..._=.-0....U....o..-..6....0.jR.+.v..(./9.3#.@d.=..VI...6.T..G.........YU...M>.{.%1.K..a2...g*#.. ...$M. ..Y.P./.......K....{.g....VF.w.r.8..u......e..x@E.0..Y......q....,.......D@8.Ds..p...4...k57....Z7.=.Jo.W..B,.s........l<R.*2.W...).,.nGii.}...|...
          C:\Users\user\Desktop\PALRGUCVEH\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\PIVFAGEAAV.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.856969636230371
          Encrypted:false
          SSDEEP:24:n9d+ARZENfr5Ear0xCmiX0DtWqRTmGaoiEQaG5UzGiJ2VqSq2WHPC8PUhTW:5RQrqg0xCmbLTmTocalzGfZ8P2TW
          MD5:366E60E653B83AC75D70DD26D6DCE724
          SHA1:B3D73CE5EFC7C4A4B721DF1A9EFA374BD080D906
          SHA-256:277F3D3BAC5596D425FFCB9D4604E97E1D6EC185F5CF992B2B384863E777C85F
          SHA-512:0CA76CE25E93FFA36A58F51CD039DE66E8556C8E09CF4DB62D361568D23B2747E03C564808CB0B15E69438D0E7DE95D814D701C7D34C96CCD400CC0485CF186F
          Malicious:false
          Preview: |...uue..].kr..q...2+&..p.E..U.d...8h...........A..7V@\.t....oh5.~.....+..G.>.e.?v...g[`gt..i..b ..#S..s.q.......O3"Zr7.r.nH...:.;.......0.E...QqK.L...j.,....0..2.0.:2.*.}..S..8.t.%'..@.1r.....^.....9...H..KS:...f.....W....U.S_...e...xo=..{.../.M.qEO.....W...,...#..)A.1X7....*..Z....[. ]Y..kNU..A.Y@..6...&...+$.....G.s..M.5.D.B..G.{..@v@...2m......?.|..q~$.Kz.....H..[9..#...**..k.Wy..."....m......4k.$DM...2...JPK...O.....\.l.*...9W..._......>......Ay1.*|.........$..PX..q|......d........"|.....w.<.6...&.D.j8=..E.Z...fT}..........lcq..P...Y.G.}.c....Dbw.j..K.n....m...I.*.~\.v..|XtH..b...]f S:.0.P.Hs<V1...)..Sg..Lo....|.....Y.C..N..1%...g.TE.T\..Hn...`}.DZS...:.~........T.e`.%......_....J....N.0.n#.n......m...d...D..G=.................^.<....d;3a..| ......>..F..}.....+.m..Cx.<vt.."AKK.....K..7.|.#l..D.q%.[6........U.zH".Zssd*..;....w.a+.;...3.. ..$6.{..L!..^~..Z..\....5Y.iawK.Q7.w........z.q../&...>[..@......R.[%q{......Z.Bm.s..
          C:\Users\user\Desktop\PIVFAGEAAV.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.819754595544934
          Encrypted:false
          SSDEEP:24:5b8pBkGXAEbitIu4r16TDYDSzMsA0hqjw7mXZJgMYOWPPUhRW:5b8zK3I58TWqK0CYOWPP2RW
          MD5:1BFBB899048C4BF465390633A868FDEE
          SHA1:C718CC5E192E2606B6BE55C4288E0A254276F017
          SHA-256:0B8F1339027E7C82EA94545FE650D9A1B86DD217006D657C0F8D5CB3A380DC37
          SHA-512:C646CD6F2323BDD9CF1D0674ED2744DE34E98B489DED81A62716101E4FB8981CB2E6C0328F75FE7E5659C25C033E02B746B858568F1EA49A21E262509638BAB9
          Malicious:false
          Preview: .cq(il.=......`.........=f....Rs\L.G.s.6.K.w..\.D..h...&...,.m......-.Nf.6...9/q0{..)V[{.]$.x.atM.+..~.v..\1.tM@F...T..h ..RN.%8tzE.V#y1..k.....6Yb..."mF......P.R...(5n#....Y.+.4@.k.6...qDj%.....1N..Ccj.&.&V.N.i...)+'F).....:8+..P.'.Q..*K.0L5....~...TU,.4...|...u.[...i.......+P.I..2.R`..k.a._|.=......7I.s|.:@.=.....}O...X.|.}"&...Aka.)^..W}2("..&.k.....X...~8...}...<`..,...j..:.%...a..IG....@.*E...)L..F....x1"~....."{P......=.....'..$..^.].h.......b.=x....R...G.. C5..U...4;.z.....O.......mm....".W.E.'.>.;..).....9(~..6.S..:.jP...";...F....dq4il..*..3,..........+...Tj.HB+.u;D...F....E..?..A../re.,...D.`.0.z.rqLq..1..........wL......]...n.Jd.....$...<}.S^(^Gkh..|j..&..4F.n4\b.....H.~..=].....UDN...m.o...%%.....4..H:..P..F.NnfT.&.u@...21K..L.~s.<......ahfis..t.].4...qX.S.z..`..P..&.?...;S?....8}.`e.v.eU.x...~n=_o.A.`Iq;I....y..:fy.....R......Z.F.-."........>. Y,S\.'0...5:...>.< .`...h..M|G.T..i^.!D...\/LC..y^vs_..m..;..:.O..p.:.+1......}.L+..Q.}..
          C:\Users\user\Desktop\PIVFAGEAAV\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\PWCCAWLGRE.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.841551923914304
          Encrypted:false
          SSDEEP:24:KhOGmWdSXcYcWqj/rp6rZ7RaHnnjzC5wWdeUJP+hPUhAs:yFYvUwrZ7wHjzC5w6eu+hP2J
          MD5:34DB550F4205A92C936BEB6B2C0A102A
          SHA1:F4A7F143CD0A6FAF2EA880016CC0748701A932E1
          SHA-256:5FCA119708D1B2C06330ACEB4B4244E25FB4501507E0116DCF92332D9C394ECD
          SHA-512:D169210FBA15EB9D0D31E8996D214F298836C53CB715D677171B615CA4D0E5DD4F8745EC9937ABF46E80199237A99B0031C40EDFF6FC8858C43ABC54A007D0FC
          Malicious:false
          Preview: ......A.j.{..Y:..W...e\@..z.).2D....m...,........}....J.....[....r..F.....gQ..F..ac..b.L......v...o.^M..5t^...(.}c..Z.B.-V.j.l,.x.........Aj5...[.Z...$'.... q$....m...7."O....A~.|..1..p..E..El..8y.....w...2.V..)......#.E=.S.,...J..H..dr..X.zJV..p..J.R.....u.S.7.JA....28.....-.~.k.....HDtW .*)..-..;.z^.TM5.:|..lF.90...!....h..t.ck..........jk.V.#..'...@....$.}......'.`E...J.Z.....u.....kbs..g...Z..9..f.=.!?....YY7.B...Wo........Sf/....QO._.;..L..xM.7.T.L...m.gj?...<8.W......T....C\9...F9...i....G...J..O.-....v..:.*.q..S.Gz...7...G.$...S......y.oG'.(yY...*.D).... .....)s!..=...\..J....K*$................5...)..+'mc.B_....C...b..R.B..q..S......S..m..z'#6.l"..=....yo.......a..[.y!5....);....%.j...=+ZAI.... ...}a~NK.5.']......0..N......N.&el.......c5L.83q.....Ae....ssG...t[.S..B...._.l'...,..1..`l>.. ..11A'(l....%.......7..L.......C.HR.n..:N...3":....K.r.5=.^..% RR4t.B...K..14..{..{>.p[.c.!H.e....~5eM....trg...a?..K..Y...AN[.@.....&....
          C:\Users\user\Desktop\PWCCAWLGRE.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.847318038049771
          Encrypted:false
          SSDEEP:24:YGBpoaFNOeXxLTVXhQ8CDSWZiWNRImDOy/56+w5jxXYLg0PfRwqnSPHbcPUhk:YGQzMBCDSqiqOyxPQXhGsPHAP2k
          MD5:0A7584D1BBA98ED326D4FC29493B4EE9
          SHA1:9CA044835F734436012126C043F4A96D7C1FFC10
          SHA-256:D662EF99B97F7ECED069051F3660E78D593BBE22B2A1D1478DBF1800F2E08200
          SHA-512:C396EFCFD32B33443EB0E2DD83D09A4A9C87A5EAC24BEA27C065B65D9FA9A1B048F4EA38D8FC2D1B36E5F045A317C4333DE3FAA5F0D60BB0312E185F01D4C411
          Malicious:false
          Preview: M...c..d.L.p..o..B%...J...V...../.34..!.%...!.8....m.DX....K......4)]...Qa...`..h..........F9n..>......i.b...@2s&a..N..r..V.Q(..k8o.OJH.p........Ah.S.l..G..=...nV#.f...wfY...p...A<.......^......@$.O.#..U.i.,#/...0..#Y../..,I...?.-}....|..a...1......p#v......,.A.P~...*........_.>..a.b..N.V.S..=....z...cM...S..M...X.>....R..cwi..mU..j..I:.......G.e...[j.K..m w,n/..Ff<....S..'B.-.v...j:..b..9!.~.../.....bN...d......}....:....#..q.`.S.?.Ff.......O.*...3.....4....bsh.+j..8R$.........X1.r..>.T^.us]8.9..=...j^........y..uJ.o..4U......N.....H...^..9.E.9M.;..."gm.F.P....Wk.....:W1.v%..Jjd)...fgMp....s].K.t.5. o.-.52..=$"..;..E.._6....f<.......r$..bUA..H.......l.*..K.-X.........jW...9W.I.|N.w.....%..T).......A'.......N.M....R........I..0.WT..V1.~6..7`.E6.'.+..%x....g..z`..q....o...a.['[(e...7v9..'8gr.4O.....D.8..dl$:5..{...V6.....H..$....PU.....\......:..^C....C...x...`.N.:n.>'2.._re.X.7....E..... ..q.?L.u~........9}....O..}......j..T16
          C:\Users\user\Desktop\PWCCAWLGRE.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.824250431347981
          Encrypted:false
          SSDEEP:24:ICOjWL+grD1P0xJBpwE/vf172ZEJfcQ2LUCYcA7MFcPUhtRwQv:ICpLJnkLG8t2kl25YcAAcP2tRw+
          MD5:19FD6BFC16A76291D6C2DFC6D6C4B469
          SHA1:901438FB1A86F2372C0EF8B5BEA529F9F72D4C7C
          SHA-256:AA9B0819FCD689121E970A022A3171BE814217E567F9873D63E2A9845C7885F0
          SHA-512:39172D62C439BD552371F6FCE4E544EB529CE30E532995ECC18709B8B31BAB983570F2BC7F216397A9A8DE688C9BCB0E4A081D59271327FDF36A4155666D4606
          Malicious:false
          Preview: z.u%`..R.q...2.C..3..b..Mu......s..j.`..:\a.....`.1...)i-n...........,.b8....{j2....(vM....<>....#.r.s..wG.......a.H.e2.Vg...Qp....V.....9/1..:`...Ld......!....9...q.z.gb...)r..1=..riI..)#..:N......n&...;4;....>..-...M!..u.-O..!.....t.]...b..Q.; R..Y..........cJ......2bZ...>3a....o.`...2..m................'^.rqS....I.......v..zo....:....2Yg.G.H..q..3~@.....,1....c.7..l9Q0<...v.}o.....$..."u+o0....Q./@-....d..B%..}-.2......5...zH.*....3.S!Bhe&....WF..c...J;..0..N1.....x.O..Zs.P.5.........S....X.....k...>.....9.....'..x#.~.H(\.9BXB..C.U......$.....+8x...1.$..}.vp....n.p8........H. iQ..3cn.Mz....3.."1?.E%c...T...`.9.o.k.mnu..#.....<B..Q.^"..4I...o.R.&.m..jZ....ta.v7...h:...]7i...c.t.M..R./.9+( ..*.O....X..HJG.<0\..#OF.Zi@.d..S !.p.n..}%.H.d..<X..'n..4.:`U...........b....9*.......I...qm.K.C....H...Pw.R....b....J9..D|..........N.TI.i.....P...%]u.d....s....,..!..'a...%...!S.!.]/.B...&...;.A..-.'m..o.K..a.b.:q.R......Ig.o&.#!.+.g...cq)1-...
          C:\Users\user\Desktop\PWCCAWLGRE\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\PWCCAWLGRE\EOWRVPQCCS.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8535704662393515
          Encrypted:false
          SSDEEP:24:SoPtxfK07RPFugQxT5AA+YKbcxkJ5I7EnsBPUhvlx:SctxycRPFOeAfs2kJq7dBP2vP
          MD5:776D7554671B06C2B2CD61558F00A278
          SHA1:69CACDA483600ACCFACF1B178FE9E5C1DCA605E3
          SHA-256:BA0AB1E8EB6D979635C8DF71D5F3DF31EF407DD00CBD038A3CFEC4B8944820DD
          SHA-512:0876517DD36117DA2514631FC636DC5A9A458BDD2E00A900BE0A54D59103A898666A234EB0F3125E0DF687CA79CC1E965E024854360A8C8F0CF2A05963A9F992
          Malicious:false
          Preview: ..S.,.I...P.@..(.7.....<'..W...v....[.3.S..Q.l5.....G.2?3..p.....`}.6...~..\..R.Y2Q.oc.q...+{<.......{4.c...p..-..w.....S6.?.pVz.i..W"v.w@.......*..p........-..K..r.m....-..Sjdt..A....K.#.*......\..._X..oDa...+.wDO7 ..F...4.,U;.)."N.Q.m.xD.T.{. pQ.c&..S..w..>~%.G.;.v..0).'..'o>=....7.'a..C.o.5uH.&.)V.f...h....'x6h...L..G..-..+;^....e.[i.3.p.d..qa.&7..Ll.o.;#.!0..-D...Es.g.CY..G.....]..d}!.c...#...r.mx...n#.....Kt.^.DP......uI.dz...$R$C=..'.j.Q.Q9......m..y.=C>.'.rx...Z..D.d........fGKVPQ8......._..pk8..T...53.^!@.$..*.U...l../..W=..e%MW..%..)&..R.U.B....V* .6|.9.......6...#H..X........Q.*b..;.{.`.G....(..2.@]...x. . .l[..WDLui}...xW....'.{d......u...p..D.....@2.4d.FVh.].^'..J....P.t...9.<W.6mU-|.uS._..F......C......?NnQ....d..(./.......$A~f....v.9.].2[..J.,...1P.=.)*..O:..q.3.......li.~...o=...2.wA..kF|../Z.TV..&..hv.I....x..0../16.1.J.\......f$.y....E.&............2.U..X...u.n-%....[p8].$.J=.....H....n../..JD...<8\)..I..5w.y.N.0..a....
          C:\Users\user\Desktop\PWCCAWLGRE\GIGIYTFFYT.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.838911525876823
          Encrypted:false
          SSDEEP:24:4rcYEv+w4cgVtYYy0DsH9W3ECPo2esTCSjXUD/bCqTlebnvPUhi:4Ye2/YyM8WUAxVnc/uLvP2i
          MD5:E85689D5CEE66D78430EA0AD60AD4716
          SHA1:8E1679740372BF11B10555FCCEE824DF246E9AB4
          SHA-256:9A0D695AB17A6A0405E18EAEE4BA1E7ECB48CCDB2B859D53FA47022CFB16ACAF
          SHA-512:84A8ABAF0E881D9641B8CE9EAAD3FF24EA4BD2A443C93BB5804FF2FD85FEF3D5EC32A01F4AAF48624C46EB59799C6A69E01F3EC737E3958B49E130B547ABE341
          Malicious:false
          Preview: ....m:..i>g.yv1..nT...5.p.5.....v..za..<7..9.+#._y.Yi.,.n..;j...5.y.nm....%...0....O...v..awT..A..VUS.....V._SS{....;..p.d.....m..e......e..J..+...d..RZ.A.4|.....;.]2..4..:C..mdb......"..w..g.}.........T\.N.G..Qg...@.@A.I.......Q..s.k.........z.....X.v..,.....u...._...Q..p.`....C....k.x..?d.L.T..l~a...6**....F.q..d..,.....?.3p2i......m.G.6i.'...(.......%Q...^/4..-J.-]..tX..K...7_S.7%xkr&..-..!&XTB.9.%..y.fT72`.=jY4h....*7[......l.....`..I.14....]....%KF.%....pi.gL..5...yQ...Kh.\u.:..*...5.P.3.j.1.!....5..I<..&?.6..S....#..*Y..5..8>g.(-...&.G;...XR ...r.&K....Juc'....~.?9....E.....0.3..y.*".>..q.yR.{B...M...'...B..:o..Y.u.!'w....q...........vv....LY..)..=:......xN.@e.j.~...<F.d..-..bIA...(......p.gcMp..h./....d.uU.Q5">e.O..)..j.?v=..G.~v.?.[o.=..7..P&......G1\...qy... &.....cE.)C...h-~CJ..!.Ue.../s.]2~......t..).-.Y1e..d...5?..$..|.|L...Yt...lm]puy.i......J........&...kx"..W.j.[.K....*.5...g'I.}..w72W.Z.:9\..'Z..(....J$.1.+[...J)
          C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.870705154365522
          Encrypted:false
          SSDEEP:24:XgmqFi+VIRTxnyEzkMxv4oZamuayenWSq+6m0JUPUhjrJP:QdFi+qRTsADCoMwWH+kUP2jrJP
          MD5:BF6C9B680A11B51DD4202309A1D66A50
          SHA1:FFD4B83DEFB25E75CA82A535565BEF814704D6C9
          SHA-256:CEC43CF80E0A9DE643A9474FDDE14D0C420E901D97884C931DC3EC1AFF2443EA
          SHA-512:F02693157F2775E0B7F008AFC01B399C248A8004C25DDECCAEABAD342F9A84F0528D55FC60F4BEBFC2E08655750AACAAC9065171E107EC96CB30A9F4A522B785
          Malicious:false
          Preview: ..T...}QM.X[c..../......v..\.....Q..|.2.v.m...t.......WE....D8..)y.I....AC..0..Nn.}....0b.:.,nrVH.....2R.l..@.....@;.TI.7.^3Q#..M.!..gd^....1l......'.i./n...{..ef.......*0....5..uHP.........v.TZ.d.6..ZZ.w...>k*O..l..[.xT;9f..n.MsN.W...,x.....aXI+e|.Q....>.uv..l|.C....X9..3...)..B.9.....50Z9.....:Q.K.eV..h...u1E...RR(u....%....#YHd..V..\:n........nm....h.c.&......8.(j....M.....re..9....M...>..8....x..G;.X.?9..0.67..._.sV...W&kV.d.o./...^a..}.X.}g._.S..u..^.S\].. .=..a...p.,.A..z*....%f}..m.(E!R....K@....V.+..fd'K........<..<._4.~f.o-w......r....h..n..9$9....$....#.v#..q>.:r......>K....5.z,..a.nC+&....a.".T...V...k....kZ.B..)"x..4B./B.q.GE....6.bG..t...(.....S.._....U.....T?...].......g....r0...7R=q[SD....Ka.v..&.U....x}.....`..~>V%{/....w...:.w/...z....o.^............G....;......iO.a-U...2.]......&..p.:.@.;........h.....K....6......\T..7......1..k..-.v..............~.@3.n...v.....l)OJ5.l...Y ...#h.S%,.....@.%.a.d....U...p.....q...p...
          C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:SysEx File -
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.833625995824839
          Encrypted:false
          SSDEEP:24:Csj+DVUtF3u6PJfOFJ/YWiiRm6b547KRfpj3BPUh8o:Z+IduUJGv/Y8vt4+jrBP2d
          MD5:5246610CDF3472DE3B42A5DB1EAA9545
          SHA1:94C09AED6DB7A4BA904B74CEBF15E225713FFC45
          SHA-256:C543CACE82E7AAFFC45876B2E2CF41CDDF46825DF30B5BA888DEE94848412465
          SHA-512:9382DF2D08BF29789D2E263AEC93319EB9CD65AA8B6584B42394FF59FEA30593E4E9E17BCC077176D93FC3C4AB9FFDDF9D1CE75350DEF17822F86649EB938AA5
          Malicious:false
          Preview: .X+.E.w.d.....7 .q.....o...{[EK..@P...s..=.`.....v..l.Dh../!$.....u.U.@(.......}.:.T..)n..4\^..m~.u.V..!k.q.r..&.JW..~.M<.....Tt.z..;...O:..9?... ..f.x..zb.{....^..=.].*..;y.....].+Z...MQ.C.c3p.6-.{....;a5...<@).f.?T..|T...{....M.|_..EV1$G@.Y..s`C..*.l.<...i.=gh...x). .W.G....V.L..Bi.l...\+J..m.....U..8...E..)..f.P.:..q!.jT...E...[...._...2...z...B.i..V4s..%t..O.4.@...*.........K..u.C.K.T.....*9.4....V..eQ.|.Fz.Z..3c..i....3O..`....Q..y.A.RFJ?......v|J...b.-x.....6...t.H.....Y.....W..p1..1.w......!.s,......U.>.x..^,.........U$.\..1.....*Dk _vP>.....P....).{YGE.=...Q|.. k.{6.%.h....HA..3$..-.W...A..M..mp.._.Hp:-@..5]>dz.L......Cw..$_MNp...|'2...W}.......WeN.....U...>..g..U...t..<.A%$...W.J]G8..Nf..B .[...$..a.@...,QVZ.:Yw...|..W.s.-.}..V....;...>.j.q~@...K.\.T.3i~%%xY.O...6.......,V.^.5......e.q.......Q.0X..:..lW\k......d.......,...:sYx.'B..oX.....{.os..7...f.t...2..:z....E...H..M.QhO2..I.Z.bF.C.j.....Q.....g.~w5..Z..?rG.I.
          C:\Users\user\Desktop\PWCCAWLGRE\QCOILOQIKC.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.832049040180287
          Encrypted:false
          SSDEEP:24:hcHeIa285bGZjt+Nbz2pMHrbMA0g58vzEUWCMZ++3DWPUhW:hcHH8sZjANP2pMHrYAh54wVr3iP2W
          MD5:A3E2F45C639778521206B62AF815CEC2
          SHA1:D3E279708FCA5AC288907F94F938803E84E7AD88
          SHA-256:89130D77868DC8A95A4F134475F52600C7FE1E19F4A8471B1DC0B4D9BB68E8F3
          SHA-512:380D858E53A7C809628F07557AEB12B0F481710E5F86940F5D9E8335B73196D18C36D34651E0306F421AF8B3B228AB7E19C094C0072E2DDC7F12160DA81478B5
          Malicious:false
          Preview: ..r...)0...K.....p...c..D?.AJA.`..^W..)<.nX?... .RX>.u..|y...V.s...6.rb.Qx)q+........r.=_....WC...tf..@.Lw.(.\.V.....Y.5..q...-.h....K\...K.>..$Q1vG..b..g.D..P..r.... ../].mQ..e..Z...Gd.....bv...L..;..}..a...!.hN.....SD.....XyH.....9.H.3d0~...b..n.Z#n...7...ou..Ng...._. .y........-..$6.}..rV...5......_.?X..g.(BP;...1B.....z.M......!...`..KE..9.<.?..x..!...r]8\..)K.L....;Uq.2..G?..Bh....L.....z.-.u.Z./..=.Nh.?..S.w......_~.4..1.Tk.X....?.pBT..2.....".n?xt.(.I...[..>.f..C......`.r.,....bvKXs.]RIa..0.....m.`...ot{\...C..+'.`.. g.a.~}.o.\....*..T...W.%..f......B........t...rV7..gg.R9..$.|D...~A..4...1...3........U0n..>...G..-..~%..;?<..I......|zn.6...nJ..u.W..]..0..Xh.!...../$..{#.....g.....&ej.SU......%g.w.$..5...h..b*;..m..@sl.....>.o.~Xq.C&.Dy...Tv...v{HT7.k..Q..}dPEd...4.~I..$..--i/.>..S..`s..B......n...!.r4E.......".F..z....[........].f`....i._...=..Lh..&..W.v&_.bB<......4.F...V....y..0..!....fJ:.6.`.....o.. ..tb.....1b..Qg.S....-..
          C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.835211192783253
          Encrypted:false
          SSDEEP:24:0+7L+VmnvRfdT+0G0Lp7Rj4UHjqpET0zkvPUh+G+0j:0+OVmnWq1zhAoP2+Gzj
          MD5:93D38B1CC4A1A0A6295E05C7A7048872
          SHA1:DC38385C21C11EC35C8008A1BC5D2FBF209FA94E
          SHA-256:573C3CEAB194D640EEC0582D0D298F3A2288FD4382DE6BDBE353709993A891B9
          SHA-512:023DFE4484AF2959D35BB8028804D207AAF84F13F23B2A84E6E723BC4D233FDF5370DBDE21B0C778F36ABBEBD6431AFDF3D2AFD532CF719A74B1E1580CA71F6F
          Malicious:false
          Preview: l..{Q..,.s.Q.P5z..5.l....f.!.......S.../943.......!...n.P:&...2.....E...._0f......3g.....=..8I..uc.T.`.....9../EPc8Ty.l.:.SV"0...l$I.uY..)T...B/....R.bbb..0..U$.[&.:....A..hu...r....j.............o-PG.1....V.*bb..(.2.%S.f....P...I#...H.....|../J.....V..8A..S....5.)w.\wJ....z....qA......8...q.JmC.Xz\`v|.p-L.G....NwZ...S..W...l.Sp.PA....p.r.v7\'.S&.dY..$./y...._T.U.t$j..H.?..&.A...$....rv..@&.H/.y.}..`.*[6+...`_......z3..r.V .)..))....Yd.....`..J...c.3.,Z.X.....f.C...S.R.*.U......y....s3bS..sw}\...%...T.v....N...8d....i.:....Q...qv...!M...g...5....s...?`x...c.:....G!...+.9.......i..[4.]r...4.U#y.]..d.v..$.A./...U:....y<..o....d..0..].T...Y.^5.>..*..l.).....7..D..'Y\.....Et..!.....J..Il4..y..P.....q....z.$.c..M.g2c.Y....I........s<q.#..#..`ZVW.C........|j.4..I..$.i.D}`...+..g<!.....w.4/.sDV...|p.........@@.w.\.Ju*.,dzH..a..Wq.h..i...H.{..\SSw..O.r...t.gH.g;.,.n..S}.<....i.d..T7...E.>.......k\....7..dd..?...1.a.....v...I..e..
          C:\Users\user\Desktop\QCFWYSKMHA.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.825794666494897
          Encrypted:false
          SSDEEP:24:3RoAi+/XJg6d3OjXko3Q48liLENan8RnJ8pYADIPnjmOPUhfB:3H5pejzQ858Mp3OrP2p
          MD5:7F6BDC600396D66BE7F8344CDD8E7137
          SHA1:4E750510169A51814C724E02E1A91000F2396F56
          SHA-256:774F2782C8510BE4A41196DA9F277B091956B56A0844E43BC2B2A17FBB2EA76F
          SHA-512:6B6D561CA54354F4047EC6B4C55B082D50B4A715EE10D90DD4D877112471D70897C4B008DEA3921F66EFCAF166E4F6B09B0E401154B42A6A62BFCC11733BADA5
          Malicious:false
          Preview: 6.v....W..g`:.F..P....6.JE.(.......k...i.z*..(..y.. ....^....y.&&..._ig...VT.hvP......).H..~/q..6J.....9......U...G.....x...[...9b..1. ..P.L0.D......|.,..j.#......7.`k1.....r....7..vs..5!..l(.e..T...^.$....G.0p......h.M.c_.)....y.Z.....k|Z.~|........;..~..h....@.0..&...2...Pk.VX.w...m':Yc@..WW=.c.e.-.m.(K.H4...S......J.m..x...!.u..O.../..."@.m.+(..>9.9@.>Ay..%.!~.....U.]c.S..{d......Ut+..Q.m.Y......|.....b.u?..O...,..d....p..&9l.......6 .X.. g...(..~.l.l..X.. .2...rz..!(=.3.6...?...d.4K....q....x../....v..).........KU.V.i...CV...D:.>...C9..l<.2^...f...du.....r,l"..k}o.......l...z....e?.v4.5..B.....yvND.h...y...r_y.....,2...X...8..[h>....w..>....E|U.......v....R...l_.c....2....Jg.....j..M..../".q6c..uI..c_....dF.....-...x..~k8....-....(Ki..W...)aMB.!x'...=...~$...t;T3-P..v.. ..sISl...J.T;._sY..p.....}{.Y.hX">.t.Z .C..6DQ.2[...q.F.M...{../.Z.......;~#...5...2...O..R.nwyO.... .l<.iOYR..xm)./._...S..a[F*'....tf./!.=..:.....{....
          C:\Users\user\Desktop\QCFWYSKMHA.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.85960031860197
          Encrypted:false
          SSDEEP:24:oIstNa1iTu7NTmkSe7+mvC7eDs4JmllPUhr39K:oBNQzhWq/a0s4JglP2c
          MD5:A4DFC3EA93EBB367F9AC492F38ADB07A
          SHA1:161D492C12FC55B42DB7DBB69819EDFBED10F32D
          SHA-256:092A1B289ED6241FC0EBDE1EFC6A618FB5CFF808393D931614963B98F2139BCE
          SHA-512:E1A1583D700EF8D91D28185BD4C1A1A8E00D954A1BCFE56E1767596FC76BB9012D8E8AB893F013C2644DE07C03718B5E9CB3309E9EFF1EDEB4276CDA364F7381
          Malicious:false
          Preview: .m._k...P...4.M...<J.W+ ....f....6.*@k..V......w.o..Q...B...@.....0..=..E.~.Lw..W.....7).KLi. ...."..c......x.........h..zb..v..<m..r1..=..N7.i%d7.......]9.n..4.^.6=q....Z.E..%U.+~+)..Qc...V...a........MP...:.....d*...8.?.]..zJ...BI#....g1.a....sJ#..F....J..e.P.Yo.5..`....#..>..`x8oG..W.x:...,..~.'L......`.i2-.o n...9.}..W&G...,H..T....Y......iq..g..Qx>.l.f0s.\o.)...g..:........@..}.......V..J..*.Z.a....V..&....H.^.WU;q.Xfj.....__....}.1&.............N2..`x(.4O..Rp...KEbh....wl@]......Y........R.....B.ged....D42$1... q...`#.t3J.....__..J7..|p3^.SdVSni.$..\.D.W..QZ".c.q........~..*WA.8......?......P.fw...L.cy.U?..{Ta\..,...E.y.........z.......bd...ye..3..'..$0Z''..A.$.y]...P.tTr.u....>..x....M..7.L..R.|...<...55.%.r.....L....~.[....chP.5..x.[~..I....q....N.nK0c]... .D..}.A.[*G.E...R.|...7J..p..*l"..Sol..#...x.,<w.i.{.zLX).l......V&7c.,...._..L....n..,..`.p......)A.E..d.....{.Z..G.<a..G[.U(~..-.`v....b.t....B.(cg..Q.......vWgG.C(F..X.h
          C:\Users\user\Desktop\QCFWYSKMHA\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\QCFWYSKMHA\DUUDTUBZFW.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.830814357398315
          Encrypted:false
          SSDEEP:24:TLT7BCd/QOequd4z1fbZbqmXf6MOQ1QpyI4PUhu:T1WQDD4z1VemCc15nP2u
          MD5:9744F69D422EAEDCD3457167A0FF40AD
          SHA1:12020B4D3E2526DD310A5C8633283171CC506CF6
          SHA-256:35DFB521175953109EA824CD64F2EC353B3D612C5CEF2C191010912B6BEA9746
          SHA-512:92E36FDAA5D35C99818B5EF7942E236F520D7E02479141BF27E3EB14D1D3E1C0DFBEC65F8DACCA84118C1B7EBEDB316B3AE178C104F6EC809936626D19668B38
          Malicious:false
          Preview: F%N.a'z..M...(y.4......j.3R.~..."....V.h..l}p.Y)....A.Y.sM..3...d.U...+..Y>z.Z...D).....3..(.......8..k...N..G...U.../.....}...........d.m..Q...I3j..;....y.....[m.V..&..1!.x...V ..`_?......ekl?..u....,..`...........U..72."/O..." ....S-.B......K.-.c...n....@/.C.I..`..m.#.T..)......Ln6N9s.0j...o.....R,.....:.%... ....-m..TyHvp..t.\....%....g}.K..Nn....b2v.....sr...#.A.:...?...2xQ.*....Uh..K..t>..].j....&]..o.6..p...&d.|.P...jN.Q.b..i.*Q...J...3.`......)!.AbE..E...)0...6.,.=.q......!....9....].[Yp.. R..,Z<....h~."..x...*Z.*...s....,.32.M...|Kp.$=.6.&.p...SH...].....]...`F.....Qf%.E.,}..B.....T.y...).P......k}...<].Y'..8..{......A........EU...<|u9..E<ND.L...,.....-.[V...e..%{o~.k%..B.G._.Sa.....~.....b....H.\0f.y.g.&......rH..>...'...$b...D..9....cF $....?...S..m..y-.H.9$}...Ew.L:..Qu{..M...3/+......a}.....G..E....pz5-.8}2.=.D$...J.......w7D!. .8....8.h....i...SI.QZc...}..<....i........+.X{..?1..)b.W......B.....~<1|t...(...i..j..6;..L....<h.....I
          C:\Users\user\Desktop\QCFWYSKMHA\EEGWXUHVUG.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.854424284848731
          Encrypted:false
          SSDEEP:24:SbYjck32+MUgykYKSYCRlJgtr5eT6DQyYcto7+kTmIPUhdrp:Nj7LMUdOdeTzyYcqagmIP2pp
          MD5:4DD2712082ECAFC01E79A24C34C62FFC
          SHA1:262173784C688424FAF07FB6BA2DBD9EA61A2528
          SHA-256:3D4FFA422D14CDD244F834D515A818230A882BD6C227CC7FF14E1595ABED56D6
          SHA-512:9945E51837994FD1D7DBFF353E5D75D46457CFE86E5D4964A49D701C13D4B32B6C51D9DE147C0BAB4AEEEA64106785B376C1BA933BEF82967B9C11F97FA94A89
          Malicious:true
          Preview: 7B.{....H....a.!..].sQ"..H..u.6.-..7.W..N......3D...?.zH;.....6.d......?gF.fV..|..B...L......0d...+..amx/..=..3Y...4..TS.._..'..=NAA.qr....vm.l.i..n...}G.rGs........H.....F.T~\.......jWI...D3..X.[V....K7.\.0.dy.h.X4.n."..M.94E.9.rc{.E..9c..^..&..A.~u...M.0..&..K{_|.~^.U..3&...H'.............5^7..cR.T..p.<.......q....kZ......._....1V><I.!.KCi..,_z...+s../}...$....L.....E..stHtV.k...XN..=..}h0.8...:w.I.........E..r.u{....+.xj...i...7.....T.........S..#.$.z(...>.>.w...W.......C..H..d.].}D.3..t_.v...u9....w..n6E:pL..+.:Z....t.-..wJ4'..Nvq...6.....R..I..ly...J.On.wul.....klD=.].....#I*IoUV.U.....[.........;..T.......+6'.eA...7...Mv..L(.BL>.q.s!..=w.[..R.z.4..O.}..........nA(T"..Z8.0.Y..?.Lp..1........W.e=E.......e...d....F....~k.$S......T.'..W.....w...3.ZrM..w.jNxB.......H...8X}....\.._.Jw.V8Y%.a.........^...0..k.9..~.p...H.....|..........t........ r.WZ3..hZn'.n...[..!..-.n#.LA-=B|>..w.;...b..}.oe(.....MSSK.;J...7.......L.l..t..tk....o.......^...
          C:\Users\user\Desktop\QCFWYSKMHA\EIVQSAOTAQ.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.841277493458046
          Encrypted:false
          SSDEEP:24:OoILF2N5p5+04iatF1A55zfAspkNbbDzDw3CnC1ufrFRGhDqPUhC6veH:FIxI5pqioFORAspklw3hufB8qP2CnH
          MD5:860791F223339EB15AE3DD63CF0D2D1D
          SHA1:7C311DFFF6DEDBEDEF0D71BFBB934DC33672958B
          SHA-256:89CF374816C8A0F3DBBE38C2F94BF615A6C407F52B942193209E870F6D830542
          SHA-512:E52EB3EDEA5D546F650B57195EF0DEC7C1D97AF598FCE82330FF8707BBA38967EA8C3AC59BE47525C7BD52436FC33E7F8DCF8202CB5B98332EDAC60F41BE3352
          Malicious:false
          Preview: ...j.=w@..f..EqD.|.DI...(P...@..O_r....._.x.....x.7...bu.B....K..ENU...w.!...]?T.....SA.Kzc....OyV....D.1D..nl}DQ6...A.u...[.D...9.A[...f!.T.6.h]n.(.....3...+.E.H...*..Wq..R.fPi.S....F.<N&9.by.S.........Ru......sH........_.......lF....i...c.P.\6L;.U./E......<k.qEj{.'>...2Dh..t...^.7...2.MD..H.....q..7d..8.......6.L.x...zh...Z.E..{.u{.;:N>.}..g........8..)..L.7~.a..F.:....G..\...WTa8BlS.K<.>.X...kd.""E..$k..C^.6.2........zS>.!.r..]\.......r...dl......zWr.!|k~Vw2K.k..j..F....w.:...Ax.z.@`E...m..o..'.:.~B{]....|..m.-.=.Sc...M...aV.......U...ZD..J........q#..o.G. vXg(=....bYe3Jr.t......./....N.]S..U5."G..tW....6.;f;.....(..c....r.1a.x...7 .,.....7.;........h..0.]..%.].Msb.<.;.@.......xw.,.y..+.S.u.!...../x+..W..K...'U..Ti.KOa...o#.....,-..]cE.F.....tX\9!...(.,B......Nn.f.p...O....t7G.|6............z..l-..st.|..S.`...}.P......./...g.hvT.;...'G.??.?.+.y.Qh[.}./...^....!...#.W..\.3D5{.Hq....3:...(..)g....jd ..?JF...h....X...gz..0.
          C:\Users\user\Desktop\QCFWYSKMHA\GRXZDKKVDB.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.829818893039267
          Encrypted:false
          SSDEEP:24:Uw94QSFH/smhR525zkMWGc02QFHbI0nAtEAvTKjLjG4PUh6zW:UlBFH/scQ5zkXlQF7q/6jG4P266
          MD5:354398ED5BAD7E54AC72EAEAED942A77
          SHA1:E534D72EE6776F94C5D0D2415679557D00C5566D
          SHA-256:211A1D4497B170A4B52EB3E7D39AAC3105D88BEB05F24724C681CE35875C3D8D
          SHA-512:284C38804AB5F869D76B427D946C2F5F82721596D5B43E8ECD850E95D0FF866BF7AAE7624FCD2376F5DE44CC54C81D0F4F9322DB2CF8A4C23B5C2358D56B1CCF
          Malicious:false
          Preview: %..o{Wc.X......6f#X.g._6..m.~.)QC../B..VF....C...q.9{.yW."..0.w...Z.....TIuB..KK..(.y....'?7..u%:...<5g'j..Eo.o...`..c!....K.2..<..2.O.,.Tmkq..B..AYr.......p"...g..*.@.jT..c..r.s.E.n.HD.|.Q.>.....?..6.@.=G3.J.+,......u4.b.."..U........s..&$[..V:...<.....baT........V..........._t"."x.:A.2.G.bJM.`..@.......D..:.._.....4h....a.(.-a....q.~i0.......wA1H..m...y#.K.\...:4.uO.v....!..5..S{.~aV.....\D.UF.]b.7J\#..Z.Ou.m G.M...1...\;...s)Vq4b.D...i'.<.m;....u....HNd..A....c.9s..i..K..E.r....8Yd.....:....._=.`..B......u..n=5..4..\.....'..@..[;.z*|<.l...;..zW...u..k...0.g......r.....w......v..6]....#..w.X....jQ...!.>@...iy.v...s.(^..gx._........h.g.r.....$fZ..Z.kT..v.....N. 5....K...(.%.y.0..6.....|`.T..,.+W.k.<.......$...Mcn7..6..=.h..f$...6W&.Z=..h...]F@l..(.....0./.(..x.L..h..D}.......z'..3......}lO.~+K.C.c...R..j.A......e....1E..h..A.O.&..w.".....TF..s^..<_L.sBa.[2.*U..*...........>..\!Q8p.b..A...0..Lv0.Y.2'.zdcJa.k...-E...)..^3..1....8.'
          C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.857858091333468
          Encrypted:false
          SSDEEP:24:Kcz96mhm5lkZlJDj9MEHJNImM5jZpnOgGczWcSrFpjcPUhZG:B6qY2Pf9bGmUjZ9+czlSrMP2ZG
          MD5:5B88088A9A88DD1656D22FC01047AC7D
          SHA1:D23FA42A2271682578BC37E74244BFB1E00D3973
          SHA-256:73AB98EBF011E2C4F607A3B2965B8FE89D25D628B9DBCC0D2E50E0A8E23F16E2
          SHA-512:9734D1346BC850CB347374823550DD00E2E1E25938AD240E93E423222DAE7CBA3CBE956F80858C6199DBBD8DB6AE9BCCEB6328C5986B8B5954D0D9D7E8CCA237
          Malicious:false
          Preview: .`..hc...MN-.T.?..B..l...]p...?....+.v1.........I.1.e}.....S...p..n..slz..P....hpM..v.dv..]..cX.\.c.^`i.5....YD..#.Q.u.........>...1..B...7...Dm*.C.8..Td..{u...hW.Xw...... .V.........AL....|.._..wa..n.8....g......`.}+,.....<.{>.5...\..f8".M..&B1..mo.:QE.e.Ie..f..:...K....Xih]..\......O.s..K..f6s(..4.;x....ij.4..T..~.%......<..B.u/V.d.4|........*.,.r5..*.X6..N....X[-..p.Y...#....#h.V.-..V#..!..........>..HWvx..&?...z...?...k.*..n7.O..ui....(_..R"p&.cm.....d.6.N...8W...-......:.n.=O<k2kx...-D].........m.[.Jz.>..D.......("E.,..G..B....|k..,.H./....|M.]."......$W&..d..ul..Rn.....m....$.*8.5t[.5|..L.).?".$.;.a.V<H..F.>...+.N. /......<iR.t/...a..+.........f.[e...b..b.rB{@..\...r.]g@..c7.nA.Q...lm].p.X.|-.uv)..........f(...J...l5..9...w.xP....*y....(.TW..E.x>.T..Df...*_.E.P...m6.hC.8......K.._.......l............o5h.u.0....=z;..S....H.....W.<3{r.{.P.Z....b........!.}9..^gV....n..?..`x....V +.V.A.}4..O..V.$@...!.,..a$../..>7.'3.D|.yk.W.".{.U@
          C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.815595818848198
          Encrypted:false
          SSDEEP:24:ItrLqd0sWpguJgvBjWbw+sMV9M1kCPUhTXv:ItP+0sKmv12V9SPP2T/
          MD5:A860317AC3EAC38C810168F14363EA03
          SHA1:F9E4B9758A33F4766CCA84A739698A81B190BFF5
          SHA-256:7470E85C02FA7643E12DA813859B9C2F263E5A8B3D4FC7B7962FF72BAA693F0D
          SHA-512:59B4BC1CB2CF53DC265E7C50CFD56315DD3AC42D0C14B1BA864482171CABDA0FB332B5DE4DF4DBF6FE351E13D1A5BA0B042EA27F05E9917C707CE64524159202
          Malicious:false
          Preview: G5..j........k..t..2-[...O..f..2.4.=.N..|.KK.^.yR......Z[e..1.T;{...+.).5.k,.ad..UA..4...x..7...i....X..l........5..p.>S.g[.ZQ._^..p>VC.K.IY....CH...1z....$......I....x..B..S........9..v].s.*bTT.pypp96...r._.....o.#\..?.v..._..K..WK....&....C....Ti.]+.W.$..wN....vS.Y.?.x..v..-.g.b...D..1F.-....&...j.@.r.]Z.)@I.D..@k.G..,.y....f..F.B.T..5.*}\.....b...\\...(.T...=.U.+.5}8.g..V.....S..Gx)...Y.....AU..N......E..D.Q...4V.\...Wp..G.(..xh....;....`yvX.t........k=...$.[.+G.s....P...5.5.A.F..E.E.A.}{..}.9...(ut.......}LO...K.=".p....i..?.w..s=..v.1..Z..*....lv..J@Y.:Rs.o.0kcu......;.H.....C.J........zY.M.....o.t.`..O....=@.......b....... ....q..Qj...AW[.....h.p..'e@^Q..!|.0...;....I.IJ.+..{.Y.%......h.d.C.:..EJ4J.a...G..l..Uv2=....A~..?.I.k....G*J..9...{..F.%C*>.e!},..jj..u.o....<..q.C[y..\..W.F.2....U.........:..r.p.........-..%Gc .1..{..k.Z....K....iH.7Sl.._@.R....mj.q.%.;h_... ..c9_.#.WE%{..U....hS%.Mj.zm..8.&...8..\..I......<...c...`$K...jwv..p
          C:\Users\user\Desktop\QCOILOQIKC.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.854853523176059
          Encrypted:false
          SSDEEP:24:Xd9qhGW00Nhiej8D5e0PirPupSfJ9gV6Sd/VzzG1TYPUhJoi3:+Di6CeP2Sfe6S1BG1YP2JoG
          MD5:C3B33F84E48BD0224C2709A411E012B4
          SHA1:E6EA65CA0609A6E83B895F6D6F7CD46CE799113D
          SHA-256:81049214A7339C1FE02C1152B4D0CFC6DC11B95B555CC8B41E4C9C423BA3AEE5
          SHA-512:75FAF5FA40CB764043B7FF702CD1CCACA27C6D1AFF4066167B06056F1D4266BFC6548774EB900ECFB066FD1626CF9A14C4F1CFE185905A728A7E05564A9D6D12
          Malicious:false
          Preview: ..d2.C..Z.8B..r90...}."d.v......T.....t...m,..`..l...WiF..&...,.v..h..2.u.K...R.\...~V.:.Rw.5..=.8........G.......*`....A..#.0H..T.z....y].S.......}5+;...<a....>Ly.T.,...TH1..T.P...JL|.)9Y...@../..v.&b..O.0'.^.......&.up..v...f.Ek..#.......".U.;..[........uc....}.slD).R.v....@.a....`.(b2.....bCN1/..l.x.NQ#..>...nH.).A-.-.Vbi..?.../.....i?iF&....&....Se.TR...Z..... ..J....PB.ME.6.+...y.a\..q.T5..9l.....x.....N.75+.t.......-.&.wfM....N....],1.>..O.sq....\9.$..[D._T$Y.A........K.9.o.?l.T....@..N.aY...........0:...p..y8...{/i.. ..s[...|{......Rc...B..f..v.d....G.9.......P..,.1O...#..'.. ..i...1Mn+M<^1}..Z}..-.........lN.+.Z8.Ay..H..u.$9..+.Q....m.&...W._...)zN,.<.,......1.F.oA.w..#..3/].R...~.lR&#E..#...T.;....4.N..U.....'Bo.U...a.....u=..........b....}.Ea\...f...r]..]..|..5...8.F.n.7..........=.5.... ...P....Ct..aP.U{....<H.a..a|..*........C.J....`E*Uc..3.K....Ru.y..WL...<.{4.Z.|..LB.....fI.........`..y9.2...d>.W.w.F.B..RW..R..R...A..
          C:\Users\user\Desktop\QCOILOQIKC\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\QNCYCDFIJJ.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.846318446141036
          Encrypted:false
          SSDEEP:24:Eyskjq2y7T8SZmdSQE62yr4IMY0q688ZqYtk+RTJ8VTugzFyPUh22SRuj5:tLSX8qmdSQE627IME688ZqY9T0TugzYg
          MD5:CA64FB1DCFA7A79EF2378753822FAEE8
          SHA1:CA0B6DABAEF02AE0F76CEAED908F33A96DF69F50
          SHA-256:3D50F5F8F67E6590DE2C0B399A65882F7DEA6A173B7DA9A0EAF0D704FCF4BE50
          SHA-512:E83F3D0511F0648AEA33BB614BECD7C4285B1FA2E0CB62590C354270C75BCA5BB18DC0072A0318C80D384AC6DD35B10126204314A6DE383D0927DF09876A8790
          Malicious:false
          Preview: ..`Er.1.'......LX.E...f...r....|.)&.Q.E....&...&..D..6....Q .(..doW...I ...F.o..v.6....`.m...w.....*...P...........].`......*p..jh.....df0np..(..T...Z........._Zi..u....+,.2..L.....$=.hn...M.T.G....D..{...B}.C.uy...~.*'$........](..."u..........a9>0..+C.!./.z.l..Hr)".=L..3.J|'.|......./.6s(4...(.%b...W.2A...Cf.,.<.~.MZ.$9.k.t.H..r...v.^...%V..V....I..'... .W....F.-.j.P...Eh.g.m..(/...i..g(.....d}.47.9'C...6...cBE....>^..... .Rz..iL...f..W.7....GZ...,.ZH..^`.J.cH ...E.8.P.|d....@......9-.......<..gaS...m.OW..}..v.QZ...x.&....M[.<c^b..x..jM..cf.Q.D......!.+.^.......^...........p...aV..S..$...Dt.B._...|..dNy...".i.v.L.0:.`.q../.w.......ooOF..T.g...>...^.py...Jq..>.......I..[|qI.....5.0.HZ.|......Y?...R$&N....&w..29.9....k...n.y..k...n....pG[.......).m.?....r..Y..8..v..^Qw........j*k...t......&.joK.[B%...e.6.......h....{...].'..x...>.4.....|. G../a.......n>.....x..H....>&........Q.L]Z....,...u..F.(:..A...o.>...Y.F.,'..C"p...nk.....`%
          C:\Users\user\Desktop\QNCYCDFIJJ.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.840502706517001
          Encrypted:false
          SSDEEP:24:62U3H6Au9vR3ZM1Eyh49PK43Mnvfoaa7acXuxPPUhjX:6jaAunayyh4Z6nYT7a6MPP2jX
          MD5:A97E52F952480ABBDC03E753CCF13EF2
          SHA1:0FD218D11EAAB705C888B8509952CE13EAEDF91B
          SHA-256:1987F3542B4165403E799D5583187D279441AC104C52A951F10DF9A96C7C37F3
          SHA-512:7268BF45B30D1060C3F35BC405E591F197C88813BE728BE312D94DA722F23BBD357B39A2641CE7A4939E4D72B3442CB73E8189DDC9DE868F3F7612A7317B7A05
          Malicious:true
          Preview: .m.....-.Y....~)t`l{7.....'..'...f.vL:['..A....5.......P..i}.8dED..1-.w..V0...4jx.....`.9...F....8...qu :.q...,..*...zZ.2....!.T.cO....U...v...`m(..s.".=G...j.u. ......E.|.Vl.......+...he..E...t.BQ<F..:.....f....!'uz6.....l.LD.;...O.cj.UL.o./..}.....z..n.T...y._...O...@.#..N..ZSm.@.. ].d....-........g..*.F.Yu.^g..5....+..w..t......n.rj.....H9.|..0......E.2....-2J. ...^..\X......w [..#..6Z......(..X.rj7.....1v.;9&..`.r.......#...g.k..4/.......'.E.x.Lw....{.B..npJE.i...\......Utno....J....z.,...t..T.1m7..,I.D.OZ....K..!..%.J.........~.$....Bn2tE...R...w...f.D..."{u....Al2.y.@.Gw.ckz...F..5........"._.Sj.?.#...c.h..^.`Uvad....k..}w.JlYI+W.z....4q..j..k..6@..4.d^.....c:......4K..2...v.T..8.t.W. U..%.5F...r.#............I...}...+.V...T..nx.X.|.......H.LC.<6R/....T.$.h+..JTA..iJ.......F}h5.j.W...dl/.uQ.<?...n.}WdV.P&e.m.......B.(.....G.c...d.H...R.[...M....0a{.cM..N.N_..).p.....r.......h...#X"..F...#.....J{.`3\.O..{d..@..R.4......b...UR.V....
          C:\Users\user\Desktop\QNCYCDFIJJ\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\QNCYCDFIJJ\GRXZDKKVDB.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8572523413214945
          Encrypted:false
          SSDEEP:24:ksOhQrwMU/2g90UBeWnQFv3eX4yPYLdD4EvNNpCzxxLFm5RihSRavj0P+TPUhRa2:ksOqwMm+vF/yPGSEvNrCzx5FmcscP2s2
          MD5:560973B0551F87DE31954B705C84237A
          SHA1:80C685EB6E8A4F034A44DB15FD54CF4D18B84C7F
          SHA-256:8046B33437DCCBEA2B2CCCC0F893442776DC72C3E1B808ED17EE236EBC24D51E
          SHA-512:EE24B961B33267D99C2A36204303436082AB3A53DE72EDB9797E89BDF6C840F34F5AC12B502DE83FBFF540034254C12E9DF476F7C6C3C4845A9F09BB75B356FC
          Malicious:false
          Preview: ..DAj.......e.T..U.D5....5...-2.:.t.....Z,Zk\0.p....'.l...-p.O.ZT..r..].+..J.Z.O.S.2.X.....%h\..J~.@......^._...Vw.[.......SG....r.....:]...\..D....t>.yI.Q5*a M6.9..{d.~G..e8c.%.u.^0......(9.!e4..v.a=9....&a5....s.$c........m..P.kK8..........kQ..E...v8N4*...../..p...&.m.3...J..).......d=.&.H..e.yz...b.?..3...iR.....p.)..|.=.Fq.}..r.........a...3....Z...|.b.......J.@.[I.hK_.....v..G.0x.N.rW.. .\..o.}j.%.&..w..BD=....dz.c...L.Yp..e...BOZ..z..!....t..~8.D..Z..4P`K.L...@...8.......B/...c..7..8.=@....>..]...l..8..,M ..6.p9^T.Ufp\&|...].RL<.g*..........AD..z.J..9.1.......'.G....[MVB......;....3.......D4..I....t.z...@=.%.H3.L...#.#g_x.%.M..9..f.v.../...K.X,...).#...QR@...U..Ak(.K..0Ln1:....8..@\..pK....^m....../`.Q..J..c.s.<..8.......L...|.Fs.!^...o-xg..e?.N.q...av.zJd..y....X.k.......f6....mF...%.n._7.B..}.A.1.z...M.|.mg=VZ._.i.y............\.n..s..v..;...'.r.....I..sQ.m.nU..NJ...f.K.....Fr.i.....j..?..I...|.5..;x<.jC.k.18#D..?\..}..o
          C:\Users\user\Desktop\QNCYCDFIJJ\NVWZAPQSQL.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.832750927828314
          Encrypted:false
          SSDEEP:24:i+d2jN8fmDdusGLFlF5OhuAElWIxiWh0Msd6l4GAttPUha6SCZ:i+d2h8fmAIx8WimMEGADP2NZ
          MD5:1E007A7856EEA291DACBD8AF47147C33
          SHA1:6AF5D29383F52DCC3E23E04B3F145790EFB1C410
          SHA-256:A07CA78AB0A6E07CC5137FFE3470021E8D6FF36B1A330640D207EF354FDC7A94
          SHA-512:173B74C4C6F5E652AD7DCF9FBD7C16F4FC97378E557C3C86526B1A38C73E8468308E32829C44161313225698294712CD205D668D0395697E963C671240BCE4AB
          Malicious:false
          Preview: ..E.3.y......wk.R......k..^..w...E\.%..M...P..mO.L...<..z...*.....Y.L...V.rL.B...q..}O.....X.h.u..tn"."L.&..c..:.:.C..z....f.f9l.......n..-...)V.U"..".2...&...n.Op.f&<.w./......!...u....O..DX.g...>....k...]G.......S.......e..Oa.T.....S$.....0\...a..$$W.()...>[..D...Hv.....G....N..}.a*..".$n..Yp4.(S.=...);j......qr.<.....z\..J....S.2.................`...k.......&.u....B...K.....z.}........j......m..jRx.)6...H...\....$......OM.3...?....A.&B....7...# ...V.....Q.J......p......../]xF+...EN...(....e.!n.........f..5..Dc..P..;.C...._..;.K.8G..>..U.'u....:>:.~0.t.!e.;..R.E.....]r....e...g.?.HR.|d+..Z%.TQ....(.,4.D....7.'\6.(..|.. .....e...g.kF...z.~DM.;.fK...9C...,.Q............(.....W.p.wK......B....Mx}...........r...J.[=.Ev..f.n.q......@.}....o.;.=...o..O.......VIp8o.(.@`_I.<:....m F7....j.....'2^.......,f.5...8.ROk.Z....K/...$.J..._H..C...........B......|.Rv.3.%..3....(.S....6...t..N.0h.......e.j....F..g...........k..2s.....1..N.9.;7
          C:\Users\user\Desktop\QNCYCDFIJJ\PIVFAGEAAV.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.838649693733602
          Encrypted:false
          SSDEEP:24:/SPFjJqOW6DRdhQ8K0emeJqnbjUc8mv0qtFtJKfKwZVnzT4oMSmq4mlPUhCxXe:/SdjJjW6rpVe7qnndtwKqRUEmhmlP2p
          MD5:694403EA01CFF31EECA91EB59DB70D73
          SHA1:1471E465D05DC752C4388CD1BE5AE0EF43C5DB76
          SHA-256:030EB5C43D5EE8E867B7D1F5686F1A0E3890B2E760A541CFFDC578BAA67DD3E8
          SHA-512:81571B7C00BFD23529898E3007F29A88E09E2DF962722DDDE68ED291B01C6B0C70380EE59898CCD6CC3E17D02ABFA53E90B7A1EEE4D16A69C400FB2D65ADF82E
          Malicious:false
          Preview: ....:.S..Ba...._......~/..T.=..R..M^...".L..*R..g..'H...+..r.UT..r3....I..l0.....M7%".v..W.).my......8..-.....%..|.lT%..N .X.q. ...@{Rl....SW..#;O.YA..I...ib...YU.*s..>T..mW........-..`OK.Si..s..@..".k{........s^.*......0(..mn......N.B. ...X..V/.....6N..OA..U..YDX......[y..8...b....P......]..#4.s..G.(......v..?u^..CBK..F..X.L...t.f.......B.....X<.*....J.G.U6...?6......@.h...Q[.&hA.......>b..".............j..^..A.t..2X^.."...F...D9z.0M."....j+.\..G....'..\.U8._Z.t.5..g.......z+........7/&.~.H........k.'p....R....Y.7...#....kU>.u........t>.!....,98i.1M*?7.K^vB.$A.N......W...:.............X.O>...c1..0.$^y...qY.."..;.P....S/}.=..%.^.V)oE...tN...~..Z3.+WLJ....Mu./.-....JD....0.g.......qp.V.....zl..SzX.......ef:.#......mY{&......DU..V.u[.m.v.wd....]Qw1.....)"...>.......5.j.r>......!m.7.<..,.vM..A.DaN.{...<.I.y..H..5.2jTT{..CQl...IC.....+.%...kq6....R....B...`...|_..ZM.?_d......Y.,...#`fK..O.?.... _....d_9e..u)>.r.}...........[..p..,
          C:\Users\user\Desktop\QNCYCDFIJJ\PWCCAWLGRE.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.834694004164404
          Encrypted:false
          SSDEEP:24:aDl5pBAI8b61RVagU73k8G4lQb8alR0MXCeBuH0f+9Q55ETpMedOWPUhXhE3RgvR:wlZAI8G1RvUTWZbf3CjH0f4k/eIWP2XT
          MD5:7D7FBD23D97FFBBB897F9E1AD620C609
          SHA1:D3C2022D4C4496B7CB48E79AD5673A1E8556AE05
          SHA-256:1AB52D381421B40BDB624FEDF9366853844CC2BFA7D9EDA7EFF18D59B09F43DF
          SHA-512:8789C41E9754F8FE2C873802FD3633D88BD360272046C9D903D025E1F099C785C80E1504240CF1DF00023A797E1ADF5764853958C746A6D2769663D0940FC0B1
          Malicious:false
          Preview: .....y...Z.).DqEE.{......n....I....[2.d...Mzf.Mt.....K..q>......s..#`..0..9r..QZ....r..q.G........i.Cn.A5.."..v..3..Y.2.'....n...%.I.K.:P.7c....M......H{-$..s...81i..H..5TG..5.xV.`...F0y.w.[.........y..".^...bI..n.*.....X/!..a.+.o..{W.._..Wg.......C.Y..ab..D.f.K.X]9...L.5H.|..z...J....1.|{F....;-$..&.H...m+iM.[f`.w...K.i.[..R......k8'..G......nb.U(E.j.p..Z.<..`....:..M.Q......."...w....../Z...ZP.u..../....^.....g.x..q....a..r.~..q.. ....:b.......H.3Z....fq..3....W.*B&rmz.?.. MP.0.S.....u.I..q..a..X.R.^.?.....[.JC_..g....}................I... ..A..6 ..c..E.....q.7[.......y..d ....Z..=."....r...7.=........eObw..c........w......e.%&..*.TS.j...K.t.......9.={.Q.........;I.*..gqkW..i...fbl.2.-...u..1....kl...|.._T.<.........*... [y0Of..Yl.i..O....)..."....X..[....1..N.&.7"qQ...N.E.*\.m.y..4.....:nH...@....A..Me(..[p..*AN...?@.N.g.D.{.."A..W....:{...H.SD....W^W...zc...K|.UL...........(..X...........z..3.:....+.s.....'E~..c.R.ca..,.T...
          C:\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.844168976176352
          Encrypted:false
          SSDEEP:24:8/a/3F3IcRVYLIuR95oryPY2td9RBFrw7Ff3Bw9sKC305kPUh75:8SP38psuzJyFf3BpAkP21
          MD5:AB9126EA2481F7D1BB86EF1DE7D2BA22
          SHA1:B6272989D176F931222458E4E540428AD5D64E4A
          SHA-256:C7BEE94CEE92A4E9FAF89E8ABD4FDC9AC229C5126ADB373A5D1757F77CA5E7BC
          SHA-512:380EB93B49532775C9F01BC242A9324D66FCE559F8081F95A8A3EDE13E0916527BE0C4CE44B7D6D9FCF8D79A79EA48F5AB80B505DF1B2A967EC61608CB95ED84
          Malicious:true
          Preview: .*....D.l`.G[.z#.V.....M(..n?._'...n...^..W.X..e.....F......1..@!...*..-.wr.M.....~.S....I%.....B....VJX.^..0......_....//.0.d.s.........K...I......).1.j#..NiP.Fg..e......2.4.s..8<...\.#...&.{..../.^.\'V..-._.^.....3.`O.....%t..;y..Z`..`l..v.w.x..8....K..H...9.......%....e...D............lF..._.Gp.Rh.H...i5.hp.V.........o$z.f=.CC\QC>F..)..7..>.7.D.l0..e2N.`..u...q.?...:......~......Z...U.(..:.mS....|..@...).d...I.[.qzn?..9i.P...FT4...H.ox4..;.H......k..{.....z5....+...N..<...N..|>6..@.....~..q.........S.?7.$=.l....J.!....7C[q..Yg3....#.+.L.....{.HWr.S$..kg.d..\.J....)......O_$....424...HH6..z...'.).g..N..1....O. ).Zu#.v.`G..3..s.FE.1..e_...!.... ...._...J.#.r...DeA.}T.oPu.V.....m.....M}O.?.c.I.....g\..`.X......R.........b..u...~.'%..F..K.",..3~...0..?rE..F...\{.U...h.0..}...../.z\.\.=....)../.....iv.\fN.H....y...2y|..,^.-..A.......G......6...&....5A..}.)T5.}.3~80..A..Gh........).. ........X.....7..8.o..']..C#T.......zkX..S..j...^..b.s.WU..
          C:\Users\user\Desktop\QNCYCDFIJJ\SQSJKEBWDT.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:64-bit XCOFF executable or object module
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.846337878834412
          Encrypted:false
          SSDEEP:24:2SRuhrrXwrnb5MNsP50gTNt5Kj2CL3wWFkr4KJhQPUhia:N0/gh0gTw5sWir4NP2ia
          MD5:800164146C6592450703A0A57B35B3EF
          SHA1:49F817E7E0F9FAA72B03AE72DF190F36D27D1450
          SHA-256:212CBB4981D9F93AA319F461589EE726AB4089810B4EB7BDA702E678BD52052A
          SHA-512:AA9E73A53E4444FF3B607C74BC686B40CD8FA719348ACF2F09BC6C0FA51CABE2251F0CDEB98D7354A5E00CB42A5F1E3D9740F5DAE3A878F6D543EA86097EFB56
          Malicious:false
          Preview: .....^.....p...|)..._@N....xJ.A.....d..1../...).nr..;..B[R)....+lW..)..l...C.....n..'.QS'mq.....4~....v".b.........:....8.S..J.9..I..Fm/.@..N....]....f...=.r.)gn%.....Q..=...,Y..Y;f..T.{G..h...p..X..9m!{!.|...[Q._`.............E.....%-K.a.g.}...YV_*8..s...+Fs. .....2.....-... .X.9.J-..<....Z.t.l.Vd[_|.&..S(....s9..{D&......l...B..........@6R.e.8,O..9.1.p..017.../..Y+i-.../....Ny.....#...l.^.~.=....u./..nv....%S......O.>.Xc........MO]..?2.9.....Z.c....3.G.].(%..yH.mQ.RW.h.~ ..{.......%.I(.+Wo./.,..|...Ljs\.....Y..L.........N....n8]....v...l..m..b_....]y....*.k...j!i>.Y........op..|.-...?.J.S..........Qyb.0.3K!./..mL.............n..c......y.`..#..E}......;.-.1.RF..vK..{.`.Gy..z..\.3.I.............o.....`x.....1\..grl../l..;o.\..(..6..[.<.&.2p9..~.ot..q..>U.si2VW.*+..ty....0t.....j..J......Db.8.(.Hf.l.g.US.[.2......Rb..z...Hb..i... ......6....^.3u.....^;k.v.....W....v.;...`.T.ByRef.O.....P$>_L..n..].........j........a[...@..=;..]....w..E.
          C:\Users\user\Desktop\SQSJKEBWDT.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.841857960359425
          Encrypted:false
          SSDEEP:24:oyOpOLvTel6OC5jTEj0jkaDNokaFmx+1h7vBYOxAHImpisJqPUhd6Q:oIeIOC5jTEj0jkaDNonFm81hrSH/qP2r
          MD5:22C99BAF18800061DB39CAA2ACA1CEF8
          SHA1:F30B23503E467910B74FF3F03B7A426D722B6DCF
          SHA-256:7D4A39793D109F65EEE2CFA323FB04F94DB0C1B85115B3BB8050EA410E49483F
          SHA-512:C48EAFAA30E1AE80CCE71480620D35B212C27F749C4A8D83C02517E168A2D13523C461567684BCB0F68685549271E9E727AE3B4E1C04539E0C0A5AE297244512
          Malicious:false
          Preview: `...%,?}1.Q..wI..c6.4.3.G.1.s^.......x....N_v>....8..kYN..... j\.;.e+F1..7R..t9[..S`U.iWP..J)..j!'i...S<q.c.]...k=.p\-...I.o.A....xd...t.o. .W.hV.9.}*P}...S...kK..V..,....8....r....................S.=81.Qs...J.......`...h...tBm..Z.@U_.3N...*....W.....[..t.&`<.m.o..@....."...alF....^...a..$.2.l........E..^..q..|..._\.}d. ..l...Ei.{....wyp}.....p../1?....xe.(.bT.........O.........~EB........z..........4..c.Yv.5......&=..vn.O.,.9..;Qs)..0.=.P..r.1...K.8.WS..5..=..^......2.6(.......=jB..V.RY..\.a$.?..*c..w....5..mP...[..d...O[...K..>.G].q4.Av..r.../.cWQ.R..vQ{.4.bmh.|.X.x1....I..A..].4..i.w.&.....S..ct.^9..@.5]....c......r....1..'...&..}..jc.3|>9........P..6...D.&...x....X..8!...bgM..E..._&V.-r|w..5IYwI.&.6e/...l..re..p.q..B.w".yE._a4{.&tWL..../k.......a..-.e.b2T$7<.<......U..>2..H'.3.....T|.`.G...Mk.s.Q.F...../4Y3...f6.\...,...nm fy.......[(...NZ|..A.&1w.o.$m.......C./....M..>...8[`..0.j..c..........V..*..<.hE3{K.V..#..P.k..
          C:\Users\user\Desktop\SQSJKEBWDT.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.825806861158214
          Encrypted:false
          SSDEEP:24:N+PQYSPW/X5mZwD+11oEI0BQH3yO0dkagGc6G/t/+V0mnZwdgPUhf8stF:N+oYSePGv17IoQHiOQzKlWVLnGdgP2Uw
          MD5:B645E2E18F5BF10EFEAD8077F84FE9C1
          SHA1:0BF60C9081E917BDD77452CDC52EAC0439AFC5D8
          SHA-256:5A38E6C7D8C5F897E7199468C2080571430159CAB654FB1DAF598F23980A2349
          SHA-512:70C53A47FEB97BDB64907C38017510BDA95D3399080E843F2BE214803A7CBD83E5AD0842EC101307E359A118E1BE041814625A4B628EB5F0DCEF2930EB6968DA
          Malicious:false
          Preview: .O]..z...S.[%...).|..^p.6..<'g .BB.T@XD.x..|.tS..+.C.F......7....O......Y....x..C....|.l...x.t1......Gk......Sv.....kE.BC|6.aQG.&..L~.X.CG.t...`........Z{s.xll.8....3...&..Lu.k.,..1.....F......sn..T.-f/.....5.j..`2&...........#.....+D..s..Q.`+.....B.....w..aEqU.........$...5c....7w..)iQ.......r..D0.3lN..l.:..f.Q#..:>...V....\|..@..G...$[...c..u7........V&..5...-.6!R.;|....+5..5.#..|...e..N..D...*V..>..Nk.7....e<..q:...o.....!....g.\s..,.Te...g.....x|.A... ...._.V..........uQ.......U+.......,h.W..D...aU.t...:t....c...,%.Bs...;..'T...nw-,.A.:..[J..Q....$._.o....-D.ik....1.....V..Fh)...u6.B..LpM.N....its`..Z.~M...m.R.*.2].../..'.d}pR5.n ..2..P.6E...".e......+HK.(....}y.....Q....TW....8..&.......'.J..4.#..AW..6a...Aak...5...",..$$H;2..L.=yQ.T..n.Ek>....H..{*%..&M'.qZ./...i.F..9.t.F6E.YW..H..i*...LN]u...I.U.>....5..x1.[%....{HjT......Yl>T.....{...Lw..[..I.......y..&$Zf.......jr..t.u.i..E&^...]@.ga\...,Ua.V.(O)E.@A....f...".H.7...2.C..)=......
          C:\Users\user\Desktop\SUAVTZKNFL.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.863058627659654
          Encrypted:false
          SSDEEP:24:s5t/pzwFUh9U9qcXPgAa2x7W0mNk2Rv4Q/OvPUh6O6:s5J2FUymCkk44QWP2e
          MD5:7284802EAAC12160A81D9CC1C6D3E00A
          SHA1:11659644590851C654DC6013BFF3B5EC944B78BA
          SHA-256:F092136E88439F8A78FE8672CD3B05E92D2D8F27005F0C5D03F8FB3EB73EB0B0
          SHA-512:E755626C27B57812C2D56BE646D5E54F8D66C51400F0A9F9C44CB6F090652EC1386869C612575E408991195BCA469844C5E0D8154B2A7AD48C3712C9AA89C87F
          Malicious:false
          Preview: ..../.M...|KU.........R.Po.H}.....SL(.....e..E.@......M....f..c.V.9..\..5c*x....KR0..so..Wg....][.t...... ..I.es.$.f )tWC....L....C3.....y...<t.I..I..<}.yPcO-...,....c..Ri,.5........+....?r.4`.l....=..?.y.....Df.Q....@.o.G..c[.n./4A..#....T..,z..f..K..\....}I....r.t..<.`..k....../....v........Dw...#d...&T.~.\.W..KI&B...=w...|.5Z...q..//..*...o.D..nD.........*S..Xn&...2C.^.E,...0E.........Y..l...].s.F..b.0...lW~..M.....e.W.`....r$..e....W...Y....v^.....1..j..*..;....i.gEb...s...C3./P...:.h..p...x...~...P.I{...9........@5.~.....:..e..zh.w..|...I8...1..@._Q(2u.Iu.F.D).o.".$..N....{..t..|...B...K.Z...2R.P._6w.Q.p.".....v..T...*......M.......|.)..xiO7?Lp.M.o....."h...m....+_L+.E\.....x;...\......Y..T.....!.7....mbW2........[..^.../...7'..G..[.c..f(%....C ...w"E........M.y.c9x.4".;.kgE..c.../..g.L...B5.m:.^...{.>m3..a..O..bR>*.......x'/%...~&G.Yp`$.........s.+iE....Z~iXl.i....--,..r,..6...^..Cz.`..2.1-....9..*..7....+-..!h..`.a.(^..$f..
          C:\Users\user\Desktop\ZQIXMVQGAH.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.845793391165351
          Encrypted:false
          SSDEEP:24:O4QyhSprWx1GOpAh17h9IjOveWs2iALHOYAPUhLIKb:O4QygBegOp2N2abRisOFP2sk
          MD5:15754C59C50F6637B6405AF1EFD63836
          SHA1:DFA74910C886693CCEC7134982FB366F0132A7AD
          SHA-256:ABD034A1C2DE864C4B7C8DEE5D01AD35392FC9F36BFAC1D8DE6D01FABB1E1195
          SHA-512:18D27EEC9B3EBED12C066A5B1058AF6592051C250A067FFCCB7965703F13FC1EA285019C7C23ADB8CB04027FB2742EBE75B2E7A82BD92519D1216CCC6F40A059
          Malicious:false
          Preview: ...P....US..E.TsK...J.........V..O.........;..w.:......*2.^...D.......E.0.c....Xe(.......A..s..{.`.zH..o...Jm".NJ=Kp..+.![........&.8...=/..@.*.I.5.......S.9.$.O.;.....,DB.t...bp..7...I.O.V....H.U^e.L1:.w...zb.....J..vo..q.H..:.r~......r..@Ce.....>.Y._..3#.....^k..B..g%...LF.%Z.....g"\...M/....=+....(..F.J.=..skS^.B..G..}..gj...G&7).......}.........yB...._A*TT.Lk.I[.n..:.f.1..[....,.9...h.&.^......./4.q..*)._&!.^E...W...L.`E7.h.j>{Bjqgnm...|.QP....S..o....gW.../...j?.cr..}..`Z..2..w...y.z.J........{y.....Z+.Q.....{d.e...O.._.;Q.......gs..u.F..m.=.$..P...p,...?.......&.I...Vu.].I.2.....K...#..B.F~!2..........B..FS9.tj.W.n_....t.....T.R.......cK`...)Rx8..J0.......u.u.....L.V._@.........m...HbQ`.A=......sEJuJE$.z.... ......:..E...8..l...<..1....f.{J.)K..;.i.7..g........gS.&..g.w..i.)...}p.._d_.5(................R.x...X.-`^G.e..&..8./e...". .......\...7.W.P...}0...h~..95G."....l.{s...~...O....5y..R.F4oB.WA.....Z<>....?m..zv...F.IGS
          C:\Users\user\Desktop\ZQIXMVQGAH\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Desktop\ZQIXMVQGAH\GAOBCVIQIJ.xlsx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.865129893858218
          Encrypted:false
          SSDEEP:24:rRZc5K/0KgUcQIP3R6RqF6iuWscJaoxMfq/iWrt3v4ZsoVme0PUhrIzALj:r/c5m0Kgv/RlUirJCf4iWBkNIe0P22S
          MD5:4027FF4E8C7531055C0E825DB402FC12
          SHA1:F357D39595D803265F829E42E899899CD0952FF1
          SHA-256:1970B6781F62719D4E747D324E3A676C3DD24D6F41F281CEB68E4BA8FC203E45
          SHA-512:2858E96A7652C0A4E93250980F7772DFDDEB344B72BD417A7A48E26C0B7AA2C4FBE1193A4F74B5AC9B5F639171F74FD0280F450A848EA1BCEBD25438A90B4195
          Malicious:false
          Preview: ..O...l.P.x.....Y.....7.........a...:"...W...cr.k<7....Vkw .{......h.J.ka]..e.^5...$..j..M..RtS...ELo..ert.+.~ms.R.Ws."...dzW...q.E....._..]..*.....M.u..qv.R.........<....)_|.[+.J.I..u?...".M..M.x...+..6...^b..*.[..L........2=^..p...mG...,...W.$......eq.=.;.W.......y....x.._..i.c"..:.>.Y{..LxsN.z.aoTG.DC...S..}...U.../<......v08k.,y..t~..L..~.IF.]}.<-.G.m...F......h4..c.I...K`z.y).3...QFb..PnM....../..8..|....6.....Z|...~..4'..........,l.BF ...7F.k5.oJ...l...*.].S....T..~...h..NJ8P..w....g..$._.1p..q..p.x%..M..,.=...=....1..Ir....W.......,|...F~.'NT..c_.U...h.9d...\..G%k...s..=.-.Z..<...l.W.K.Xh;.;*%~..G....T.t....T..<.+HjA$.=..m.....D6...& z.V.-.yv...w/.R..Kj.r.C.....X...p. ....d7?5...&...?.....b.|.]..|..O.U.6C....!.f.G.=.)..SY....."s?..j.MWK...Mq@m)?.....&?....F.+.$.<.8v..........Z.Q..E..>{Ja.$.n.k.Z...y...5.=;...e........Em(......*....;.....e.....d.1..!f....o..bp.+L.....;d..Z868.f ..j{.NA?g|3.....E..V.v.6:5c`&0.A.N..GL3..g\.#.....F
          C:\Users\user\Desktop\ZQIXMVQGAH\PWCCAWLGRE.png
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.834369829768961
          Encrypted:false
          SSDEEP:24:8v8930FDDVtHX6j2cqM4hxaiq0GNKM/zCPOpdqLPUh55:8v893KDZtKBqM4hxazjzS0eP255
          MD5:D6AD80BB00BC3A0E58EBB8B05D39D45C
          SHA1:7BE839E90D1C0D5FBDFEF97263699AA6FDBEFF91
          SHA-256:0286610A5294E84A45A2D352CE57BF518AB1B840A144FD30B4B3EA4D1E25CF1E
          SHA-512:1928F075B0EB90C13FE824A55755BF3AA87833A21DDC07F337CE3E24DC490E0BC0810321C6A6F3A4E15AAE045385838662A5D86C7214B7B9A0B32BA6364FAC0A
          Malicious:false
          Preview: .G..u6>..{.|..yq:...BF.......f64..X.m.1...R...=^.Rt....4........-.i.......Ves.a.V.R2vhj...2..?Q.8..=n........B..&..{....?gO.A..2.l....8..V...1...F.}...x.......a.<..V..l1...Sj!...L..@.... .1SvJ..t(..P..P.E.E.........q.f.JV...MR...,..D..KT:J......ay.8........j\.o~...ON...a'Si@I...n.D_'5.~.p.L.o...:....`.l.j..t..vF......6./.B.?+h......<...W/..bkH...t.^....+ .<.......VwH..\4f..@D.H.+4P...-.(W8x..'.)@9+.....S.p.m..:..[..}..&<..fc.. ..f4I.........$....].&.V.:N.|...5..d.._p%vq_..u..}..x.J..9..3.M..R...........P..#...!...Q>.Z.....3v).L.4..s..m.. .?..a.NqMz.)..o..........-...H......}m.....j&.E..C^.I..J.....u..........u..t.....^.mU...?.~...M..!,.+6..u?...F.f...pV....?a>./w;..o.ra....qxN..f..0xm3'..V.|..8.k.P.L.u..#.%..s...]...z.....<\.Y...$..d.!of....t.(C....7....;3..d.....B..]..gM..S..p.......T..2r..:..m....r...{6.FY.>........{)..g....t.....jp.~......@..ZM..jY6.ot..<a..#W..g...=...r*...M..l!....>...7...k....:...1.........}.x.....).Mn;
          C:\Users\user\Desktop\ZQIXMVQGAH\QCFWYSKMHA.jpg
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.82224311309867
          Encrypted:false
          SSDEEP:24:7OQx1tf8irg8y0FwtyHEF2A9x0hgLRN2JzbBxA7NN8laWPUhXJh:ftf8Ugb0qAEFnqgRN29bA7TG5P2XH
          MD5:387504F540DD4435FCEE29F9C4ACEBD6
          SHA1:8AA698CE47BAC450225EDC281646A58B5C3E1C9F
          SHA-256:119096B0C2D10C181593E08F6DE99D1BDE3FCA10A339D5D5652E4EAD6D5A4738
          SHA-512:AEA548F112FEC549747D8D239BFDA7D5F984933AA4FD92A10F55893080D456DF6A6771E5692B970D1F4DD951FBC8F7A18304CC628454AA15D53C31F6AE3ED0A7
          Malicious:false
          Preview: ....b..KYt..g....Q._.3...7nXp-...e[a....x.......d..a..........IK...J.........4....$......e.1...".;j.#T.....u.b3....t.....V..5...E...O.:....~~y..A.#W.....j..Z....dT?.q..O=)....G..p.@.......\.X.HY.V..e>+?...T..@uZ(...7cF$.`.t.LA.....x...../V".lP......J.....e.M....0g..v.-Jh.1!..Z2~x{;ae,..D>...z1.. ...&DUeR.6W...7..U.*...Uy.Z.0.]..UEx.A..6o.v...,.D..ff.Q....3F..#@...uE.`..|1F~..W.]..p~d..0.(?.W.[6T.ZC..(-.@?...&"....m..*.BR..3e.^>..H.jXo..e.r.;.....46...hO.Afl.\7......'.|#U.O/...p>=.m.r.Df.c.5z5.}.Bj..:5.......d^......n.C.^>..b1.Zz....R..4./.3.\...jn#..........5u..<.E...0.6..,..C.. V..1R\.{.Q6.=.-.X....WQ....B..../=.{....`././.!+m...&.%i. .....o.K.d@.......#.Bm.u...QD..\.6'0.....x,8.;.O.c..3...'....)..l....&.G.W.....&v...@W..........+*u..].....2....u..K..&.$"f.....H..=..!.*..6?....6.P.O...K.H...s.f3..3...@\.I...M^q_.....:..*F(...\b..s...n..T,..d?..&.qkH.H^...{....eQ?E.=[..f..Q...=.C.s........n[.E.UF..........2uQ.Si..\t.2.1."..^ .#wVy...
          C:\Users\user\Desktop\ZQIXMVQGAH\QNCYCDFIJJ.pdf
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.832603316028122
          Encrypted:false
          SSDEEP:24:FwYPAYvlfgoR8NnqzCYjivKmJd2U0sAGzqvXR9kvyL2PUhRdpO:FrAOgFxuCyiyMr0sAG0R+vHP2g
          MD5:DBC357380E3B0C4EC0F08F1E7B4022BC
          SHA1:D24DFE0C7CF3FE52BD4FCFF8C274C5CA472D8AC4
          SHA-256:648D34D0304B303B897C3C6FFED506125E45CFBA609FBEB1C04C5757D7268D0B
          SHA-512:3C74EB94BF4AFCA943133AF2116A2814CB3BB21D6527345CB8C9CD8F020884278A64F9DEABED5356AD7F55CB51A9C0AED82FECF5AE7F9F26C70773A0E911A536
          Malicious:false
          Preview: .....*.M)V]D.o....].f.`.m[.%.r>..=..Y......j]6..O..Xv.Q|t)......[5.+i.=.!?...5..` =h.h.R..]...<....w.....*fX.VL`...k.X..Rf.Vx..h..G. /Ol.._f.......Q.[5.U...E........_:C.h..j...&.m.`.8..:.bzB..J;.E........,.E...W.=?...8b.."...Vc..1...qdq!0d.[A....u..oRB.'9.^}l..}6..o...9M.......1M.X4....ZX2.d..-..c..B.....).....C..5H....}....l.{N6~&.S......C.\Qht.z..Lh6.t..R....\.....\>..1..I.....4.9......D^R..3.jSKt.m.... .g.J.."...M.y=..&.....c..g.7.C..I...U..:.^.a.g....q.......(....C.0.....@I.....[Q.]~)e.?|k.]...3a.O.....oo.%...|?a....].z.5...@.P._..$...d.d).fZ.$..P.]<g._.S....jC.....:>e.O..v....|.m..P.]..c..].}.V..I..3.N.4..O.."d..8...?G........t..s....)H.%.z.$..C...3h.4.l.[..........j...7. ..x..~G(.*....X.U....!Nt..R.....P.l. .#..MI.."...6P.l..JX...s..HO..4fn.%l..$..F.j.......$L/^.-x.Kz.?,uL.....B.?|CC{...M.N..`s......s.Q.nM ....eYF..-......q...gy..&..NVh..1..d..Y..=...S.k.]<x.......R.+xt.S..lv.k..Z<\Y...I._...C+...]l..hl.g..H|....bY.:..d....0....
          C:\Users\user\Desktop\ZQIXMVQGAH\SUAVTZKNFL.mp3
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.834153568684075
          Encrypted:false
          SSDEEP:24:f3+omLnHi2xuxAZBLjCBwR0A9NqQJb1gpuo9OegYGcpcJFoTIlG1iPUhHCMpM:foLC2TfrDVp1I4egYGGcX01iP2rM
          MD5:25887A1F31D88F75CEC3ECEF83C5B498
          SHA1:29B120B155B9439A7EBC55C9225D994ED06BCA6F
          SHA-256:8A0E6547B735B87B49195A8D277F6268A5EC61D047BD218A7F718F88A9C4B18B
          SHA-512:7ED053FD89819A38DA1716B34456E1E8EF3AC298308B531AE8B372DF6D5BCBFB546CF810B53394795D09E08CD78DFDA03ABDC2DE1ABD95DD5F4A439D169554CE
          Malicious:false
          Preview: ..E:...!.".NP..2z..z......5...3..K.De.<.......S...d..?.o...a.7..|U0.K..k..J.O....K.[k4td<..t..`D...7...z.x..".x...0......<...~./8z....)..#...>..H.K..o..~]H..U...lQtD......G.T:.......{0H..o..k.j?8i.4..nXTB.:..S.V.....(.8.O...,.<...A.'\.#.S...*..*y.{.@\.^.....a.u.../>Ll!f,.o SP..z..s...."{...q..D.?...z....dTO7Q.A>...#>W..D...S.w...4H.b.U..f.../...w.%.UQ.....?........:(.w..m.i.....qp.../.........9b.h.(B..1.`..D..2|...QaT9.J&J.._.)......43.A<9v:.Y..-.IP.6>.(4...HM....x...z/.*.....&...a9..i.....w=x....9.A....W.PG...c\.r...T....M.h.l..-a.S...34....n......o.....[....1..:.x.-.(..w ..$A.uP.%..C8.*...j.TJ.r.s...t..dOy5L1...hVX.m-.}vo........Ih.K;#P..k.....^..z./.m(...N...#..'E....S.*C.n.`..e.7+.x...?mO.".c\....{..............e.`.....].P.I...Hp.(>j..T.9L/.~.....D...;.b...l..&........H4_.vgC.?...(.._.RU..B-.K..P. ...e.d4.$.Q...Y.Y(.q.m ...WU.=.......pm...M.;......p.?..&!...%.....U|4....R..5Q./...9..I.......Q.?..:.3Qb'p. ./7..}...m..{.Xz<..sK.A..'0
          C:\Users\user\Desktop\ZQIXMVQGAH\ZQIXMVQGAH.docx
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8418945423489514
          Encrypted:false
          SSDEEP:24:6kF9NeCWIZvxctPWZxh7xfAlA7gEWGaSdlUmJfEYh1WmyMO+RfXM8g4PPUhMi:Fj9ZvwWZxfJgEWGaSdldJsYh1ly2Rf8V
          MD5:271F111E5C7419B2064C8E368A9A384B
          SHA1:4133B35CD8C6F071568173C2A3C3957A820E762C
          SHA-256:1B38F5CF2A1AAB0DAAA0C21C917ACAC45E87530E4D8BD2DCC67B31C247B77B97
          SHA-512:E0E5EB3984CCAE96EB0A62A9C986CEEF6BF1ED253DD1522111186F2198B3DAE249190E56EA4E302ED6828DF15BFDA15B10CD15AAC8DDBB7581DF8D50A6D3A8E6
          Malicious:false
          Preview: ...U.+..I.....F5=.s...am....B.V#.Z.....aud.......:..vc..^.]..s....e.....4.).}>=.YU.u...y.V...q.n.0.-f.}N...j0I0q..nl_... o..E...........K.$.4..No...e.....),....s]...Ip.z.6.|.....,C.m"..=.........FwK...'%....m.b.gwI........l .+.*.H.>..P}...n......O........CuP'..s....9...k..z..;......_.............[....P....=....)R.....4..hf....hY.j..ioG..U...........&.....bcEI...F....sr.`.4.(g.....>.....$.?..%(..B..I....S...}..\B.~...TV5....g...0."jD...y....u.....8....".v...%)$5I.Y;.hY.....sB..w..PA.?..Gn... M+......[..~....../==.:;......$.......@z..,?.)...T_=Jg-m#.n.E.?4&.u..e.D.P..6.pP.UF..W..].t..W.9..Q.....a...P....W......%....Sf..=..>...t..R.^w#..B.).....8$S.jhfP..61. .Jj.Ik.J.c2..Q.D....<.JYu.}H-B...........?.C.`F..'...rS..M./T.f..;...%.........R..?.!V..^....gM...[..U....KTX.....#.......6./.Y........gN..?.L......mZ...6.aV.U.:..dw...O+}.x.$...TY........?.d.....f?]D..f.D.g.A:?..Fx].^g....7k.'...]6.x,s.YI_..n..S.._.M...;w.G..L........QD.l....B&.XqDu.V
          C:\Users\user\Documents\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Documents\BNAGMGSPLO\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.
          C:\Users\user\Documents\CZQKSDDMWR\3pp6h54-readme.txt
          Process:C:\Users\user\Desktop\gVz4ueFL8n.exe
          File Type:data
          Category:dropped
          Size (bytes):6948
          Entropy (8bit):3.871693032483107
          Encrypted:false
          SSDEEP:96:GL5iNsgqxU3TPXWKain8tuw57fc/crXbyUMKwpo/Inifd9PrR5u:GL5I3jXWKX83lfcUHyUMsAninDW
          MD5:C000E482AD266E33CDE8467875A21772
          SHA1:09334CBE426B6EF9ACFECB3E1043DBE0F95DDC5B
          SHA-256:C8CC8B8620275CD6820A92C0AD6CDEBF717DE531E14669758FAA487EE9397FCC
          SHA-512:854743420E8B26B6C87FF38D2D518949BADEA4EEA703DB0FAAE040F2E7E743C7AD3C32674C5DE622A3A4B9713CC40BA5698A19930A32534B621BA0D1F6CEA398
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .3.p.p.6.h.5.4.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.o.d.y.

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):6.592364626667132
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:gVz4ueFL8n.exe
          File size:120832
          MD5:0e285f30f30dedd812295d2408f4b84c
          SHA1:24e8a7a0b9fdf929e6cc4b52b0470bf4f7b6f244
          SHA256:d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95
          SHA512:0e89d41a5bd1389d74e661e8f9d3efedff589c2e64f444971e349436a9b6f191f0a0d6017a1e7c28d33be382600b08d00f9496ebdfcf839943d559d1a10a8503
          SSDEEP:1536:ac79OtHXciw8MfMNQulioPIKNpVO6OICS4AziU/U/F20rg8sNlQoaA:EXCSK4IKvXhiU/+F20EVlQTA
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(\..F...F...F...C...F...E...F...B...F.|w....F.|w....F...G...F.|w....F.6.B...F.6.D...F.Rich..F.........PE..L....%._...........

          File Icon

          Icon Hash:00828e8e8686b000

          Static PE Info

          General

          Entrypoint:0x404414
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE
          Time Stamp:0x5FAF25E1 [Sat Nov 14 00:33:37 2020 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:1
          File Version Major:5
          File Version Minor:1
          Subsystem Version Major:5
          Subsystem Version Minor:1
          Import Hash:3eff7b78fa879bdd7bc10b8b899e0ab3

          Entrypoint Preview

          Instruction
          push 00000000h
          call 00007F0180945147h
          push 00000000h
          call 00007F0180945A4Ah
          pop ecx
          ret
          push ebp
          mov ebp, esp
          sub esp, 2Ch
          lea eax, dword ptr [ebp-2Ch]
          push esi
          push eax
          push 00000018h
          pop esi
          push esi
          push dword ptr [ebp+08h]
          call dword ptr [00411244h]
          test eax, eax
          je 00007F0180945376h
          mov eax, dword ptr [ebp-1Ah]
          imul eax, dword ptr [ebp-1Ch]
          push ebx
          push edi
          xor edi, edi
          inc edi
          movzx eax, ax
          cmp ax, di
          jne 00007F01809451E6h
          mov ebx, edi
          jmp 00007F0180945208h
          push 00000004h
          pop ebx
          cmp ax, bx
          jbe 00007F0180945200h
          push 00000008h
          pop ebx
          cmp ax, bx
          jbe 00007F01809451F8h
          push 00000010h
          pop ebx
          cmp ax, bx
          jbe 00007F01809451F0h
          cmp ax, si
          jnbe 00007F01809451E8h
          mov ebx, esi
          push 00000028h
          jmp 00007F01809451F3h
          push 00000020h
          pop ebx
          mov eax, edi
          mov cl, bl
          shl eax, cl
          lea eax, dword ptr [00000028h+eax*4]
          push eax
          push 00000040h
          call dword ptr [00411280h]
          mov esi, eax
          push 00000018h
          mov dword ptr [esi], 00000028h
          mov eax, dword ptr [ebp-28h]
          mov dword ptr [esi+04h], eax
          mov eax, dword ptr [ebp-24h]
          mov dword ptr [esi+08h], eax
          mov ax, word ptr [ebp-1Ch]
          mov word ptr [esi+0Ch], ax
          mov ax, word ptr [ebp-1Ah]
          mov word ptr [esi+0Eh], ax
          pop eax
          cmp bx, ax
          jnc 00007F01809451E9h
          mov cl, bl
          shl edi, cl
          mov dword ptr [esi+20h], edi
          mov eax, dword ptr [esi+04h]
          xor edi, edi
          add eax, 07h
          movzx ecx, bx
          cdq
          and edx, 07h
          mov dword ptr [esi+00h], edi

          Rich Headers

          Programming Language:
          • [LNK] VS2015 UPD3.1 build 24215
          • [ C ] VS2015 UPD3.1 build 24215

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xfbd80x3c.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000x6c8.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xd0000x30.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000xb6a40xb800False0.57470703125data6.55398000813IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0xd0000x2cd40x2e00False0.667629076087data7.79698802019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x100000x23180x1e00False0.91796875data7.62577900558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .axh0x130000xc8000xc800False0.57021484375data5.50276054743IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .reloc0x200000x6c80x800False0.75146484375data6.10110704434IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Imports

          DLLImport
          KERNEL32.dlllstrlenW, SetErrorMode, VerSetConditionMask, CloseHandle, GetExitCodeProcess, VerifyVersionInfoW, lstrcmpA
          OLEAUT32.dllVariantClear, VariantInit

          Network Behavior

          No network behavior found

          Code Manipulations

          Statistics

          Behavior

          Click to jump to process

          System Behavior

          Analysis Process: gVz4ueFL8n.exe PID: 5916 Parent PID: 5632

          General

          Start time:02:44:57
          Start date:22/11/2020
          Path:C:\Users\user\Desktop\gVz4ueFL8n.exe
          Wow64 process (32bit):true
          Commandline:'C:\Users\user\Desktop\gVz4ueFL8n.exe'
          Imagebase:0xdc0000
          File size:120832 bytes
          MD5 hash:0E285F30F30DEDD812295D2408F4B84C
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.202573050.00000000031CF000.00000004.00000040.sdmp, Author: Joe Security
          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.202518189.00000000031CF000.00000004.00000040.sdmp, Author: Joe Security
          • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000000.00000002.421931885.0000000000DC1000.00000020.00020000.sdmp, Author: Florian Roth
          • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000000.00000000.202262320.0000000000DC1000.00000020.00020000.sdmp, Author: Florian Roth
          Reputation:low

          Analysis Process: unsecapp.exe PID: 5364 Parent PID: 792

          General

          Start time:02:46:19
          Start date:22/11/2020
          Path:C:\Windows\System32\wbem\unsecapp.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\wbem\unsecapp.exe -Embedding
          Imagebase:0x7ff705c00000
          File size:48640 bytes
          MD5 hash:9CBD3EC8D9E4F8CE54258B0573C66BEB
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate

          Disassembly

          Code Analysis

          Reset < >