Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Sample_5fba9b06c7da400016eb6275.exe

Overview

General Information

Sample Name:Sample_5fba9b06c7da400016eb6275.exe
Analysis ID:326335
MD5:0e285f30f30dedd812295d2408f4b84c
SHA1:24e8a7a0b9fdf929e6cc4b52b0470bf4f7b6f244
SHA256:d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95

Most interesting Screenshot:

Detection

Sodinokibi
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Found ransom note / readme
Multi AV Scanner detection for submitted file
Yara detected Sodinokibi Ransomware
Contains functionality to detect sleep reduction / modifications
Found Tor onion address
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to delete services
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • unsecapp.exe (PID: 5772 cmdline: C:\Windows\system32\wbem\unsecapp.exe -Embedding MD5: 9CBD3EC8D9E4F8CE54258B0573C66BEB)
  • cleanup

Malware Configuration

Threatname: Sodinokibi

{"prc": ["firefox", "oracle", "visio", "xfssvccon", "steam", "winword", "mspub", "isqlplussvc", "ocssd", "ocautoupds", "mydesktopqos", "outlook", "dbeng50", "sql", "agntsvc", "tbirdconfig", "encsvc", "thebat", "synctime", "onenote", "mydesktopservice", "thunderbird", "excel", "powerpnt", "dbsnmp", "sqbcoreservice", "ocomm", "infopath", "wordpad", "msaccess"], "sub": "5891", "svc": ["veeam", "vss", "backup", "sophos", "svc$", "mepocs", "memtas", "sql"], "wht": {"ext": ["msc", "mpa", "hta", "ani", "themepack", "com", "ps1", "icl", "dll", "ldf", "ocx", "lnk", "theme", "nls", "386", "cmd", "wpx", "diagcfg", "cur", "prf", "ico", "nomedia", "sys", "bat", "exe", "deskthemepack", "spl", "shs", "hlp", "rtp", "msp", "scr", "ics", "key", "msstyles", "mod", "cab", "diagcab", "adv", "rom", "drv", "bin", "msi", "idx", "cpl", "diagpkg", "msu", "icns", "lock"], "fls": ["boot.ini", "bootsect.bak", "bootfont.bin", "ntuser.ini", "iconcache.db", "ntuser.dat.log", "desktop.ini", "autorun.inf", "thumbs.db", "ntuser.dat", "ntldr"], "fld": ["system volume information", "program files (x86)", "mozilla", "application data", "windows.old", "msocache", "appdata", "$recycle.bin", "$windows.~ws", "program files", "windows", "programdata", "google", "tor browser", "perflogs", "boot", "intel", "$windows.~bt"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "dmn": "notmissingout.com;employeesurveys.com;delchacay.com.ar;sw1m.ru;sofavietxinh.com;samnewbyjax.com;pawsuppetlovers.com;panelsandwichmadrid.es;frontierweldingllc.com;antenanavi.com;nokesvilledentistry.com;partnertaxi.sk;tomaso.gr;levihotelspa.fi;myhealth.net.au;midmohandyman.com;kirkepartner.dk;zewatchers.com;lapmangfpt.info.vn;purposeadvisorsolutions.com;fitnessbazaar.com;brigitte-erler.com;lescomtesdemean.be;supportsumba.nl;deltacleta.cat;mastertechusering.com;dontpassthepepper.com;apprendrelaudit.com;whittier5k.com;ladelirante.fr;mariposapropaneaz.com;nsec.se;shsthepapercut.com;adoptioperheet.fi;labobit.it;retroearthstudio.com;ahouseforlease.com;greenfieldoptimaldentalcare.com;renergysolution.com;xtptrack.com;sandd.nl;euro-trend.pl;christ-michael.net;bigasgrup.com;plv.media;wacochamber.com;jyzdesign.com;facettenreich27.de;echtveilig.nl;mbxvii.com;igfap.com;noskierrenteria.com;strategicstatements.com;itelagen.com;burkert-ideenreich.de;cleliaekiko.online;baronloan.org;slwgs.org;wolf-glas-und-kunst.de;hardinggroup.com;mousepad-direkt.de;4youbeautysalon.com;suncrestcabinets.ca;zzyjtsgls.com;commercialboatbuilding.com;stemenstilte.nl;maasreusel.nl;bloggyboulga.net;vitavia.lt;skanah.com;autodujos.lt;leoben.at;filmstreamingvfcomplet.be;mediaplayertest.net;travelffeine.com;ungsvenskarna.se;securityfmm.com;rushhourappliances.com;ziegler-praezisionsteile.de;drinkseed.com;live-your-life.jp;deko4you.at;comarenterprises.com;despedidascostablanca.es;lebellevue.fr;schraven.de;daklesa.de;musictreehouse.net;imadarchid.com;karacaoglu.nl;oneheartwarriors.at;cheminpsy.fr;dr-seleznev.com;ilcdover.com;baptisttabernacle.com;malychanieruchomoscipremium.com;tennisclubetten.nl;bigbaguettes.eu;pcprofessor.com;pcp-nc.com;berliner-versicherungsvergleich.de;bouldercafe-wuppertal.de;rafaut.com;c-a.co.in;modamilyon.com;financescorecard.com;darnallwellbeing.org.uk;houseofplus.com;urist-bogatyr.ru;parkcf.nl;maratonaclubedeportugal.com;launchhubl.com;anteniti.com;mirjamholleman.nl;faizanullah.com;gantungankunciakrilikbandung.com;blgr.be;sachnendoc.com;smejump.co.th;minipara.com;lefumetdesdombes.com;arteservicefabbro.com;thee.network;walter-lemm.de;adultgamezone.com;dubscollective.com;tongdaifpthaiphong.net;todocaracoles.com;girlillamarketing.com;abl1.net;pinkexcel.com;smartypractice.com;ravensnesthomegoods.com;unim.su;deepsouthclothingcompany.com;leather-factory.co.jp;romeguidedvisit.com;leeuwardenstudentcity.nl;mymoneyforex.com;levdittliv.se;vihannesporssi.fi;bildungsunderlebnis.haus;abogados-en-alicante.es;nurturingwisdom.com;naturalrapids.com;micahkoleoso.de;tux-espacios.com;manifestinglab.com;effortlesspromo.com;boosthybrid.com.au;huesges-gruppe.de;kikedeoliveira.com;simpkinsedwards.co.uk;synlab.lt;expandet.dk;acomprarseguidores.com;yourobgyn.net;kariokids.com;x-ray.ca;serce.info.pl;run4study.com;seagatesthreecharters.com;dr-tremel-rednitzhembach.de;kath-kirche-gera.de;peterstrobos.com;liikelataamo.fi;littlebird.salon;kevinjodea.com;morawe-krueger.de;ilive.lt;iwelt.de;ai-spt.jp;gemeentehetkompas.nl;foryourhealth.live;koken-voor-baby.nl;d2marketing.co.uk;seproc.hn;porno-gringo.com;geoffreymeuli.com;camsadviser.com;garage-lecompte-rouen.fr;mdacares.com;andersongilmour.co.uk;havecamerawilltravel2017.wordpress.com;kedak.de;uranus.nl;tandartspraktijkheesch.nl;kojima-shihou.com;pomodori-pizzeria.de;advizewealth.com;blog.solutionsarchitect.guru;nandistribution.nl;desert-trails.com;celeclub.org;bouncingbonanza.com;toponlinecasinosuk.co.uk;revezlimage.com;modestmanagement.com;stoeferlehalle.de;pointos.com;wurmpower.at;marcuswhitten.site;1team.es;abitur-undwieweiter.de;hihaho.com;brawnmediany.com;coding-marking.com;paradicepacks.com;ymca-cw.org.uk;mdk-mediadesign.de;latestmodsapks.com;danskretursystem.dk;highimpactoutdoors.net;waynela.com;ki-lowroermond.nl;puertamatic.es;tulsawaterheaterinstallation.com;aarvorg.com;visiativ-industry.fr;systemate.dk;calxplus.eu;profectis.de;dsl-ip.de;fax-payday-loans.com;otsu-bon.com;iviaggisonciliegie.it;ontrailsandboulevards.com;spacecitysisters.org;odiclinic.org;zweerscreatives.nl;entopic.com;alysonhoward.com;8449nohate.org;sporthamper.com;schmalhorst.de;hvccfloorcare.com;danubecloud.com;gastsicht.de;corendonhotels.com;solinegraphic.com;kissit.ca;thewellnessmimi.com;presseclub-magdeburg.de;marietteaernoudts.nl;ncid.bc.ca;myhostcloud.com;commonground-stories.com;darrenkeslerministries.com;forskolorna.org;personalenhancementcenter.com;drinkseed.com;olejack.ru;projetlyonturin.fr;webcodingstudio.com;antonmack.de;ausbeverage.com.au;marketingsulweb.com;xltyu.com;syndikat-asphaltfieber.de;jsfg.com;ikads.org;i-arslan.de;figura.team;themadbotter.com;international-sound-awards.com;rebeccarisher.com;nicoleaeschbachorg.wordpress.com;parkstreetauto.net;helenekowalsky.com;bristolaeroclub.co.uk;csgospeltips.se;rerekatu.com;blood-sports.net;spsshomeworkhelp.com;plotlinecreative.com;hhcourier.com;birnam-wood.com;zflas.com;love30-chanko.com;sportverein-tambach.de;funjose.org.gt;oncarrot.com;cursoporcelanatoliquido.online;yamalevents.com;bimnapratica.com;schlafsack-test.net;jenniferandersonwriter.com;id-et-d.fr;satyayoga.de;ecopro-kanto.com;xn--fnsterputssollentuna-39b.se;vyhino-zhulebino-24.ru;spectrmash.ru;maineemploymentlawyerblog.com;cnoia.org;turkcaparbariatrics.com;zimmerei-fl.de;nijaplay.com;montrium.com;lecantou-coworking.com;fitnessingbyjessica.com;copystar.co.uk;igrealestate.com;groupe-frayssinet.fr;creamery201.com;mrtour.site;jusibe.com;mank.de;sportsmassoren.com;austinlchurch.com;dekkinngay.com;35-40konkatsu.net;stacyloeb.com;hkr-reise.de;diversiapsicologia.es;norovirus-ratgeber.de;mercantedifiori.com;kmbshipping.co.uk;brevitempore.net;psnacademy.in;2ekeus.nl;praxis-foerderdiagnostik.de;devstyle.org;tanzschule-kieber.de;layrshift.eu;homng.net;insigniapmg.com;mapawood.com;zenderthelender.com;smogathon.com;dramagickcom.wordpress.com;tanciu.com;clos-galant.com;connectedace.com;wasmachtmeinfonds.at;tips.technology;atozdistribution.co.uk;thefixhut.com;harpershologram.wordpress.com;kafu.ch;bodyfulls.com;daniel-akermann-architektur-und-planung.ch;123vrachi.ru;lange.host;kingfamily.construction;petnest.ir;rota-installations.co.uk;caffeinternet.it;brandl-blumen.de;ralister.co.uk;oceanastudios.com;hugoversichert.de;xn--rumung-bua.online;cityorchardhtx.com;extensionmaison.info;real-estate-experts.com;wmiadmin.com;abogadoengijon.es;verytycs.com;southeasternacademyofprosthodontics.org;jbbjw.com;bxdf.info;pt-arnold.de;xn--singlebrsen-vergleich-nec.com;mir-na-iznanku.com;mindpackstudios.com;linnankellari.fi;web.ion.ag;stupbratt.no;aurum-juweliere.de;roadwarrior.app;crowd-patch.co.uk;jadwalbolanet.info;dlc.berlin;wari.com.pe;fairfriends18.de;femxarxa.cat;thedad.com;bhwlawfirm.com;muamuadolls.com;resortmtn.com;sexandfessenjoon.wordpress.com;tanzprojekt.com;epwritescom.wordpress.com;div-vertriebsforschung.de;hypozentrum.com;www1.proresult.no;drnice.de;ecpmedia.vn;aco-media.nl;lusak.at;chavesdoareeiro.com;zonamovie21.net;tinyagency.com;parking.netgateway.eu;miraclediet.fun;oldschoolfun.net;smhydro.com.pl;mirkoreisser.de;starsarecircular.org;modelmaking.nl;corelifenutrition.com;raschlosser.de;greenko.pl;kaotikkustomz.com;paulisdogshop.de;craigvalentineacademy.com;catholicmusicfest.com;sarbatkhalsafoundation.org;mikeramirezcpa.com;eglectonk.online;simulatebrain.com;allamatberedare.se;lascuola.nl;zso-mannheim.de;kindersitze-vergleich.de;baumkuchenexpo.jp;vermoote.de;freie-gewerkschaften.de;cactusthebrand.com;iwelt.de;1kbk.com.ua;mytechnoway.com;polzine.net;xn--thucmctc-13a1357egba.com;krcove-zily.eu;bodyforwife.com;sauschneider.info;woodworkersolution.com;admos-gleitlager.de;stingraybeach.com;body-guards.it;hotelzentral.at;compliancesolutionsstrategies.com;gopackapp.com;dutchbrewingcoffee.com;intecwi.com;nvwoodwerks.com;reddysbakery.com;directwindowco.com;liveottelut.com;citymax-cr.com;waveneyrivercentre.co.uk;kunze-immobilien.de;yousay.site;rocketccw.com;troegs.com;jiloc.com;friendsandbrgrs.com;castillobalduz.es;basisschooldezonnewijzer.nl;hrabritelefon.hr;calabasasdigest.com;fatfreezingmachines.com;berlin-bamboo-bikes.org;controldekk.com;xlarge.at;conexa4papers.trade;yassir.pro;bierensgebakkramen.nl;asiluxury.com;conasmanagement.de;joyeriaorindia.com;tetinfo.in;the-domain-trader.com;servicegsm.net;firstpaymentservices.com;gasolspecialisten.se;jvanvlietdichter.nl;takeflat.com;freie-baugutachterpraxis.de;huissier-creteil.com;scenepublique.net;atmos-show.com;interactcenter.org;lloydconstruction.com;bestbet.com;hotelsolbh.com.br;healthyyworkout.com;hoteledenpadova.it;bockamp.com;quizzingbee.com;thedresserie.com;plastidip.com.ar;devlaur.com;kojinsaisei.info;zervicethai.co.th;newyou.at;myzk.site;siluet-decor.ru;sabel-bf.com;poultrypartners.nl;boisehosting.net;socstrp.org;actecfoundation.org;offroadbeasts.com;aunexis.ch;stormwall.se;nativeformulas.com;jolly-events.com;luckypatcher-apkz.com;centromarysalud.com;mylovelybluesky.com;cranleighscoutgroup.org;radaradvies.nl;fotoscondron.com;sloverse.com;theshungiteexperience.com.au;onlyresultsmarketing.com;bowengroup.com.au;artallnightdc.com;space.ua;gratispresent.se;sevenadvertising.com;bingonearme.org;carrybrands.nl;12starhd.online;transliminaltribe.wordpress.com;tigsltd.com;esope-formation.fr;global-kids.info;xoabigail.com;milestoneshows.com;balticdentists.com;pogypneu.sk;elimchan.com;vloeren-nu.nl;pmcimpact.com;westdeptfordbuyrite.com;charlesreger.com;narcert.com;argos.wityu.fund;outcomeisincome.com;appsformacpc.com;importardechina.info;alten-mebel63.ru;thailandholic.com;ra-staudte.de;henricekupper.com;twohourswithlena.wordpress.com;nachhilfe-unterricht.com;koko-nora.dk;dinslips.se;longislandelderlaw.com;digivod.de;woodleyacademy.org;knowledgemuseumbd.com;hairnetty.wordpress.com;memaag.com;richard-felix.co.uk;edv-live.de;kamahouse.net;truenyc.co;fizzl.ru;shiresresidential.com;proudground.org;carriagehousesalonvt.com;fibrofolliculoma.info;drugdevice.org;kaliber.co.jp;sagadc.com;collaborativeclassroom.org;mmgdouai.fr;quickyfunds.com;waermetauscher-berechnen.de;asgestion.com;praxis-management-plus.de;i-trust.dk;sobreholanda.com;phantastyk.com;beaconhealthsystem.org;moveonnews.com;spargel-kochen.de;portoesdofarrobo.com;nataschawessels.com;jorgobe.at;dubnew.com;art2gointerieurprojecten.nl;glennroberts.co.nz;licor43.de;hellohope.com;coastalbridgeadvisors.com;seevilla-dr-sturm.at;kenhnoithatgo.com;talentwunder.com;flexicloud.hk;lubetkinmediacompanies.com;promesapuertorico.com;anybookreader.de;operaslovakia.sk;krlosdavid.com;slupetzky.at;argenblogs.com.ar;remcakram.com;gadgetedges.com;vannesteconstruct.be;iwelt.de;humanityplus.org;patrickfoundation.net;lykkeliv.net;hexcreatives.co;punchbaby.com;socialonemedia.com;vickiegrayimages.com;greenpark.ch;alvinschwartz.wordpress.com;danholzmann.com;pelorus.group;rksbusiness.com;dw-css.de;theclubms.com;rieed.de;antiaginghealthbenefits.com;baylegacy.com;autodemontagenijmegen.nl;boompinoy.com;cite4me.org;pickanose.com;meusharklinithome.wordpress.com;huehnerauge-entfernen.de;summitmarketingstrategies.com;perbudget.com;gmto.fr;physiofischer.de;chefdays.de;roygolden.com;vorotauu.ru;agence-chocolat-noir.com;ulyssemarketing.com;tophumanservicescourses.com;vibehouse.rw;airconditioning-waalwijk.nl;carolinepenn.com;sweering.fr;igorbarbosa.com;marchand-sloboda.com;hairstylesnow.site;creative-waves.co.uk;thaysa.com;kostenlose-webcams.com;spylista.com;amylendscrestview.com;allfortheloveofyou.com;kaminscy.com;deprobatehelp.com;ditog.fr;rostoncastings.co.uk;naturstein-hotte.de;backstreetpub.com;celularity.com;tonelektro.nl;caribbeansunpoker.com;merzi.info;solhaug.tk;mirjamholleman.nl;whyinterestingly.ru;htchorst.nl;restaurantesszimmer.de;devok.info;consultaractadenacimiento.com;innote.fi;senson.fi;cwsitservices.co.uk;tandartspraktijkhartjegroningen.nl;mbfagency.com;thomasvicino.com;filmvideoweb.com;michaelsmeriglioracing.com;artotelamsterdam.com;pubweb.carnet.hr;philippedebroca.com;lynsayshepherd.co.uk;all-turtles.com;hokagestore.com;eadsmurraypugh.com;theletter.company;pridoxmaterieel.nl;buroludo.nl;trapiantofue.it;christinarebuffetcourses.com;ilso.net;selfoutlet.com;chaotrang.com;jameskibbie.com;alhashem.net;insidegarage.pl;the-virtualizer.com;fotoideaymedia.es;craigmccabe.fun;saxtec.com;opatrovanie-ako.sk;lbcframingelectrical.com;testzandbakmetmening.online;cuspdental.com;rosavalamedahr.com;behavioralmedicinespecialists.com;joseconstela.com;helikoptervluchtnewyork.nl;coursio.com;hashkasolutindo.com;baustb.de;parebrise-tla.fr;ouryoungminds.wordpress.com;dutchcoder.nl;bundabergeyeclinic.com.au;smart-light.co.uk;simpliza.com;ceid.info.tr;4net.guru;americafirstcommittee.org;ncs-graphic-studio.com;myteamgenius.com;ianaswanson.com;lightair.com;planchaavapor.net;crosspointefellowship.church;maxadams.london;humancondition.com;rimborsobancario.net;navyfederalautooverseas.com;jasonbaileystudio.com;new.devon.gov.uk;theadventureedge.com;tecnojobsnet.com;globedivers.wordpress.com;mezhdu-delom.ru;pivoineetc.fr;quemargrasa.net;xn--logopdie-leverkusen-kwb.de;dareckleyministries.com;gporf.fr;judithjansen.com;augenta.com;stoneys.ch;accountancywijchen.nl;better.town;smalltownideamill.wordpress.com;amerikansktgodis.se;gasbarre.com;architecturalfiberglass.org;kao.at;asteriag.com;evergreen-fishing.com;notsilentmd.org;kamienny-dywan24.pl;ussmontanacommittee.us;mountsoul.de;lachofikschiet.nl;xn--vrftet-pua.biz;heidelbergartstudio.gallery;waywithwords.net;galleryartfair.com;stopilhan.com;victoriousfestival.co.uk;instatron.net;chandlerpd.com;blacksirius.de;surespark.org.uk;almosthomedogrescue.dog;bafuncs.org;fannmedias.com;penco.ie;people-biz.com;lukeshepley.wordpress.com;pferdebiester.de;d1franchise.com;mepavex.nl;happyeasterimages.org;ecoledansemulhouse.fr;exenberger.at;slimani.net;imperfectstore.com;oslomf.no;schmalhorst.de;smithmediastrategies.com;nacktfalter.de;hatech.io;klusbeter.nl;videomarketing.pro;madinblack.com;mediaacademy-iraq.org;destinationclients.fr;torgbodenbollnas.se;farhaani.com;boulderwelt-muenchen-west.de;nosuchthingasgovernment.com;wellplast.se;harveybp.com;psa-sec.de;schoolofpassivewealth.com;transportesycementoshidalgo.es;jerling.de;craftleathermnl.com;bsaship.com;wychowanieprzedszkolne.pl;abogadosadomicilio.es;streamerzradio1.site;pv-design.de;johnsonfamilyfarmblog.wordpress.com;delawarecorporatelaw.com;herbayupro.com;irishmachineryauctions.com;macabaneaupaysflechois.com;milsing.hr;pasivect.co.uk;walkingdeadnj.com;sportiomsportfondsen.nl;durganews.com;oemands.dk;maureenbreezedancetheater.org;otto-bollmann.de;lillegrandpalais.com;dirittosanitario.biz;naturavetal.hr;monark.com;theapifactory.com;sairaku.net;marathonerpaolo.com;abogadosaccidentetraficosevilla.es;ogdenvision.com;thenewrejuveme.com;mooshine.com;dr-pipi.de;stallbyggen.se;handi-jack-llc.com;babcockchurch.org;jacquin-maquettes.com;shonacox.com;siliconbeach-realestate.com;qlog.de;blumenhof-wegleitner.at;katketytaanet.fi;worldhealthbasicinfo.com;trackyourconstruction.com;centrospgolega.com;centuryrs.com;bayoga.co.uk;theduke.de;solerluethi-allart.ch;strandcampingdoonbeg.com;caribdoctor.org;liliesandbeauties.org;cortec-neuro.com;kadesignandbuild.co.uk;advokathuset.dk;bouquet-de-roses.com;noesis.tech;denifl-consulting.at;vanswigchemdesign.com;uimaan.fi;dpo-as-a-service.com;iqbalscientific.com;tomoiyuma.com;sahalstore.com;sotsioloogia.ee;nmiec.com;zimmerei-deboer.de;katiekerr.co.uk;nuzech.com;corona-handles.com;crowcanyon.com;bbsmobler.se;allure-cosmetics.at;jobcenterkenya.com;edgewoodestates.org;id-vet.com;steampluscarpetandfloors.com;microcirc.net;ostheimer.at;colorofhorses.com;eco-southafrica.com;hebkft.hu;bookspeopleplaces.com;ino-professional.ru;alfa-stroy72.com;mank.de;cafemattmeera.com;associationanalytics.com;edrcreditservices.nl;dezatec.es;blewback.com;allentownpapershow.com;bastutunnan.se;comparatif-lave-linge.fr;mirjamholleman.nl;bogdanpeptine.ro;kosterra.com;tsklogistik.eu;erstatningsadvokaterne.dk;chrissieperry.com;wraithco.com;idemblogs.com;homesdollar.com;completeweddingkansas.com;gymnasedumanagement.com;executiveairllc.com;haar-spange.com;mrxermon.de;skiltogprint.no;candyhouseusa.com;aprepol.com;eaglemeetstiger.de;sanyue119.com;kuntokeskusrok.fi;charlottepoudroux-photographie.fr;classycurtainsltd.co.uk;denovofoodsgroup.com;kidbucketlist.com.au;stoeberstuuv.de;faronics.com;atalent.fi;mrsfieldskc.com;fensterbau-ziegler.de;ruralarcoiris.com;heliomotion.com;besttechie.com;321play.com.hk;apolomarcas.com;biapi-coaching.fr;sojamindbody.com;pocket-opera.de;bradynursery.com;loprus.pl;plantag.de;thomas-hospital.de;ftf.or.at;insp.bi;groupe-cets.com;tarotdeseidel.com;c2e-poitiers.com;tenacitytenfold.com;pay4essays.net;rehabilitationcentersinhouston.net;shiftinspiration.com;gaiam.nl;jobmap.at;buymedical.biz;bargningavesta.se;aakritpatel.com;lucidinvestbank.com;nakupunafoundation.org;dushka.ua;fayrecreations.com;alsace-first.com;answerstest.ru;lmtprovisions.com;bordercollie-nim.nl;foretprivee.ca;norpol-yachting.com;naswrrg.org;slashdb.com;webhostingsrbija.rs;evologic-technologies.com;polychromelabs.com;precisionbevel.com;hannah-fink.de;prochain-voyage.net;milltimber.aberdeen.sch.uk;mylolis.com;DupontSellsHomes.com;tampaallen.com;piajeppesen.dk;kampotpepper.gives;limassoldriving.com;finde-deine-marke.de;danielblum.info;cirugiauretra.es;dnepr-beskid.com.ua;101gowrie.com;officehymy.com;courteney-cox.net;vetapharma.fr;lichencafe.com;broseller.com;fiscalsort.com;rhinosfootballacademy.com;campus2day.de;mooreslawngarden.com;sipstroysochi.ru;crediacces.com;platformier.com;ampisolabergeggi.it;justinvieira.com;spd-ehningen.de;anthonystreetrimming.com;micro-automation.de;pier40forall.org;agence-referencement-naturel-geneve.net;forestlakeuca.org.au;coding-machine.com;imaginado.de;falcou.fr;ateliergamila.com;homecomingstudio.com;elpa.se;vitalyscenter.es;bricotienda.com;aniblinova.wordpress.com;ihr-news.jp;aminaboutique247.com;xn--fn-kka.no;veybachcenter.de;ccpbroadband.com;geisterradler.de;urmasiimariiuniri.ro;easytrans.com.au;pasvenska.se;lapinvihreat.fi;lionware.de;botanicinnovations.com;leda-ukraine.com.ua;tradiematepro.com.au;vdberg-autoimport.nl;neuschelectrical.co.za;seminoc.com;vibethink.net;iyahayki.nl;grelot-home.com;iphoneszervizbudapest.hu;y-archive.com;sla-paris.com;parks-nuernberg.de;newstap.com.ng;jakekozmor.com;tinkoff-mobayl.ru;ledmes.ru;teresianmedia.org;rozemondcoaching.nl;bigler-hrconsulting.ch;irinaverwer.com;wien-mitte.co.at;symphonyenvironmental.com;body-armour.online;lenreactiv-shop.ru;aodaichandung.com;educar.org;seitzdruck.com;eraorastudio.com;iyengaryogacharlotte.com;triactis.com;vesinhnha.com.vn;osterberg.fi;cuppacap.com;ausair.com.au;cursosgratuitosnainternet.com;aglend.com.au;izzi360.com;miriamgrimm.de;readberserk.com;abuelos.com;analiticapublica.es;corola.es;psc.de;architekturbuero-wagner.net;coffreo.biz;stampagrafica.es;sanaia.com;manutouchmassage.com;tastewilliamsburg.com;braffinjurylawfirm.com;spinheal.ru;deoudedorpskernnoordwijk.nl;klimt2012.info;galserwis.pl;pixelarttees.com;testcoreprohealthuk.com;edelman.jp;unetica.fr;hiddencitysecrets.com.au;grupocarvalhoerodrigues.com.br;qualitus.com;smessier.com;sinal.org;familypark40.com;degroenetunnel.com;croftprecision.co.uk;jeanlouissibomana.com;teknoz.net;embracinghiscall.com;evangelische-pfarrgemeinde-tuniberg.de;shhealthlaw.com;ivivo.es;faroairporttransfers.net;werkkring.nl;villa-marrakesch.de;nestor-swiss.ch;associacioesportivapolitg.cat;makeitcount.at;fransespiegels.nl;work2live.de;beyondmarcomdotcom.wordpress.com;drfoyle.com;promalaga.es;upmrkt.co;herbstfeststaefa.ch;ligiercenter-sachsen.de;pierrehale.com;artige.com;digi-talents.com;cimanchesterescorts.co.uk;stemplusacademy.com;ctrler.cn;ceres.org.au;oneplusresource.org;toreria.es;bptdmaluku.com;ftlc.es;mooglee.com;finediningweek.pl;mountaintoptinyhomes.com;rumahminangberdaya.com;autopfand24.de;boldcitydowntown.com;triggi.de;mrsplans.net;tuuliautio.fi;geekwork.pl;songunceliptv.com;simoneblum.de;jandaonline.com;sterlingessay.com;bargningharnosand.se;smokeysstoves.com;fundaciongregal.org;markelbroch.com;saka.gr;juneauopioidworkgroup.org;assurancesalextrespaille.fr;schoellhammer.com;verifort-capital.de;first-2-aid-u.com;zieglerbrothers.de;vietlawconsultancy.com;rollingrockcolumbia.com;lapinlviasennus.fi;campusoutreach.org;corelifenutrition.com;mardenherefordshire-pc.gov.uk;enovos.de;makeurvoiceheard.com;pmc-services.de;onlybacklink.com;365questions.org;nancy-informatique.fr;hmsdanmark.dk;maryloutaylor.com;ncuccr.org;wsoil.com.sg;julis-lsa.de;carlosja.com;bee4win.com;live-con-arte.de;aselbermachen.com;ivfminiua.com;webmaster-peloton.com;blogdecachorros.com;softsproductkey.com;latribuessentielle.com;biortaggivaldelsa.com;chatizel-paysage.fr;vancouver-print.ca;bridgeloanslenders.com;simplyblessedbykeepingitreal.com;autofolierung-lu.de;cerebralforce.net;higadograsoweb.com;cyntox.com;smale-opticiens.nl;gonzalezfornes.es;upplandsspar.se;slimidealherbal.com;verbisonline.com;kalkulator-oszczednosci.pl;teczowadolina.bytom.pl;shadebarandgrillorlando.com;paymybill.guru;gamesboard.info;ora-it.de;dublikator.com;lorenacarnero.com;tstaffing.nl;datacenters-in-europe.com;luxurytv.jp;binder-buerotechnik.at;vox-surveys.com;team-montage.dk;polymedia.dk;highlinesouthasc.com;nhadatcanho247.com;n1-headache.com;trystana.com;bunburyfreightservices.com.au;makeflowers.ru;urclan.net;icpcnj.org;milanonotai.it;refluxreducer.com;bauertree.com;blossombeyond50.com;kisplanning.com.au;em-gmbh.ch;saarland-thermen-resort.com;haremnick.com;ohidesign.com;stefanpasch.me;deschl.net;beautychance.se;manijaipur.com;withahmed.com;balticdermatology.lt;heurigen-bauer.at;logopaedie-blomberg.de;trulynolen.co.uk;ventti.com.ar;iwelt.de;extraordinaryoutdoors.com;goodgirlrecovery.com;winrace.no;qualitaetstag.de;noixdecocom.fr;schutting-info.nl;mediaclan.info;hushavefritid.dk;no-plans.com;iwr.nl;gw2guilds.org;fitovitaforum.com;podsosnami.ru;journeybacktolife.com;you-bysia.com.au", "dbg": false, "pid": "$2a$10$hIPnYTfL4yAd01j./DIPs.Tdwq.QURm2fbUM4pQFInKQ45tak6xW6", "nbody": "LQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoAWwArAF0AIABXAGgAYQB0AHMAIABIAGEAcABwAGUAbgA/ACAAWwArAF0ADQAKAA0ACgBZAG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAsACAAYQBuAGQAIABjAHUAcgByAGUAbgB0AGwAeQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAuACAAWQBvAHUAIABjAGEAbgAgAGMAaABlAGMAawAgAGkAdAA6ACAAYQBsAGwAIABmAGkAbABlAHMAIABvAG4AIAB5AG8AdQByACAAcwB5AHMAdABlAG0AIABoAGEAcwAgAGUAeAB0AGUAbgBzAGkAbwBuACAAewBFAFgAVAB9AC4ADQAKAEIAeQAgAHQAaABlACAAdwBhAHkALAAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABpAHMAIABwAG8AcwBzAGkAYgBsAGUAIAB0AG8AIAByAGUAYwBvAHYAZQByACAAKAByAGUAcwB0AG8AcgBlACkALAAgAGIAdQB0ACAAeQBvAHUAIABuAGUAZQBkACAAdABvACAAZgBvAGwAbABvAHcAIABvAHUAcgAgAGkAbgBzAHQAcgB1AGMAdABpAG8AbgBzAC4AIABPAHQAaABlAHIAdwBpAHMAZQAsACAAeQBvAHUAIABjAGEAbgB0ACAAcgBlAHQAdQByAG4AIAB5AG8AdQByACAAZABhAHQAYQAgACgATgBFAFYARQBSACkALgANAAoADQAKAFsAKwBdACAAVwBoAGEAdAAgAGcAdQBhAHIAYQBuAHQAZQBlAHMAPwAgAFsAKwBdAA0ACgANAAoASQB0AHMAIABqAHUAcwB0ACAAYQAgAGIAdQBzAGkAbgBlAHMAcwAuACAAVwBlACAAYQBiAHMAbwBsAHUAdABlAGwAeQAgAGQAbwAgAG4AbwB0ACAAYwBhAHIAZQAgAGEAYgBvAHUAdAAgAHkAbwB1ACAAYQBuAGQAIAB5AG8AdQByACAAZABlAGEAbABzACwAIABlAHgAYwBlAHAAdAAgAGcAZQB0AHQAaQBuAGcAIABiAGUAbgBlAGYAaQB0AHMALgAgAEkAZgAgAHcAZQAgAGQAbwAgAG4AbwB0ACAAZABvACAAbwB1AHIAIAB3AG8AcgBrACAAYQBuAGQAIABsAGkAYQBiAGkAbABpAHQAaQBlAHMAIAAtACAAbgBvAGIAbwBkAHkAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIAB1AHMALgAgAEkAdABzACAAbgBvAHQAIABpAG4AIABvAHUAcgAgAGkAbgB0AGUAcgBlAHMAdABzAC4ADQAKAFQAbwAgAGMAaABlAGMAawAgAHQAaABlACAAYQBiAGkAbABpAHQAeQAgAG8AZgAgAHIAZQB0AHUAcgBuAGkAbgBnACAAZgBpAGwAZQBzACwAIABZAG8AdQAgAHMAaABvAHUAbABkACAAZwBvACAAdABvACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlAC4AIABUAGgAZQByAGUAIAB5AG8AdQAgAGMAYQBuACAAZABlAGMAcgB5AHAAdAAgAG8AbgBlACAAZgBpAGwAZQAgAGYAbwByACAAZgByAGUAZQAuACAAVABoAGEAdAAgAGkAcwAgAG8AdQByACAAZwB1AGEAcgBhAG4AdABlAGUALgANAAoASQBmACAAeQBvAHUAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIABvAHUAcgAgAHMAZQByAHYAaQBjAGUAIAAtACAAZgBvAHIAIAB1AHMALAAgAGkAdABzACAAZABvAGUAcwAgAG4AbwB0ACAAbQBhAHQAdABlAHIALgAgAEIAdQB0ACAAeQBvAHUAIAB3AGkAbABsACAAbABvAHMAZQAgAHkAbwB1AHIAIAB0AGkAbQBlACAAYQBuAGQAIABkAGEAdABhACwAIABjAGEAdQBzAGUAIABqAHUAcwB0ACAAdwBlACAAaABhAHYAZQAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5AC4AIABJAG4AIABwAHIAYQBjAHQAaQBzAGUAIAAtACAAdABpAG0AZQAgAGkAcwAgAG0AdQBjAGgAIABtAG8AcgBlACAAdgBhAGwAdQBhAGIAbABlACAAdABoAGEAbgAgAG0AbwBuAGUAeQAuAA0ACgANAAoAWwArAF0AIABIAG8AdwAgAHQAbwAgAGcAZQB0ACAAYQBjAGMAZQBzAHMAIABvAG4AIAB3AGUAYgBzAGkAdABlAD8AIABbACsAXQANAAoADQAKAFkAbwB1ACAAaABhAHYAZQAgAHQAdwBvACAAdwBhAHkAcwA6AA0ACgANAAoAMQApACAAWwBSAGUAYwBvAG0AbQBlAG4AZABlAGQAXQAgAFUAcwBpAG4AZwAgAGEAIABUAE8AUgAgAGIAcgBvAHcAcwBlAHIAIQANAAoAIAAgAGEAKQAgAEQAbwB3AG4AbABvAGEAZAAgAGEAbgBkACAAaQBuAHMAdABhAGwAbAAgAFQATwBSACAAYgByAG8AdwBzAGUAcgAgAGYAcgBvAG0AIAB0AGgAaQBzACAAcwBpAHQAZQA6ACAAaAB0AHQAcABzADoALwAvAHQAbwByAHAAcgBvAGoAZQBjAHQALgBvAHIAZwAvAA0ACgAgACAAYgApACAATwBwAGUAbgAgAG8AdQByACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBhAHAAbABlAGIAegB1ADQANwB3AGcAYQB6AGEAcABkAHEAawBzADYAdgByAGMAdgA2AHoAYwBuAGoAcABwAGsAYgB4AGIAcgA2AHcAawBlAHQAZgA1ADYAbgBmADYAYQBxADIAbgBtAHkAbwB5AGQALgBvAG4AaQBvAG4ALwB7AFUASQBEAH0ADQAKAA0ACgAyACkAIABJAGYAIABUAE8AUgAgAGIAbABvAGMAawBlAGQAIABpAG4AIAB5AG8AdQByACAAYwBvAHUAbgB0AHIAeQAsACAAdAByAHkAIAB0AG8AIAB1AHMAZQAgAFYAUABOACEAIABCAHUAdAAgAHkAbwB1ACAAYwBhAG4AIAB1AHMAZQAgAG8AdQByACAAcwBlAGMAbwBuAGQAYQByAHkAIAB3AGUAYgBzAGkAdABlAC4AIABGAG8AcgAgAHQAaABpAHMAOgANAAoAIAAgAGEAKQAgAE8AcABlAG4AIAB5AG8AdQByACAAYQBuAHkAIABiAHIAbwB3AHMAZQByACAAKABDAGgAcgBvAG0AZQAsACAARgBpAHIAZQBmAG8AeAAsACAATwBwAGUAcgBhACwAIABJAEUALAAgAEUAZABnAGUAKQANAAoAIAAgAGIAKQAgAE8AcABlAG4AIABvAHUAcgAgAHMAZQBjAG8AbgBkAGEAcgB5ACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBkAGUAYwByAHkAcAB0AG8AcgAuAGMAYwAvAHsAVQBJAEQAfQANAAoADQAKAFcAYQByAG4AaQBuAGcAOgAgAHMAZQBjAG8AbgBkAGEAcgB5ACAAdwBlAGIAcwBpAHQAZQAgAGMAYQBuACAAYgBlACAAYgBsAG8AYwBrAGUAZAAsACAAdABoAGEAdABzACAAdwBoAHkAIABmAGkAcgBzAHQAIAB2AGEAcgBpAGEAbgB0ACAAbQB1AGMAaAAgAGIAZQB0AHQAZQByACAAYQBuAGQAIABtAG8AcgBlACAAYQB2AGEAaQBsAGEAYgBsAGUALgANAAoADQAKAFcAaABlAG4AIAB5AG8AdQAgAG8AcABlAG4AIABvAHUAcgAgAHcAZQBiAHMAaQB0AGUALAAgAHAAdQB0ACAAdABoAGUAIABmAG8AbABsAG8AdwBpAG4AZwAgAGQAYQB0AGEAIABpAG4AIAB0AGgAZQAgAGkAbgBwAHUAdAAgAGYAbwByAG0AOgANAAoASwBlAHkAOgANAAoADQAKAA0ACgB7AEsARQBZAH0ADQAKAA0ACgANAAoALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAA0ACgANAAoAIQAhACEAIABEAEEATgBHAEUAUgAgACEAIQAhAA0ACgBEAE8ATgBUACAAdAByAHkAIAB0AG8AIABjAGgAYQBuAGcAZQAgAGYAaQBsAGUAcwAgAGIAeQAgAHkAbwB1AHIAcwBlAGwAZgAsACAARABPAE4AVAAgAHUAcwBlACAAYQBuAHkAIAB0AGgAaQByAGQAIABwAGEAcgB0AHkAIABzAG8AZgB0AHcAYQByAGUAIABmAG8AcgAgAHIAZQBzAHQAbwByAGkAbgBnACAAeQBvAHUAcgAgAGQAYQB0AGEAIABvAHIAIABhAG4AdABpAHYAaQByAHUAcwAgAHMAbwBsAHUAdABpAG8AbgBzACAALQAgAGkAdABzACAAbQBhAHkAIABlAG4AdABhAGkAbAAgAGQAYQBtAGcAZQAgAG8AZgAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5ACAAYQBuAGQALAAgAGEAcwAgAHIAZQBzAHUAbAB0ACwAIABUAGgAZQAgAEwAbwBzAHMAIABhAGwAbAAgAGQAYQB0AGEALgANAAoAIQAhACEAIAAhACEAIQAgACEAIQAhAA0ACgBPAE4ARQAgAE0ATwBSAEUAIABUAEkATQBFADoAIABJAHQAcwAgAGkAbgAgAHkAbwB1AHIAIABpAG4AdABlAHIAZQBzAHQAcwAgAHQAbwAgAGcAZQB0ACAAeQBvAHUAcgAgAGYAaQBsAGUAcwAgAGIAYQBjAGsALgAgAEYAcgBvAG0AIABvAHUAcgAgAHMAaQBkAGUALAAgAHcAZQAgACgAdABoAGUAIABiAGUAcwB0ACAAcwBwAGUAYwBpAGEAbABpAHMAdABzACkAIABtAGEAawBlACAAZQB2AGUAcgB5AHQAaABpAG4AZwAgAGYAbwByACAAcgBlAHMAdABvAHIAaQBuAGcALAAgAGIAdQB0ACAAcABsAGUAYQBzAGUAIABzAGgAbwB1AGwAZAAgAG4AbwB0ACAAaQBuAHQAZQByAGYAZQByAGUALgANAAoAIQAhACEAIAAhACEAIQAgACEAIQAhAAAA", "et": 0, "wipe": true, "wfld": ["backup"], "rdmcnt": 0, "nname": "{EXT}-readme.txt", "pk": "PcGaG/OPoFiNzu1LUC2Qhz905YYQChX9SFo+MuXEV2M=", "net": false, "exp": false, "arn": false}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Sample_5fba9b06c7da400016eb6275.exeMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
  • 0x4d44:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
  • 0x99c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
  • 0x9fb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
  • 0x91eb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
  • 0x99b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.348277768.0000000002B4F000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
    00000000.00000003.348165108.0000000002B4F000.00000004.00000040.sdmpJoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security
      00000000.00000002.573809240.00000000009B1000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
      • 0x4944:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
      • 0x95c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
      • 0x9bb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
      • 0x8deb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
      • 0x95b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
      00000000.00000000.347800253.00000000009B1000.00000020.00020000.sdmpMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
      • 0x4944:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
      • 0x95c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
      • 0x9bb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
      • 0x8deb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
      • 0x95b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
      Process Memory Space: Sample_5fba9b06c7da400016eb6275.exe PID: 7020JoeSecurity_SodinokibiYara detected Sodinokibi RansomwareJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.Sample_5fba9b06c7da400016eb6275.exe.9b0000.0.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4d44:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x99c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9fb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x91eb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x99b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F
        0.2.Sample_5fba9b06c7da400016eb6275.exe.9b0000.1.unpackMAL_RANSOM_REvil_Oct20_1Detects REvil ransomwareFlorian Roth
        • 0x4d44:$op1: 0F 8C 74 FF FF FF 33 C0 5F 5E 5B 8B E5 5D C3 8B
        • 0x99c6:$op2: 8D 85 68 FF FF FF 50 E8 2A FE FF FF 8D 85 68 FF
        • 0x9fb2:$op3: 89 4D F4 8B 4E 0C 33 4E 34 33 4E 5C 33 8E 84
        • 0x91eb:$op4: 8D 85 68 FF FF FF 50 E8 05 06 00 00 8D 85 68 FF
        • 0x99b5:$op5: 8D 85 68 FF FF FF 56 57 FF 75 0C 50 E8 2F

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Antivirus / Scanner detection for submitted sampleShow sources
        Source: Sample_5fba9b06c7da400016eb6275.exeAvira: detected
        Found malware configurationShow sources
        Source: Sample_5fba9b06c7da400016eb6275.exe.7020.0.memstrMalware Configuration Extractor: Sodinokibi {"prc": ["firefox", "oracle", "visio", "xfssvccon", "steam", "winword", "mspub", "isqlplussvc", "ocssd", "ocautoupds", "mydesktopqos", "outlook", "dbeng50", "sql", "agntsvc", "tbirdconfig", "encsvc", "thebat", "synctime", "onenote", "mydesktopservice", "thunderbird", "excel", "powerpnt", "dbsnmp", "sqbcoreservice", "ocomm", "infopath", "wordpad", "msaccess"], "sub": "5891", "svc": ["veeam", "vss", "backup", "sophos", "svc$", "mepocs", "memtas", "sql"], "wht": {"ext": ["msc", "mpa", "hta", "ani", "themepack", "com", "ps1", "icl", "dll", "ldf", "ocx", "lnk", "theme", "nls", "386", "cmd", "wpx", "diagcfg", "cur", "prf", "ico", "nomedia", "sys", "bat", "exe", "deskthemepack", "spl", "shs", "hlp", "rtp", "msp", "scr", "ics", "key", "msstyles", "mod", "cab", "diagcab", "adv", "rom", "drv", "bin", "msi", "idx", "cpl", "diagpkg", "msu", "icns", "lock"], "fls": ["boot.ini", "bootsect.bak", "bootfont.bin", "ntuser.ini", "iconcache.db", "ntuser.dat.log", "desktop.ini", "autorun.inf", "thumbs.db", "ntuser.dat", "ntldr"], "fld": ["system volume information", "program files (x86)", "mozilla", "application data", "windows.old", "msocache", "appdata", "$recycle.bin", "$windows.~ws", "program files", "windows", "programdata", "google", "tor browser", "perflogs", "boot", "intel", "$windows.~bt"]}, "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", "dmn": "notmissingout.com;employeesurveys.com;delchacay.com.ar;sw1m.ru;sofavietxinh.com;samnewbyjax.com;pawsuppetlovers.com;panelsandwichmadrid.es;frontierweldingllc.com;antenanavi.com;nokesvilledentistry.com;partnertaxi.sk;tomaso.gr;levihotelspa.fi;myhealth.net.au;midmohandyman.com;kirkepartner.dk;zewatchers.com;lapmangfpt.info.vn;purposeadvisorsolutions.com;fitnessbazaar.com;brigitte-erler.com;lescomtesdemean.be;supportsumba.nl;deltacleta.cat;mastertechusering.com;dontpassthepepper.com;apprendrelaudit.com;whittier5k.com;ladelirante.fr;mariposapropaneaz.com;nsec.se;shsthepapercut.com;adoptioperheet.fi;labobit.it;retroearthstudio.com;ahouseforlease.com;greenfieldoptimaldentalcare.com;renergysolution.com;xtptrack.com;sandd.nl;euro-trend.pl;christ-michael.net;bigasgrup.com;plv.media;wacochamber.com;jyzdesign.com;facettenreich27.de;echtveilig.nl;mbxvii.com;igfap.com;noskierrenteria.com;strategicstatements.com;itelagen.com;burkert-ideenreich.de;cleliaekiko.online;baronloan.org;slwgs.org;wolf-glas-und-kunst.de;hardinggroup.com;mousepad-direkt.de;4youbeautysalon.com;suncrestcabinets.ca;zzyjtsgls.com;commercialboatbuilding.com;stemenstilte.nl;maasreusel.nl;bloggyboulga.net;vitavia.lt;skanah.com;autodujos.lt;leoben.at;filmstreamingvfcomplet.be;mediaplayertest.net;travelffeine.com;ungsvenskarna.se;securityfmm.com;rushhourappliances.com;ziegler-praezisionsteile.de;drinkseed.com;live-your-life.jp;deko4you.at;comarenterprises.com;despedidascosta
        Multi AV Scanner detection for submitted fileShow sources
        Source: Sample_5fba9b06c7da400016eb6275.exeVirustotal: Detection: 89%Perma Link
        Source: Sample_5fba9b06c7da400016eb6275.exeMetadefender: Detection: 48%Perma Link
        Source: Sample_5fba9b06c7da400016eb6275.exeReversingLabs: Detection: 86%
        Machine Learning detection for sampleShow sources
        Source: Sample_5fba9b06c7da400016eb6275.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B549C CryptAcquireContextW,CryptGenRandom,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B5D90 CryptBinaryToStringW,CryptBinaryToStringW,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B5D2F CryptStringToBinaryW,CryptStringToBinaryW,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: z:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: x:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: v:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: t:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: r:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: p:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: n:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: l:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: j:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: h:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: f:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: d:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: b:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: y:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: w:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: u:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: s:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: q:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: o:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: m:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: k:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: i:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: g:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: e:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: c:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile opened: a:
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B766A FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,

        Networking:

        barindex
        Found Tor onion addressShow sources
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026F
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID}
        Source: su84mu33c1-readme.txt19.0.drString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026F
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmpString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmp, su84mu33c1-readme.txt19.0.drString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026F
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmpString found in binary or memory: http://decryptor.cc/
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmp, su84mu33c1-readme.txt19.0.drString found in binary or memory: http://decryptor.cc/A7014F8C2779026F
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmp, Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmp, su84mu33c1-readme.txt19.0.drString found in binary or memory: https://torproject.org/
        Source: Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.573901385.0000000000BBA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

        Spam, unwanted Advertisements and Ransom Demands:

        barindex
        Found ransom note / readmeShow sources
        Source: C:\su84mu33c1-readme.txtDropped file: ---=== Welcome. Again. ===---[+] Whats Happen? [+]Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension su84mu33c1.By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).[+] What guarantees? [+]Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests.To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money.[+] How to get access on website? [+]You have two ways:1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026F2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/A7014F8C2779026FWarning: secondary website can be blocked, thats why first variant muc
        Yara detected Sodinokibi RansomwareShow sources
        Source: Yara matchFile source: 00000000.00000003.348277768.0000000002B4F000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000003.348165108.0000000002B4F000.00000004.00000040.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Sample_5fba9b06c7da400016eb6275.exe PID: 7020, type: MEMORY
        Modifies existing user documents (likely ransomware behavior)Show sources
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile moved: C:\Users\user\Desktop\ZTGJILHXQB\QCFWYSKMHA.pngJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile deleted: C:\Users\user\Desktop\ZTGJILHXQB\QCFWYSKMHA.pngJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile moved: C:\Users\user\Desktop\UOOJJOZIRH.xlsxJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile deleted: C:\Users\user\Desktop\UOOJJOZIRH.xlsxJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile moved: C:\Users\user\Desktop\PWCCAWLGRE.jpgJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B3B6E OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009BB7A2
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B8AF8
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B85D5
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009BAB0D
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B8377
        Source: Sample_5fba9b06c7da400016eb6275.exe, type: SAMPLEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000000.00000002.573809240.00000000009B1000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 00000000.00000000.347800253.00000000009B1000.00000020.00020000.sdmp, type: MEMORYMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 0.0.Sample_5fba9b06c7da400016eb6275.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: 0.2.Sample_5fba9b06c7da400016eb6275.exe.9b0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_REvil_Oct20_1 date = 2020-10-13, hash4 = fc26288df74aa8046b4761f8478c52819e0fca478c1ab674da7e1d24e1cfa501, hash3 = f6857748c050655fb3c2192b52a3b0915f3f3708cd0a59bbf641d7dd722a804d, hash2 = f66027faea8c9e0ff29a31641e186cbed7073b52b43933ba36d61e8f6bce1ab5, hash1 = 5966c25dc1abcec9d8603b97919db57aac019e5358ee413957927d3c1790b7f4, author = Florian Roth, description = Detects REvil ransomware, reference = Internal Research
        Source: classification engineClassification label: mal100.rans.evad.winEXE@2/207@0/0
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B4CD4 GetDriveTypeW,GetDiskFreeSpaceExW,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B5425 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\program files\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeMutant created: \Sessions\1\BaseNamedObjects\Global\C67C4A76-40FA-FD1C-B814-F8203DB0F283
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: C:\Users\user\AppData\Local\Temp\xa288w44oi.bmpJump to behavior
        Source: Sample_5fba9b06c7da400016eb6275.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA &apos;Win32_Process&apos;
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA &apos;Win32_Process&apos;
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\CIMV2 : SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA &apos;Win32_Process&apos;
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: Sample_5fba9b06c7da400016eb6275.exeVirustotal: Detection: 89%
        Source: Sample_5fba9b06c7da400016eb6275.exeMetadefender: Detection: 48%
        Source: Sample_5fba9b06c7da400016eb6275.exeReversingLabs: Detection: 86%
        Source: unknownProcess created: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe 'C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe'
        Source: unknownProcess created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeDirectory created: c:\program files\su84mu33c1-readme.txtJump to behavior
        Source: Sample_5fba9b06c7da400016eb6275.exeStatic PE information: section name: .axh
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009C30F8 pushfd ; ret
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: C:\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\program files\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\program files (x86)\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\recovery\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\program files (x86)\microsoft sql server\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\program files (x86)\microsoft sql server\110\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\desktop\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\documents\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\downloads\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\favorites\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\links\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\music\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\pictures\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\saved games\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\default\videos\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\3d objects\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\contacts\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\downloads\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\favorites\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\links\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\music\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\onedrive\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\pictures\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\recent\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\saved games\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\searches\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\videos\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\accountpictures\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\desktop\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\documents\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\downloads\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\libraries\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\music\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\pictures\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\public\videos\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\program files (x86)\microsoft sql server\110\shared\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\eegwxuhvug\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\eowrvpqccs\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\fenivhoikn\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\gigiytffyt\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\grxzdkkvdb\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\mxpxcvpdvn\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\pwccawlgre\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\qncycdfijj\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\uoojjozirh\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\vamydfpund\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\wkxewiotxi\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\desktop\ztgjilhxqb\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\eegwxuhvug\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\eowrvpqccs\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\fenivhoikn\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\gigiytffyt\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\grxzdkkvdb\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\mxpxcvpdvn\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\pwccawlgre\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\qncycdfijj\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\uoojjozirh\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\vamydfpund\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\wkxewiotxi\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\documents\ztgjilhxqb\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\favorites\links\su84mu33c1-readme.txtJump to behavior
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile created: c:\users\user\pictures\camera roll\su84mu33c1-readme.txtJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect sleep reduction / modificationsShow sources
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B595D
        Found evasive API chain (may stop execution after checking mutex)Show sources
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcess
        Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)Show sources
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeEvasive API call chain: GetPEB, DecisionNodes, Sleep
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B58B3 rdtsc
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: OpenSCManagerW,EnumServicesStatusExW,RtlGetLastWin32Error,CloseServiceHandle,CloseServiceHandle,EnumServicesStatusExW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeWindow / User API: threadDelayed 10000
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe TID: 7024Thread sleep count: 10000 > 30
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B766A FindFirstFileExW,FindFirstFileW,FindNextFileW,FindClose,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B53F1 GetSystemInfo,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B58B3 rdtsc
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B5083 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B5408 mov ecx, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B494C HeapCreate,GetProcessHeap,
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: OpenProcess,QueryFullProcessImageNameW,PathFindFileNameW, svchost.exe
        Source: unsecapp.exe, 0000000E.00000002.616569697.00000176D6E90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: unsecapp.exe, 0000000E.00000002.616569697.00000176D6E90000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: unsecapp.exe, 0000000E.00000002.616569697.00000176D6E90000.00000002.00000001.sdmpBinary or memory string: &Program Manager
        Source: unsecapp.exe, 0000000E.00000002.616569697.00000176D6E90000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B4C25 cpuid
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exeCode function: 0_2_009B5126 GetUserNameW,

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Replication Through Removable Media1Windows Management Instrumentation1Windows Service1Windows Service1Masquerading3Input Capture1Security Software Discovery12Replication Through Removable Media1Input Capture1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
        Default AccountsService Execution1Boot or Logon Initialization ScriptsProcess Injection12Virtualization/Sandbox Evasion1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothProxy1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsNative API22Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsPeripheral Device Discovery11SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsAccount Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Service Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowFile and Directory Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Information Discovery25Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Sample_5fba9b06c7da400016eb6275.exe90%VirustotalBrowse
        Sample_5fba9b06c7da400016eb6275.exe49%MetadefenderBrowse
        Sample_5fba9b06c7da400016eb6275.exe86%ReversingLabsWin32.Ransomware.Sodinokibi
        Sample_5fba9b06c7da400016eb6275.exe100%AviraTR/Crypt.XPACK.Gen
        Sample_5fba9b06c7da400016eb6275.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.0.Sample_5fba9b06c7da400016eb6275.exe.9b0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
        0.2.Sample_5fba9b06c7da400016eb6275.exe.9b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026F0%Avira URL Cloudsafe
        http://decryptor.cc/2%VirustotalBrowse
        http://decryptor.cc/0%Avira URL Cloudsafe
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/0%Avira URL Cloudsafe
        http://decryptor.cc/A7014F8C2779026F0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026FSample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmp, su84mu33c1-readme.txt19.0.drtrue
        • Avira URL Cloud: safe
        		unknown
        http://decryptor.cc/Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmpfalse
        • 2%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmptrue
        • Avira URL Cloud: safe
        		unknown
        http://decryptor.cc/A7014F8C2779026FSample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmp, su84mu33c1-readme.txt19.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://torproject.org/Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000002.577730714.0000000002B58000.00000004.00000040.sdmp, Sample_5fba9b06c7da400016eb6275.exe, 00000000.00000003.524083890.0000000002B6F000.00000004.00000040.sdmp, su84mu33c1-readme.txt19.0.drfalse
          		high

          Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:31.0.0 Red Diamond
          Analysis ID:326335
          Start date:03.12.2020
          Start time:10:02:31
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 5m 19s
          Hypervisor based Inspection enabled:false
          Report type:light
          Sample file name:Sample_5fba9b06c7da400016eb6275.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:24
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.rans.evad.winEXE@2/207@0/0
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:
          • Successful, ratio: 98.2% (good quality ratio 94.3%)
          • Quality average: 87.1%
          • Quality standard deviation: 24.9%
          HCA Information:Failed
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          Show All
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, VSSVC.exe, svchost.exe, wuapihost.exe
          • Created / dropped Files have been reduced to 100
          • Report size getting too big, too many NtOpenKeyEx calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Program Files (x86)\Microsoft SQL Server\110\Shared\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Program Files (x86)\Microsoft SQL Server\110\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Program Files (x86)\Microsoft SQL Server\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Program Files (x86)\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Program Files\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Recovery\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Desktop\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Documents\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Downloads\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Favorites\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Links\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Music\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\NTUSER.DAT.LOG1
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):57576
          Entropy (8bit):7.9967612790440015
          Encrypted:true
          SSDEEP:1536:vPdyaRoGas1a+D5xLSxQdaXafUNWw1DiOme6Z+b:McdzDLSydBwue6gb
          MD5:6DA85E5486469464AB62C13D8586F55C
          SHA1:F26B562A26D70C286574599C02EF629BCD9B223C
          SHA-256:C9CD37432616FEB68566448BD6D6705A0A6142266D7BAC384FE37CC1ABA5589D
          SHA-512:60345C22D5E2BBCC60E75B3ADF904371452250BC148F13621FB786523FA7856A06ACC6F9AAE3D539C80986DE902124B7B47317678118CDBB2F4F49D8E36FBDE7
          Malicious:false
          Reputation:low
          Preview: #...%....c..)...<.|N...xW.....'...........TfdP..D...f.<..y.W.c..n......"[.......}.m...v:...&....S.../`h8...B...._-.U..L.t....Nk...-X.....r6.^.F.......m........4...]M.T...hv.......#....\...(.Et..."F.....+T.].i\O..........*.f+B."......dCT.r8......!..8|.Y..s.h..M7..E{.y.^...h.3`..,.,l..+.eu.*q!..H\.....R...%......S..:.40U.0.x..].(..1Z.fB..._.^L.6A..5.].w./..*..W......sNE.O....*..x.c{4"LO....e....y..D...i.....d).}--....ciE.Km.*R......9..m.NL..o..D......}.n..`|.F..........6...].Wd.Q.{..k.....F=.]!...D#.jg.mt.-......?........M.[....i.A........y..y.52I...CP..v.0.S.#n.`>..pk.ub8.Z..r.5.!u..4.v..............-.J...=.7.S.....W.}.W,$.EytU/&.T..8.k=N.E...kZ......;.*..%U..........t...Z.....&...4.^.FE...)...09..B.,.4..rg.. Zhy{...0.Z....S:.V.s..r.4==7ym#.E.y.[ @>...Euk...X.R....gu....].....C..3.8'...AwP..0"....r.*......".....fR7..46.X ...U..Jk5[...4k...]...k<y..Y.O...29.8..."..pG.......].p...BU.U=d..JE...q.,........?...[{...i.....S. Z...,.B.)B.g......
          C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):65768
          Entropy (8bit):7.997488810750565
          Encrypted:true
          SSDEEP:1536:+haveFRMDA5sd8G1EIP+IQnffP6I11CDjKiy0SmaJfTMHgf6Y7W0A8H:+CeSW8RP+16I0XyLmc+MbAW
          MD5:140C67C7D00B1212B48BBF89FE090654
          SHA1:425C48C20E3EB6A5DAC564608B67E3F65F13E02E
          SHA-256:5BD3E511C7443B8AC8CC788D5463E95DD16131B3B00666544E954AC9C2AF02AB
          SHA-512:46E5559BEC176F68A166374F2CFAD3D3AD2B142CEAAD9C73C37E78BF38459B215105FD1E4A914B86668C44C047BDA48112469129CAF384937B40A2D1CBFFF3A8
          Malicious:false
          Reputation:low
          Preview: .{.%.U.!.....4..O~=.d...8.........J....Y7.t.*cf."n.....pY.0-!6A".t-.}...;7.k....8|.G.Y.t7q.+...o>....> ....v|.D....O.i1..ep.....;..M........h.H......g..s..D.b..6O.^..!(XW..BF.....xj.}.....l..0.?.F.f-.|.j.XRv...FA..R.>...X......R..c...!...$^..pR....,[uk...W...|...^.i..Z....2..Up.....P..&..s}.zl.......%...y<.p.*!.iTW.....>...h...r]M..|..........&ZV..F.}..T\.:...#`........km..p.>...#....jE.....3._m.u........q.!.....Y.C.!D.D.0.......l..|];.~..|.R.k.!T$s....p.F...$.cm|....g......X...C..A9:....jJ.\.7.._E...b...k..mL.G.z.w..oHZL....iEGz.."..;/i..S...U..~(.u.....Y...B...m...GH....zH.....Dzi...8..J.........0_.1(....I.C.mfi.........c..0]..A....>SjIc.f.....y...{.....gr>.......`..V.!(..rO.......),.V.o8x..=kx.4......M.n...U.o......6......LN..Z.=.(...*!.z......S.0if...f..:.=M"-.D.K..?..='.z..0N.etl..a....F..gd.0.B...........R$.....D8X.....**.<ewm...t...Q. ...E....|<........L..2q"..).....@...O.-..d.~?..Z,....&I..I.0.")V...3.G....n.A..Z.N.
          C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):524520
          Entropy (8bit):7.9996414441647055
          Encrypted:true
          SSDEEP:12288:OaK9Zq1wAAjS6IAkTwVy44J9Vk/08ObqzAHHNlGWwv5:Kw1wnjjkSeJ9i/0tbqkHHNgWwB
          MD5:7A35CD0AF3AB22B0D866F89843FAC8FF
          SHA1:33C9B852246034CDE75A57E89AABBEAEDFBFF193
          SHA-256:01214D0CA14625BD561F759C6BC8B27B25E1B07F55692CAB5AF1C14F44A141D4
          SHA-512:D5EBEBA8A0EC0823797B12994A37E7C6BA9908820DD99F60B0174A1E22946A396D8E8BF8314838DC3EFDEB0E21453186AB7BD814A5147795949F7AE1EC19307B
          Malicious:false
          Reputation:low
          Preview: ....J.I^e..U..)1r..^!-U..a............\.8P0...gp_>,$.Lul...y>.?...N$.......u. w.2p....i.w._.~o4`.<y.6Z.F94..~.i....y.O"... ^..b...fs.a??./....4.A.......2.V7.:...r...X.F....s.F].....0j8. ]..........<.......Z.Z.h.^p).......'..$r(.A..#z\..2.'.....R.V.g7.A.............Fz...4...')..k..S+..^........;..J.%.y....)......^.?q......._.A&...?4.I7W../...-.....z.l...r..f.}.........,.1&.p{~./7U..P.F.3..!..u...E..........x..........j.1Ro.f...F..6.^.A......:.Z!If6'(...C...#B.U!,....s.e.W8H9..].J...%..M........d...... z.).`.............*o.m.).I&.U.&....a..q.!L@.>@#.T.C`4|.>^,[....|.9.^hE.P.+....W.:..o8=..)...S.7..;{.J......bb.....v"....HpW.d.!...4o.....5.......!L2.......".....S...[0.A.z..+..L....V..xf...B.........L.!..9.....G....q......O..m..z.$b...GCr.....{.._..>...Q.U(..|.u.T .lK.....|R.uS...,.0%.B..<..b5.....k....,.H...../S....Si3......-00..b.6J.k......P.q.g.....=......CI......(.&m..;.>1t....-H.D`.C%....=[%.p>j..No..O!.f..c.A`...`..J.F.e.pQ.nb.t
          C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):524520
          Entropy (8bit):7.999638362448107
          Encrypted:true
          SSDEEP:12288:x5ULCn3cOGhaejQNCrJ3VfNF+7Q5dd5VCDVfKgXyrYdvm8jzXmwt6W:x5U+d7NgJFP+k5b5qfVyrYdvmGzXmw0W
          MD5:3FC26A30052BCA80D7EBBDC2C68FF11C
          SHA1:3B5DE44E7D8BF8BA0222F666913D9E913FEDAEA4
          SHA-256:8BB6D3B8F214E8694D99D4CE9041AE49246F151BE4098E0D730F7D53EC1F12D2
          SHA-512:E41B10D360DC295FDF3F41E408512F09F52A2E1CDA4D3A292BF68010213CFB5DF225A5314B7F4A46B44643AB5483AD25EC89E52BA0962F2719E44B7B461484C6
          Malicious:false
          Reputation:low
          Preview: Y.;.l.%Y.6.AQ...<..+n.....e..U..C&...K....P..g.Pyn..%.0..Tu....P..c..d.""2...J.j..=.HN....{..K.xa(tf.=P6.9....&.......?^WW..)<p.....y..{Q]..v .5!~....ta....M.5:..e?U...d.....':.?.Q.6+....}..^.C..&.k..x..Gi+.9EHZRCdT.8.....\.U...W/.....J.W[..u7..o.....e......aJ..\.q....V....I&..<.@..?.1j..]....c.rgT9w%".....Gs......=|G..M.ml..o].=_C.LJ.h...].y. ....'..T......gx,....w..N.r7...W.....9....+.g..2......R..j...r.d.8....|h[.h.{.D...UE`..._..n...j.qj>.....B.QFu@s.6..{;.....C.7i.........c.z.'.'...2Z.c=)8.-:..=i......o....g.L.u Pw.."R......w.T... .J.iR.Z.Y.o.d.............{P......../..{=....../bF)VSa3....Zu,.3..}...:.UC....\`K....?..=.L..............:VJ..E.....5.\.......R.P..,.. Q.f;...d..k.5....v...%.R.......(..Qp...O.Wvd.....Y.rb.w..uyJ.ks.....V=."j...=.....eH...c...1....xj.%........@\....2.aeS.....A`.BAcS>...c....E...K.~.,V.sid:....<.\...sQ..>..F.4Q._...@...... .%Y.$`.Q.A]...sz..CO'..8D).6;E.....GV.Wc=...z.i....-.....W%.....'XU)t..A......wl\
          C:\Users\Default\Pictures\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Saved Games\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Reputation:low
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\Videos\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Default\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\AccountPictures\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Desktop\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Documents\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Downloads\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Libraries\RecordedTV.library-ms
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1231
          Entropy (8bit):7.873250538556591
          Encrypted:false
          SSDEEP:24:T4L07UNggZdgkZGjqcFbJZk7LD1bfNk9Hv52cyKx5q9qs8QQCvREXADn+zRH:TBKdgMMqSWfNk9h+Kx09rpQCvuu+lH
          MD5:96ED0430ABF8E6751122961B0401B64B
          SHA1:DE9F5A5FE2A1972A1D51E517E8614FA85196EBA6
          SHA-256:4A75F7DF381486FF662C1B342E5E769729D103BC65EAF1E003261504C744DCCF
          SHA-512:CA964E5F77A6B776A9361FB61FD6540D0B8D417E7A4F805FEF5A5DA08EAFA1CDD8B9BE25A9E27F8E82A2AE4F8D53289D6F23D5E33A186B6A603A9599C7C51B1A
          Malicious:false
          Preview: ..[.?..Z..a.......j.KB[+...+..:f.J.5...MV...{...z..FMP`.R.Z<.T....'i...Q,..A..=(..@l..{5.NT.`.)).h...).u..$...$T.@...}b....:.Bc....,.>.B.E$...*.J........r..7`...(...P,>.X.+...w~5uY~.....o4_.....j......j...aC....dq.q../.QU.}...W....`.48+<.l...c.[...V.2.Z.c.o.E....j.dA.4,.&Sd*P.4y.. ...x.s.._...u...<P({..3.a.Qw[%.NB0.pC..}[.7.^9N%U.z....H....y.uo.W.$.E.p.a....H...w>.n_.t=~........B..%... ......j.}..Gf...._.A........U..<.9+......!h]..I...e...*..Jq!..l.B.v.O..O....(~Z@.#.L..!....U'...Zr.N.4nM..y"..&...s:M.GiN.<........`R......K.o..Y.....Z.8...A....1..2......%b..h.]..1o......W..K.p.r.1....t..x.....c.l.F.=.mp..5,".c>+..j9..~..!&..qhv.A.8.t..3.\...O. .&.E...D.eC..;.E...W9........p.....<.a......4.pV.}...g.&....\......*....].........q.....A^...1C...F.*....<~....L....<..=c....(]....{|. .KM.r....YL3/...;..B...Y=]n.S0...I.....R|....9&".........m..&78....+`.6.c.....:/}Z=.T....D...g.U....?s...R..8.z.L.5.Y...C#S.p.d..lN.i...I.>h.U./"..$......P.
          C:\Users\Public\Libraries\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Music\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Pictures\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\Videos\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\Public\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\3D Objects\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\AppData\Local\Temp\xa288w44oi.bmp
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 32
          Category:dropped
          Size (bytes):5242934
          Entropy (8bit):5.58128370800569
          Encrypted:false
          SSDEEP:49152:Jbi7aDgY5uwMTQwa9LndLgwxKjvkmAdI0Lof1L083Z9juZ1:AAnLgwQNzfNs1
          MD5:0AD214961CB58BAAC27374BCB0E0F564
          SHA1:CC4E47C4CF146566E7508ABC0360D96CDF695A6C
          SHA-256:9C4BE9FB90DB1AEF7271C2CBA2B466C76D2ABC7B6B77FAABFFA4F05445586DD0
          SHA-512:F86085AC5C20B58D8B4BB450F3066250119998A90D2953C7B40750F2B5CB2D05923D57FCBD33A60D2751F0EC96D71B803487054832A685C87F02BE04CA65AE11
          Malicious:false
          Preview: BM6.P.....6...(............. .......P.............................................B...<...b...........H.......".......f.......7.......}...B...x...........................n...........u.......(...............$.......E...........V...I...U...........|...?...i...7...........+...:.......c...........................1..................._.......<...........-...N...}...F...8...........9...(...}.......-...7.......)...R...{...9...............K.......K...9...............^....... .......m...o...............+...........X...a...R.......V...].......;...V.......m...................U...P...+...#...y.......{.......?...!.......j...1.......p.......\...............................D...k...-...@...*...........{...{.......P.......-...C...q..."...........c.......b.......@...................P...........\.......{.......-...Q...f...................<.......!...............$...........>...l......./...j...........*...!...m...z...i...]...3...........d.......8...W...:...V...U...y.......5...z...T...n...................}.
          C:\Users\user\Contacts\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\CURQNKVOIX.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.84347141248344
          Encrypted:false
          SSDEEP:24:Dn5/1DIZtmNNJa5DptAFhy3eUC/nx90Hdu5Ni/EBMuJRN9nTDB8WzelXADn+zi3j:DnbN0+lQHdsp7N9nHou+Cj
          MD5:A7AD101B29D7135F454A791CEC428A8D
          SHA1:A2F8A6A6DAFB23916AE156D75B55A20659FE588F
          SHA-256:85AD56CBC03C7EF61559DBEA5313128EAF185EDB7493CA79B9F45274B115FD6D
          SHA-512:4C53D46B9DFF14D53641B52AFCA94AF83E5A81326721BD65D2F98D7A2A29739A63B84AB608CE38B0C609B6C8CCFC3FDC2781AD2A06AD5F3ABE639026E034EAEA
          Malicious:false
          Preview: ;.#?w+..dm..<q...............]....o.H.%-I....iu*..G........UQ...V..i.>,...:$X.].YXyQ.....F.ef..S...D/Z??d.=.G"e..o....y...k..J..6...........LH...K..Y.I..E.R*...^..A..E..n...;8...qq.[+!...Z....%?e./.#....4C..~m..J%w.2..#9...&t..Jo..~...YD.......U.....z.........a.6.Um3.......L..*\77......B..z{C.)...P..........x...X~.if....Y-.L.d..0....+]5:.`V...Q.300....Cz.6.c....rJH.._...>1.+.'.....+H.*. .V..f.$...HPkR.......+.......3..6J<.U.s8b.gl.:~....7..e.GD.g.jZ.X.O..Y..................Q{o.....`.7!..Q......LwJa.sZM{.*n..b.ya<.n..5.!.%..Ri.i....X........U..+Q.qM7?H..fe.3Nr..l...'`HP.....P74..$...........M..._...(.Z....... ...o...:{...N..4.[...6T(..f...Oh}.y..j...M..A.R....}..;Eh...........T.....[.f...iYN.<.S.....5..!].f.EKt..Nz..4AX.yD..ND..C.....LRn.G.d.G.!XI9.K....&(.F..".|[..wf......w.......).....{..E.........iR........P0Kda..A.3~.@.!..b..af......=Sj........'u.o....c.......ga......H.*.....a6...Q.l........Tg.Q..C..].C.X.C.Q...F.b.\..,..b.l.......jK..4...
          C:\Users\user\Desktop\EEGWXUHVUG\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\EOWRVPQCCS\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\FENIVHOIKN.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.862731619905376
          Encrypted:false
          SSDEEP:24:bQ6ZKUjnYusuvYlMbKnIGnOtsuLV7RVpriEe06lCpXADn+z9P:XJ/5vYebKnIGnOtsUVls0WGu+BP
          MD5:BA41FA871464041EF5F3DA922C8B973A
          SHA1:BC40D7ACA461EA074179698632EE3907E90D2E9B
          SHA-256:F85EA44817DE6877C79703CDCF4DC766D89429DEAA831E2E5D6076D2D3B75FFC
          SHA-512:9D45860CFFC535597547C8C7BD04A8D937F0B4AE8D62CDE6CEBD5FF40F2310447397F695465EABDE73375B2CE1FB470044ED8F40015338AC130C2B17CBBD9680
          Malicious:false
          Preview: .A...2#.u*<<.^C...{.?"J.xW0..X...]7/,...!.l)4..RI.'.J+!.W.....M..C(..r..=...P.=....K..P...'Q .u..)..=...:^.lY.-.."7.>.a}./...O.....]....* ........C....~S.k..).T[..y.....9.$...a,.m.......S.x.<(Tm...[.......w..AS..@.)..3.+,m].K..s.....a..p.k$'.X..+.X..M.vh3~xM.:TF4.?..?..b...#..<.......X....i....,.-...^..Wh...0.}..l9c...!.s.c..&.T.YB.o.....p.H...2........$.%....fE...e..b[4+.38.....EZf.hk....S.......!....9.B.Z.4/q.H&u.V.....S.......W:.Q....Y..*..F.#.V..5V...n........Y`l....G.fU....AY...CX...Nlm@8.....8z/o[..U~..+.P...3.N.I&......j3..{T.q.S....r;..O.a.@.........xg.0NpODZ..o.1.V[..r.@.M..... ...`..#D.f.y...{.f...D^D...i..........Q.......i4.(.>QJ...o..M.. !nP.V8>.....+....f...rI..)VI..V...M.J..]..ir..1...pf......3XV$p..J......3.P.k{}..U..\G...f.8...Y$..,s.}D...9....^....z.j>q1........!.f..>.p[.+...@#@x..C..]t.*l..y..Z#.5./|.e.j\.S..2.5..y.X.Qv.+N...`.S.....i<.P..)...J.^jO..S=..RrF.2U].....'...%......L1q.4I.y..{.....![..bS...-|.5.o...o.....B80.Bi3
          C:\Users\user\Desktop\FENIVHOIKN\CURQNKVOIX.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.839271363073904
          Encrypted:false
          SSDEEP:24:q/+5ohdPz20+lzAwYgBkcslzVzGGuXiJLyiTHXADn+zDBZIU:Q+MPzelzw9fzGVuT3u+J7
          MD5:6B3CF79188192A79CB78E6502FCF4533
          SHA1:FD2F8DF891063D60E397D88815EABB8372FE40D7
          SHA-256:19E8B6B0A8298C6AE267DADE16B36DD1728E4EAED411D82232DD6B33D9E801BB
          SHA-512:7B0B4AF17AAD8018DED19660DD81373066021C9B1225148137B93CC825D6F7571E0218A86D595E6367071BA0859E59CD80AB423480A7290170DA3C01E7B4C3FA
          Malicious:false
          Preview: <.=.D.d|I.iFv.....H..V./.o...._2..]5...F....M.|T...1..H#3.ZB.......h.3.....M./.+h......`<R....<.A... .G~. .4..3a.R..j.......5Mb..?o8z..(.Z.4...,....k'.T.=.8|..(=.7nJd..U.'.u.).~8.p...YY..5'.7._.%M..[...:6.. *...a....D..3Z.[.E.Z..b......-C.o.i..}...L..uf*.X.>M.q%f.#..F...lS...ja|..@...R..g.+..;..v<.P....i...i2d..........w......>.9H,}.v......J....o..(.......-..U.F. !......._g.J....Q.....H..bc...H..R(e.R...*....d.-+=....[.2_. ...7\.8O+...Y...Y.).[n.t...LlE.....]...a.n.8A.m:...5...<j.._.J.A.i...?...p.B..1.._<v.#....../..`.r.hdv#.9j.vF....dY...M...Do:..Q.A42..a..1......G...2Q.Tv........I......(...Tn.|.S.r..Y.......C.c........w...w...)D.H..I(...a.....+.E...M.s..'Q...y'I..o. .>W.".N-;.Fx5.D...G...o*.^.<..<.<......N.\......x8..&.QP.. \...g..P....& k^m.../.W.0G[]..{......e~.<.....lta..g....Y...K.{7.......H..*.!...?...F&......G."];.T<..M.ob..B..$7......UV.g.i_*G...T.,...L...1.`e.=.v4..f^.....L.=....../.fV.C.....!..5....'K.0>...3..c8.
          C:\Users\user\Desktop\FENIVHOIKN\FENIVHOIKN.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.85234148339743
          Encrypted:false
          SSDEEP:24:shQRaJmnvx3Ltg0SCJ3+7982HQqFeOKn9lKCXHOL7NkPA9O8ZksGFsPZ5whXADnD:shSJHB29CqF0fJO3GP75bsYlu+6
          MD5:18078FE691E9169514338BF71EC7E4B4
          SHA1:9098E5D6AAE72356B7C996A9685AA666BF4D21BD
          SHA-256:5F9CDBE4402A50947A5AAAFCDBB84F493D386C6530DC9E13002F4FE2F6735B0E
          SHA-512:DE07845738CFC33DD8B300F780E0E7FA3E5850496C4B95B3EA520EF8CA75D9F8E4C69F5D28B84860788771BDEF7FAF8514B70EDDE60215A049F5F35E6D8E3CE1
          Malicious:false
          Preview: .Wf%..r...q.}...\....q....*._..P..&.$..L.....g.<../7.%.do....A8...v..7f.dt...K..YP..7...]V..h..s....vFs...G.70:...`..%..x. .....${..P......xd..B[......w(-6...... .....J"..@...T..U...G.G...f..W}..+/..1......yvU.{...;r*..P2.A.....K.E..3..L.C1o..}3.6b...`.{&..]1...C....#.c.!..\K3PuyQ"...:P[t\.(.n..N.?....{..5B............R._.:%.q.F9..9 .......M.......xc%.......W.....V...0.W\.1....'...!%l...[...Ay...`.L+....ER..%kT...O-.jc/.$....t.S....b..+..T....Q...W...~GjQr.1,..]'......^.E...~...S:.<E.fi.>.dy.".8.i2....,.Q....;7...CJ.;....e.0B...lp..........#.Iw.l.X......e.j=5N!.m.R...G...}l..@.......*..H.$D..."...d).v.x...E.-+.7I.]....q:x[.....'.4...yXv.)...^."V.......qG].y..........P.....w5...IT..VX.h..p....U..%...R...]..w!s.).G.............@p]M.nJ.........(....$J!..,...Q2.}.l.....kc-..c..A..'.U&..b&m@Y...6..V*.W.bg........2.Onu2M|j.R.y.i.3Z...`...8a.....q1'..C/.q5....Q.U.F......t.<R..oi.....{.n...Gm......../.r.1y.])oU.a.Hp..tNX8}.J.U....1....J.f..'`,
          C:\Users\user\Desktop\FENIVHOIKN\SQRKHNBNYN.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.840121481125133
          Encrypted:false
          SSDEEP:24:ZtQZlpuJb53oNwWNe/4RbX+WEhHWjCFBmY8Q+C2qaBGbYZoyZr9faDrxavTyVvT+:ZtQxuJb53YwWMARD+WSBmYurZoyZd2r4
          MD5:3B8B464C4634EC856CA99CCA70AD54DF
          SHA1:EFEC8C546092B8B67DDA1875CB31A0CCA07C6823
          SHA-256:16BB854D772AF4FB6A4FC17696308B788D27C29E85AB9A1F3771A5CA768A683F
          SHA-512:8BB914E63AB0501753E9168BFDE4861E6B8F0ACD3D6C38BC65E593CE2A935B532268053614E8DC37C0DB87BC20643F071CAC737E536AA90515EC33F66CB6EA0B
          Malicious:false
          Preview: Q.yW.US#K`...(....w..[2......u.......O....yo.;.~..B.V1...R.A.c.........)E#...Qk.q.........(.o.{.....Xm...-......}..oj..].?.....4g3.9..s.ZO..`.v.6.)....s.~.....\....E....E....(G.0*. 1.aj..Du....|......`...."..mv..F7.(.k...w..p+....=...tW....hZ........A.]."kCS8.FH0.*....,R..!......s...:..*g..~.L...=....y..n....A..Zu2....=..BYF\@.....}_.iPjO.'.Hf.........t[J.[{Rj=|.UR.l'..+..............v4...z*v+&.D#.|..Zn"5..j:.D....E4.....<.........nHn..4..w.`|4.t..H4.Q/..72g..l..x.[.g..;.q.m....m.I5.G..j....V....)u.E.9c.....K.)3D.].=...m..;...rM.<....}N..>...h[.\$-...r.....+.W.4O.1.*&Q..O5r.j.L.-.n+.:(.c...Y..,.*.qb.f.h...D.P.V..G.\.P.(;...M.e.S.6zP....]..4..SD..=..._..S.D)...u.....#.^g.Q..x....y.M..cu).x. .o.+..v./.....,.{R...8...;.....odfQ.Vw...q.?(>.;.....<$.y.5.WK..i.....?;&.....R.Nrr.+...1..W...hoM9Q.W..g,.1....?.Q......>Y..ey....BF...7../.r......b.S...6.;.E.#..5|..O+..)F....K..bqy^.H.*'U{...F'.D...x..+..t>.*..v.}=U./.{|....5'.A....h...TJ....Z...km.;
          C:\Users\user\Desktop\FENIVHOIKN\VAMYDFPUND.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.838923952720435
          Encrypted:false
          SSDEEP:24:yB6j1HLcQgQr5Ch/ZtsavtNYMSoXR3vKSeGbW8zgz4f0kMJBeN9XADn+z+06n:yOebtZTzR/0G5kzqzMKHu+K06n
          MD5:1CE81665EA6324F29A3C96DB34E7349D
          SHA1:5371CB9867DAAB95E09A814ECA833708270A6333
          SHA-256:73A56EB4620A9E96CA313BD42CB3495FDEAF44FB4A1410F26D38767628713CF0
          SHA-512:BAEC8F9C5F6186473EDEB3B6599609E5F3AEC6FFC8466BE12518D0B5B0EFFA4A8EE6EBAFA2BA415E34420C07B06B7F4CA40BA1460048C530520EAF7138B67D6D
          Malicious:false
          Preview: J...V..?.m......I:...`*.^..o...x..7`....E.{...1....~..H...&....H`s...%T.......M...lA..5.. .c.j.gQ.<.!s... ...p.J...T$..wT..vl`A...1W=6L.......:.h.....Bi.....6G{^c.].-..:...HC9..R............k..X..u..{..G.R.......a|.Y.\..&.~.D!p..'..G.O...c.a..i.&.l)....|.@.gI.{x..`.y.L...~%..fM......Q~..l..zA.....j.m..6_...m..Tllb.@<.Y......].^.C..0.'....rl.)4.XMy.u..I>...8.t..%.:L..M.....Bd5p|.*..%U.3,.N7....?,..b...n..\......"~.e.].Yf.jv....F8...w.r!....'.7..M.u..py......6..)...HB.e0.........N....[.H..I)`$a...Q.........G..K..3..3@.AK..PR"d.{..Z..J^.0.)[../..)`k.g.R..-..........z.V....._R?.ik.F`.!....lb.{.c......Q6.m2..MkC.......<>kQ,B&..2K/^p.Mp5Z... .$..m...so...B...IZK$.b..I`hp...R..4gT.Ok....r....3...3 ..}..LI.....y.....!wx._e..................)g......AP.(..0*gd.2.!S...._...z.....^..e0......E./7....(.I>M%I ........ ....L..%n..w.......v.T.T..:,4/.l~."G.;....d+....H.b..j.Z*..1q=0|.w.R/.].}k..k.7.%O.|[......=$_..k..Nzsa.....g.fK..x..m.?y.2.wW.
          C:\Users\user\Desktop\FENIVHOIKN\WKXEWIOTXI.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.852058669848622
          Encrypted:false
          SSDEEP:24:QU6hIVdQFRiAWvHyKvugYUPc6Y/5jcoZfS6fXADn+zZ1:5NV6iAWvHn2xUPc6q5j7ZRfu+T
          MD5:763A5EB82623A416DD9652E4492939C2
          SHA1:E63511C903086273AE8BA6C8F4753A0DAE984680
          SHA-256:801DFDFAD354C8B923582E47A3067C60BEE3667B1EC9227D6DF40C69F13BD3A9
          SHA-512:E31D81FFC01976099EB08761B169230E2079229611BB6171F1BDE7D4519C1FC678B21AB8249110C674DC2402156A4BA91B55275ABD2B9811E9B432388BEAC69D
          Malicious:false
          Preview: .l].........4..4...IM.WK..b..0....q.z]3.VtP..X..C4](...k....V..~....*.,.3.=.......X#....Al......%D...Mi*!<^.$.n....UW-..*;F.I81j..`a.=b.,..4.....wPN......V0.a...,@4...........1.!..$.1}............B/..*a.6..\.#..*:*.]E*...S.....G@.T.A}....ou..|NJ..0.u..X~.;.5P...."...OF..b...]|...&..p.;T..L...........X.... T.o..+..z..4x.?'8.C..o...2......t.....FpTB.E.w.He......v.0.R.s.@..G......j.D.~.>.6x.....EbZ...gy....W..O..>..x...]Y..#..anfp..xb...s/.z.k.K6.V>,.(.l.TBUk..59x./.Mz..I.5....IX....c..>...Q.O6,...T....._.hi3....M..p. /...=.1s.O.`..'}.....M........@......5....9D..s.3....u...K...X?/..:.k...EK9.. ...2....'..zl.-.E.......J. .V.\..g.M.}\Q......y.....+N..z.h.kK.i...7,....Q.^.."..8.G.2.\..k.\H..g..A.h.G.Q...:.@.......u.*,..$.08.."m9P...#....U....p..A..DY.<.n..: ..4..4U9.!.....r.t..F...^.....B/j..G.#0s..y.q..2G. .X..4 ...Z...:.....X.c.......'..Y..0.:i..y.&{5..w/0K.2@qh.!.#Gyb..G..JZN....#..M...^.O...Y.J..n.......&..l.+H.^.{.].#{.c..$.s.5.A]Co5'.f...
          C:\Users\user\Desktop\FENIVHOIKN\ZTGJILHXQB.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.832268435127478
          Encrypted:false
          SSDEEP:24:ykc7X770XplZpSSv6GIyLUCrUXGVKZxOaozXADn+zCZK:yksX7MplttIyYrGVKZHUu+eg
          MD5:BE1B43067B4638785713A9A4BA436001
          SHA1:1AE32D3D4EEE8183C878F4E868BF73832DF073E5
          SHA-256:9C64D996F4E58208F146D85B5969565E020893D74EDDE108ACAF32501A2FA067
          SHA-512:BF1893F7F881AA93C5A6AD9CFB700EAFD942F9529A6B5739ECEF8844BB81BD56EACFA4C8ABC0DB2BC38E2F907EB2CAD1EEF9FBF6D9522E02C8CC03865FFCCEC2
          Malicious:false
          Preview: 4.#x..m.E....r.l......|+l....[.)V2zY...%J\....d.A..Z...h.K.9:.J...O..".Lb...V.'..W.fE.s../...G...n.@..9l'.....P....`.*.,..0.v.....G..}....4b.=$..PrA..[...?....<S...]s...C.o....j.......1.3V.7......7....{.m....7]..[...{d^XB.Q)r...)...FLt%,.U....w...c.....lL..`\......{W9.]....&........2x..7..Y............NW.%.w...5..z.'`-..c...<..|/..l..Zl.1...gI.7.D/nN.n....+H.B.~.\g548...r^........%.d...!..'%%.l..k.....cT.{"..1.<.Z %C..M..$.....G.*.C.-9R.B.1r.X....<.A;..D.9..]...<u..c.a!m...%l.z%..D.^..q......e.Jk.k|. .! .!{<.4..+ib...o)..M....<oX...#.{3;...Q.f.V.B......rK....8../.T.>|."O...-.C....M.s?..C....E..S=B..]...Da..H._$/R.z....:..Bo...0.-.. ......%.?...k>..`..mSa?..D.e.O..Ds.M..3..q;.y.cD...jzm.H..z\.U....Zc..L.]+{.........../...}89T.|{C).5..^Y.O..S.Dp........ef........'/.n.V#x7.E@G..;..?.......W9.m.)v.(...0.e-.T......uu.W8..Q.......Q..!#.F[.Q..5..^.H\O^......'.rDc1..%P$...pS.L...x...]:...d....V.;.8...P.w;n...p`..nKZ7.G1.U..0V..C\.j..@..t4....iD
          C:\Users\user\Desktop\FENIVHOIKN\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\GIGIYTFFYT\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\GRXZDKKVDB.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.839986346856209
          Encrypted:false
          SSDEEP:24:C68BynI5WCAZoqq6C4K8u51A+//9JiZhiD+bh8svDcxMMXADn+zxVyQu:KgTZoR6CCy1AAshM+bh8svQMcu+U
          MD5:798F28CBAD7987AA41ECFDE3144A3215
          SHA1:FD250AE6BA5DDF6D3316D7071C1317C425318D41
          SHA-256:E00FB8553CE588711C7D1771F8765667EE24FA2DD424B482FAE7797DD6BFA406
          SHA-512:B97D5911DD903B48F1348EE5EF1D4B85A035810755905173A9963E6CA2AD2A1CB10D44278B2E1075AAC50DA7E9BBEC6650EFE2DC0D0C1E19723B6D2FD32AD56B
          Malicious:false
          Preview: U.s.*+....1.{....+.4....3.6...J[{.%...=H.-...:.....PR...m..o......u]../qh....;..l..4VW)....yXx...2..c.)....9b,..3_K.0.u5.[..:@...?.y1...`.V.....,f_].W..k\.D."..Z.8l...@.v_B.'..<.....wi...H....j=.C[.N+2o.5....BAk.$...Sgw.o.gw..:.......L....P......"..._q3...y].,..'""..=|.-.b...=!...=G.......M.MW-.C....L9.gR.X..O.p.....>H^...dX..2........jX_('..p...-..vs...;Ck.#.....g...I.O2.zF..#...qf...P#F&.W6....\.rf.[m.w........I....\(-....L)$.....1.....I..)...a..^..`..h..j..........E...g.e`~.&.F....5(..d{.[.....YlE...m..X>.;G....h...Q.y..I..B..@......./e..-8<.=.._...1\.p.e....X...p5..@.Ts<....Z..H.....=..y.6..a.._.+.1!..H..(....s.....*ZS.xo ....)j.oQ;[.%[s.d..Of.L...`B.;w......*w..r..KVm.,...I.l..5L..l..En)...j4.`k.'(..*..3>r...o..!8......A.}o+.....f...?o.N.ag.....`Dh..<VX)..c...W%.x.`...+r.k.."....q.-&.,.....=.v".....V..)..r.}.d`..Q.f.ybC........r?.n....s..r......@..Z..M..<$.|.PA{.7w....5[Z..q.le.>$H.....)]....g.H6e.Y.<v.T.......T....".w.8.
          C:\Users\user\Desktop\GRXZDKKVDB\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\IPKGELNTQY.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.844964817865042
          Encrypted:false
          SSDEEP:24:Ix9BJTc9kvgPbNlTmXBNfFUGk2ib5gGbB+u2XADn+zkyQ:IxLBako5l6XBtFK24bBwu+AH
          MD5:3623899307A1093E87BF0BB7A4B53A55
          SHA1:9AF384BA4A2714E746DBBA6BD8C62B6932B1EA85
          SHA-256:A6B4F8231E0535085F7C9514279082064F6D38AA66C8BFCCA3990FF7968DD7DC
          SHA-512:07D1D52F715724AF3BEF3249901D1BD545910BD0287CFFE34432E939637EA4B3725F66CC43D6FFAD1633318D8072648FBC745513EEB3823A40EEB5590ABDC80A
          Malicious:false
          Preview: ... .r0....C.u..=.....}.......a........m.*.h.Gk../.`F.S.UMD.@-.H...Z]\?Hv.nB...MC...L..WV..E.B.........kB.]$.....2X%........ *....;....2)....O....."...3N..9A].....S."_Jz..@W_'1Y.:&.%...X.{.....U...X..(.....U1...#...r"-3..i.weN..KV..1....t..=......Um-....|.....[t....A..N...p.....T....:0.d>.j;.. E....%..2.n...I.......H.~IG....qx.ty..l.;....MD..... .xf.......v\..t.W.. ......&.#]........B|>..."&.f....x...m.. ....V..PS.]...m.P..3..-d.....I..7&.u.*.2 ....O".yy..T.%`.9.o...c..P..e.Qucn@.w$..]2...>I.2.X..r..#...~a...(./>.`.y..M...M...."...W..g..H.-s}.....>.7.m.q.....Ns.?y..#2.'.cY..~LD.~..!.j@.O....o.By...:~.v.i.y.....A..<E.....E;.F.._5T.T..vl.. ..ee.k.rn\.\...)][!>.=...t.\...h.\...[..(.v.<}2.w...bu...vO....0.l.!.&.....}z.T.6"j.._#6..f....`Y....UC...P.n.fd...._......;AI.x...........AILm<~G...M.7...@.j.G.q.........a..l+.x..".v..7.P....f......'.....L(=.B..q..A}.......@..C.....`r..!'..7...4....`..ZA..jC.f}G:@....q..\,..f.x....... G+u+..:..{.vi=. .......
          C:\Users\user\Desktop\MXPXCVPDVN\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\NEBFQQYWPS.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.844193018773982
          Encrypted:false
          SSDEEP:24:2rZ+RffmzdCn2qz4scTi5ywNCv60XrIe0pvDkTgOBJSJXADn+zMO1Y:ko4Cn29scW5ZCXrzZZeu+r1Y
          MD5:0C8A4BED8065D32B14E49B2ADE05E778
          SHA1:5C205464F50A52FE0A52D98707DD5DAA182BF7DA
          SHA-256:4C08266ECBC4B829A812827E00A334F1DB0A92F134B0BEB4300218F184EF2608
          SHA-512:1FDF724A263C7BAB1B2AFD0DFECD9EF742A2269459037A80F0552B1F3D4FFAED7398CED8E2CDE79AC8194923BB851D6F0D9A2D2DD7A6509CC02D5E86C2B931AE
          Malicious:false
          Preview: .......bh.@..9^7d...H..#.2../F.\e.S....w...T..V4..&t..lje.{.e}y0.o..h./.VD.<.fh.&x.=.... 4..s.S..|.K.Jx.r..x.x......G...4....]...&..* ....fS.^..y=......M....`.......F.....|..O@OE{.D8-...U. .v.v...iW.(....1.......g.ss@.....g.a..b.Z[.(.....~g.u....e9I*dU.J.P.j.A{.n..Ig......e.......a...5?......,U.e.W<c.....Zq.....P".....V .&y.L..0.D.&m..^.^X.n>..@6....5.......;.]...zb.....+.&...cQ..R..6.4)>....?5...&N=..U.[l*....f...a....Q*S..0.....T...]K.!9V.......e...pnn...-x.{...n.m..T...M;.....YI0....*.W..Pm.K...4e.r.*...L3.&vV-.CY......p.t$..>...A]:u.->...e...a....<.%B.:...1z.,...dM.!....M=.S............t....W....2.....\..Y..^U!....I-...6....../}...xt..(s.!y...k?.i.. 2`..j.....F..NS..6&......w.+V....9ld......p.e(..gP.?".b..!.tdeP..........sg..Q.([.=aR.8t..G.P........m.Nm(.d?..a..R.......`{......-v..Z..nl...H..*@.j[g..B.?...e.zx<.].M.n...O#.9..}.x..v.[....mS.~zL.-..;.aXm.|...w.+...=.../zd...yL....=.I...m9[....-..sE0...s.O..i......H\...j..R.$.@...U.d..C....
          C:\Users\user\Desktop\PIVFAGEAAV.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.852919673243158
          Encrypted:false
          SSDEEP:24:pnp0Uc13OQatCpvBicW/fRcNxMHK7jn+iCe24wZ4XNQ5H2MEu2pXADn+zpp:pn+UtAl6Rc3njtVmq25WME1u+j
          MD5:F5F483D940962927282A44C18AAD30A9
          SHA1:006AA6D47AFC2C3CE1A3D1CC1E6AFBA47516C756
          SHA-256:B24427FA9126E49039C3D014EF968C180D74A316D051ABBE24D5D914CABD5739
          SHA-512:8F905B13E7B2E28648F9988DF10135150423D095A9CD1CB71E503960FE514874792CD6E0F4A052868D4F59901ADF103532CE4E7CCD5118BAB725CEBBE6065324
          Malicious:false
          Preview: ...i.d ...q....N..=..x..SFt\...0.a+2W......Fc./xy+...=k.......<6....{...x.O.H....e[C.u3.....b6y.~../7N.:.f..\d..|..n...G9....x..K.Y.p.$F.......g+)H.n>....Q&<f.-.(.\.:.t.'^.X..`.#...e...bm...X....;...]G.!Z|..f.U.....t.......O.....U./q... ......V..*...-4O.(..Po......N...s$.A..Z.p'..j....._....v.4@.....:...<.....I..u...wN.$q....`.\.+._u.....s...k.....)GA..-.fD|.Z....Qy#*..;..FW..w.....h-.O..j.W(FQ...@2..sg+.....v..K......+~.!\....l..#......i...qOQ..>.....'_Jd7.;1/.B.Y/.{.o?t....,...........n....e..rm.A...yq.}t...2.l......zi..E..........b...m5p..Hx?.(^..@.6.2...I....D5.e.q...._...S[.w\M.Y2.ML.q.......~.4%G......a^B9.....B..^.s.}....>..(..6zw~.w.F._.I...|-.\.....6.:.j2...D.._h..k..Vj.p......b5..Z/.O'..&..g...KL.r......s..,.g..4....4.J.]..3...../.....<V.%.......5..P#.&.....umu.X.mY.....#.....-.........). ..T.S.BE..._.].80.D.......^N@u..;..V....P...(=....Xt.Z8..u..v!.=.1v.Wd..e..z.eFnq?,...)...&<..G..(..}..x..P.E6............b.c..w .A?43j....ls.}...T..
          C:\Users\user\Desktop\PWCCAWLGRE.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.845358229379643
          Encrypted:false
          SSDEEP:24:L5GXHW0uxYglchnZroRnespgx4XADn+zZ:wg2hnyRnestu+9
          MD5:B0A4FD2CC15598E584EEF0147A06C042
          SHA1:4020EFFCACBFBB4DB98D97A81DC36B2D2447FF5E
          SHA-256:27B365FA167018958BF1417207F221CD77441D8A11D0FA757E4B32FA0907131D
          SHA-512:FE1F628772FB063D584CDF42FA51B857C43BA20A0DAEE53BD6E44F3F7A095EE5BCFFA84A33A3B9FDC60F510A5ADDD6E5DD5E5AF635AB61103DE654B6674F76E6
          Malicious:true
          Preview: .&..6.X.o<...H.,..zvp.....q"a.....!.`.*.(..p....E.6]..A...W................6.<.hQ......2.e..5...G.....7.N....I...9....A.T#k..z...-..;.M.p.a....[.jn.].\r...Z...A.P.).J.._vA.)W.r...QX.0t....=....P.......$\,.0.r....H......OY.&[...q..Q...7i...hK3AQg1...d;q.Pj.............8z{.j..;..o-.+.G.4%#x..............%..5...:7w.A.W.{.$....v..T...|.*.V.sm..R..V.Y.K.Y...a....&fEj.T.$.!..E....ev..*..b2..>t..yg6T9..q..Ow%.C..>.k.-m.Y8.mi..X......g..Q..dm..2Q...m..[.....N.sz..^.....6.b..>~x..KAWN.~..........]_..+0U.L..FO'.{FW.,..M.A.fU{..k+..>U....yaW.q.O,...J3.UV....U..qo.TQe6.XF.&...O..41..Z..4..Zs.....l..p...Q.7.[.$..u.p..Z.....^...b..hQ...W..a.#.h.g.....X..%.#...R.um}C..8....H.....A\..q..1..U:...z.h}......B|..\..;..uP&....}.]...KK.......g.1,..$i...^j..\..;..1...........%M..+.ZF....O...;t-..B....}....M.^pFf|c....^.{.1V.%......!...`.->.!.:.......p......f.....6......`.^.:TV.@...v..=o....{._.k..l.-Kw.2.........jV.....s.....v..Z.........+8u....[.t..K.9MD)E....w..
          C:\Users\user\Desktop\PWCCAWLGRE\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\QCFWYSKMHA.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.875238228486163
          Encrypted:false
          SSDEEP:24:F+08rdiwTCrPiRNTQ9JDs95otfXza2EAerJ1h5XADn+zMU4:38hMrP0NiDsQthEAet1nu+Iv
          MD5:AB33E7CD149A433DC875E5F807B6F83E
          SHA1:D0A7F1E66346D442B8389AA177AAB70405D1F2A9
          SHA-256:8AD2962DDC26F061FE2522E4BE4961ADBD73DD3243F57FC2776435F219CAC1CD
          SHA-512:FEE22EA28E18CBE3739F00774F6740A60FF7355F180B1EA82916F13B6CC7CBAEBEBA0FC3D3CDC7CAD837AE9E58C6BEE119D3F27C470A32E6FB061E7A8CABFC34
          Malicious:false
          Preview: .}....F"l..*h...]...E..(........L?..........%g......D.. y....}.8...lM.I.$m#m9p~.86. ....KY.uv&).....yQ.0.....M...8......'(..(....f.<>.a.A./.......M...'i......b..]T..+.}m.......$....9..'..y...%.....I...p_.m[/.s/..".......B..<...(n......~.{w.A;I.......} R....lE..(C%.:%..=.a...........}N..;.mjH.s8.......>....M.......w.7.-.....#7.7.-_.}.t>......Be...B...'.5z.o.]..{D.+./<.....R...Ur....2.Q.......a\D........7tLF.$-)....y...-.co...4b!..R.].T.5....\.[L...8..T...+.I8.;..o...4...i.&..G[..q.x...d..=..TB..M:P..<..k......I....8C...Zx.M.D...2?FS....;.'.~...:.&W.....#._{...].......G...2F...h........{.aE..+e0..8...n.)..i.c6..m......q-.r$.".^.x1.3.j.R.G6L.......<...M.w..V......4.9.u...u.h..Cq..X{..?..?.%9....D... d.I..:/....c.:...s.V.._|.<./g..d.Gg...........X?..@J...Z....E.s6[u~....R...V.:...X]...j1.X...dP5.. ..aG..!../Ud....L.-).\yS.I.C...3.B.....U.lH..Y.."......d..._.](.....=f$.-?..B..4..!..M...... 2..n..#.1@.P.S(...../..t.c.X..B..bE"U>.... O4.V.tm#
          C:\Users\user\Desktop\QNCYCDFIJJ\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\SFPUSAFIOL.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8462724480384844
          Encrypted:false
          SSDEEP:24:JvN2PN/7qvSOMHSJQj7uLnqRbHcDS9Dgjs/XADn+ztgrO:Jv8PNzq6fqQjjRb8wGUu+pkO
          MD5:1A2336EB8C69254CF9C753BAB84D1D52
          SHA1:9566CBDFEB607B9B9E4C103B6B18A3A62BE2408C
          SHA-256:39E7F00F8EC3C9E7DE7E0F1C2814F940BC1FAAC25DB80AF5C20825CEFD005392
          SHA-512:8198014E32997CCD5CD51FCAE07833AAC9F2AADACF037FDD1032306807340A159177B13AA186DEEEEF40A4A4EE4AB07637687AFD8219CD3720BD9D55BB2AD917
          Malicious:false
          Preview: x...k.m.1...w.F...@....B..-NN.d.k...{..>M.p....\.}FU.ix...YH....LL......C..X...\l...I..$......A...... .T=.@{if&......9.S..:.9...Oka....:...u}..=..l...S.<.#..)..;&...~.E|..{..3.5V=........F.;.T.'..U..=.x....l..L.a.}a{.;B!..Z...h>...@T....3.q.~.j_.%..........%..\r.X...).>...^.......FGI....fU.+..w..K+..~...~7.U........P....<....W..-..U..LbJ...@.ii.Q./.nOW..#.........J......4.E...e.wL.>v..Pk..7NL._}.H..j-.c..j....(....wic.z..gzE..W..yg._..=..(..R^.J..IS.=t.`.......u5J...JS..]...i$aR...d..P>zT.C.......O...s..h.9..?{..)|.L.......yD......V.+..0..i`....A......R.Jx.....-..-{../........HM.S....f.{ZK{I.`.7..$.~.@.m.W..X.x.0;.4.C.cLIm.i...+..%..H. ...h....u.....0{....#.p.v..>.5.z..j..n..*....Q..J..yMI.\.P@q{.@[...^.JD...".@.ysr.G'D......:~P^........L.S.".5.....v..n....5...SK^.J...$.H/....K.......g\.h.64.g.;o...m.....j>...x.......:....+p.L..C.H.YjfFq..f..$.b..A...(..n.....p.....d..h.......K H....9...i.JT.-.43.V/O........k9.NF......"........h{..'..
          C:\Users\user\Desktop\SFPUSAFIOL.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.828719984393646
          Encrypted:false
          SSDEEP:24:T1uf7CUs+OC81i31yBu4d5hPrkaMiBcdNV+DTBEs93KF5HXADn+z4ZYj:0f7CUsVLQ0Bu6n43GcdNzGKFlu+sZO
          MD5:39FC0497CBCBCA919EC449C4647FAD66
          SHA1:A628B8A8E32E31615C1E0F3E63CAFF2355633F50
          SHA-256:800F2BED6551EC7A3D33DF74E25A1200337C1635F9CEDE73866AB83BEE0C1A4D
          SHA-512:8191FF2E5C37980DC5514CD80686DA581B637F61E52CCA3EB36618DE123D6A7FEA0FA4207E8B3E7D97A8ED599EBAEF36AC3F7E91053FEC9456B8DBE060B6A85D
          Malicious:false
          Preview: ..m7xI+......@7..B.7.6j[..X......";..hP....(..j..o.;.6.r.d}]2.0sp2.A~.k..h.B..I?.J..|2....)....8.q...........@....Y=5..>Wh{.........*...wE.qI..D.D..`.....;....i.....Q.....SB....0..F;.9%ws......V?.=.}....|...h.r.!Asa..X.# R..p.ru..!.`...AR...}|.z8z.N.t.f.......D.`.].\{9.].X.....4..~........7.Pif......7.....%v..`.dlce+(.Tm..`.....3+xPu....<[da.wc...I.......S..NA..;..W...L.b.....f...6.."$......lR.@....`3{..%..;._..N...."...!.."..ox.C.[u...J....E.3.........!.%...7M..V.....N......-..G(X...yB.>.f.L......Vmm.{...Y....:..hp...T.....C:wl.sdx.yt.J..pP^.(.Vh?.&.n.V-;....P...:....Q.XFE.....<CT.....3n.`6U,.T...o..dn.{MV%.:..z.9......4.....s.}X..E...Z.X....+.....D:y..w8.@.nZ3j.i~.`....2v....x.H........C.W.#S..=...6...+.s..b\.2..s...N...[.|{....m.Y..Ed...B.AO_d.G.E.....A....u.N.$..53...+b..}.<..&..h..S*..D#... ..R..J...]8..a...0.?.{.L.)..].......l..b..>.^{.M5.......3..8...).SFO...x.|L..f...^W.........1.......#:v.u..^..=|...l.2.#...O....j..
          C:\Users\user\Desktop\SQRKHNBNYN.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.839612869093501
          Encrypted:false
          SSDEEP:24:GU/zyFnCcrZCAOfmMdrpDvBlnqXDSuH/cVOxWRoy89qHXADn+zfhr:GU/2CcFCAar5Jlib/4OxWnsyu+jJ
          MD5:BB7E261BD79C6C6E201375D59E1440C4
          SHA1:0472B27D1685456515E70E3CBA88B751998203A0
          SHA-256:99AFC292D11CE8BC1C52812BD7D917811F5744782CA42CD758A81210555487A7
          SHA-512:0AF2E8AE8E64E2E15A153AC7150DA89352E7257D14CB6F0EAE54B38DD185554CB4AB50E4BE2712D6CFAC48DA388DA3B357DF505A7242CCC76E4A2A20961857AE
          Malicious:false
          Preview: h.);....%!;|W........bE}m...t..........h.q....F..cf...o.Z{......1....96....?[..4x.H^....FutX)..3s.`%flV.+.ku...~.9.H.)Z..W.....b.......2..WFn.0.Ep......B......m. ......uS..t.W.]c.T.5..V..(.!.o'.)Q.......i.{...x..S....Me...1.[uML.q.B.p..T.sv......S9Fo..*..W..O..n.`....Z(.~....C.IJ,..~...Kai.j...c.}..3Z.3.r.G.U..... .k.WW....V.......t..i..lU.u...........$d. Q$.rH.r..r.<.......UN..A.>.....p.;..A.......<`...\.....(..7U..P&z......=1...."...i.....BsV?b.<...6C.g.0......e..j.S...>.W...t..&.$>..!b.Z....sh.y-..7.xx...`.=..S...YQ.[.).......Q.}6Z. ..m..q#0..a.A\...lp.. .#h..#.;|Qu..C.^..~\..,...-.........(...Do..i..t._.$Q.....:.@3..I"c-...........;..).ny.Kw..M^&&j.e.,2...-.Y..|@n./9..)@/......+../\.7(>1...X.Y.H}.L......U...=....*.J2..>Z.......K......gN....ok,b.....C.7E'l..A} ^.m.}./...'!...4...7.T...#.tM.....4N...1^..+?..K..p..|m...h.....I..h..........V...(...uA..n....qs.1..\../.....}.....td...p$.q...^..k...~*...rj...ax....4..*.6.._#
          C:\Users\user\Desktop\SQSJKEBWDT.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.826010945098069
          Encrypted:false
          SSDEEP:24:8yrMK0qhVx+OVAFywQ4gokusFW3BvkAi0DFSpC28eqrJoz+KUyl+EY2XADn+zW3:vrMK/NVQywQxoEFMvNiM99N/yl+Yu+K3
          MD5:E897EBC1B148A4C5ED28573673799296
          SHA1:4D9E71A2AEC9F99B3A87C84F4FC04707D6543357
          SHA-256:48E276D9973A647CC44FEB15B31DC3880BB036EF799350C81B5CDBA662283A3B
          SHA-512:FDB4B92B193DDBBC33C556BDB577E416E81D987E16B83C7DCBE0504483C46479651957B3B1F7BD2894526AC9182B6B55D19DEA13CE2AEBC214688C5979BB2287
          Malicious:false
          Preview: Vu....h.l^.=vz..q2.....o.%E..5.....o.T.]...c.9]..@..../....:_..........g.{.4....0.....l.+..@..>...,.w....5.D7`P?}.C..t.y.. .z..... ..o~...@.-D.....r%...1.1`..[.3......#.y...F}M....<.N.0...^q./..d..y\..R'=.9..8.....>.n-<@..!.e........B..P...}y...*...Y&n.>....@^.z.<.tS.............xT...0.F[K.-.O~.........j.......E.".A.[.W...!vX.+......{..r..B...vds.c4.74&.Rb.....K./.@.....([......S\.u.P=w$.=.Y./7=.SD.z$4.K..-...R.Uh>.4..... ...(.D.b..R0...J(.P..#6.{HO.J......z.f.h.i.T....yD.p....>o.=...4..FJ..}^t....~.8.M.J..D........)...j...#.m..A..]Q....-.$...W&`....g;C.=....-D.j..u. .u..'.2(...7...Wa..-..)..5Z..$.!\..6H.{...C...m4..~.riS-.o$..].u.:-`T.G.u....!)C;.3.;....r..8.5.N....W...t......$.....aA.7:>......@a=r.z..!*j.M...+..T-....#......,.]}..B)k...`8/7`.gC...25...+T...L..~..\... ...d...{c...<..o.......o*........{..8I......g.Y.'?.#./^..)..&....>R.$F.:s..Qx.\..\r..8...\4...rk...I....8....z.@..SH.H..Y.^.?....d[..Hr.$fY.4..+.........A.A..R..1"....x.:
          C:\Users\user\Desktop\UOOJJOZIRH.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.848102572216207
          Encrypted:false
          SSDEEP:24:NV52AgNKAaX7alOpQT8Q8yD8x17XFnRpc3lKtHPHXADn+zN6fl:NV52ASy7SOKTMyD8PXFRpcI3u+p6t
          MD5:6BF7190EBD6376ACB78BF3DBA1C2042E
          SHA1:F8F3519A3ABA8D547D402D24966D5C05D8E9B503
          SHA-256:13C909E8C4A6285D2922FA3F29F0FE810B934D7508BE5DEFFEE5E6D70A958619
          SHA-512:CEA757CD5356CB07159154C387BE190C32CEA299B70CC70AC5D95382A83DF68197FF8D66D797BE3A6B3E57BD2E2A177010054478630FF556B8AF537F6300624F
          Malicious:false
          Preview: Nj.."V.Y..^OA_.b...3..f|.M..X.vk...0@.n.......U.)P.q#\..'.Y.6/!.....J.F.......df......z.x.*oI.)WX.^..x..C..*.....sI..M.8......L......>..Z.9..a..R.n(..N...E,!...].}.H..U.8!..t.P.c........ri$K...y.{.P.q.............Ry..:...o...V@.x.....eh....ED.Q{.]..,........I.d...%.~..c....uq..J[ U!f.#..I...}'........j......./..!......6,aN..{..1..!.......I.......^....CD..Ah.G..."..%yl.6;L.../.s..P....xb.F.2.x..wr.!.....$..[.....h.Q1.*..nZ..d.......P.......8....h..2f......_.z.5.J.r.J....c\.....\.F.2.. .mgxS7(R.T.^Yi...q..*...8s g.....lg.4h.....:.q..I...X.Gx....K.".i..(...........K. !...G...s..ZZ.....!+......Q2...S+.q_&.$......E.c...pB..S..R.e..>B....z./..,.Wg&.(,..9......:.\...3=.......n.....2Y.....f........`2.......>O..*..Y4>J.T...d.h...h.s.....1.%..]\.4.4..IQ7.$.g..7n.!......Os.f.v...=zXs\*a....O.@Mu.n2E..)."..).^k.. Y2. .uE......:f2..{DeA..5n3.%U.Hh..+..F...B...K.v.h.9...F..F9*...-.#*.....N.O... m.Z..H......":..].T...B?..v.~0.ZGT..u.1.Ki...[..=l....!...(
          C:\Users\user\Desktop\UOOJJOZIRH.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.824754931739691
          Encrypted:false
          SSDEEP:24:KnrdMC57+wIdniXhqNoiOg7p3BpfFjLI+W/7rCn6PuDDflXADn+z9K8:ydMY1IiRw7px/w+cr46PuDDfRu+Zf
          MD5:7C115EE12078ECA32407AB5EB5870BF6
          SHA1:994EA32900871DD514D822010209438E3AF77C6E
          SHA-256:5D3A8A48AACB912E862C9D576D448BC7190711217C5C1BD6EE0B6DB0AD90F002
          SHA-512:746F879DD450C7AD421666208B1A7CA4491D72F39BBF014D7ACD8C8AE01A86783190D4FC5F459E6A54AB50E8E4F459017496AA756695BB8EBB1F2C07A5DAEAEF
          Malicious:true
          Preview: ..2%.....O..M.J.;...l..........Y.....G,..=..........O.+.^U....z...y.UF.....7t...k.L.g.e......8.%q6.A.`..Z...N..F....;...C.........N..&~.^O.IF.z.s...3.r{m.t..c.s.y.0....h...P..m)..NQK..l......16dQD..JWe........K...H..>W.Xq:.&....K..G..l$..o...F....R)..2G.8.CD..j.A....+.&...s.o..1.OT....9$X....)..P.qO...._H..R..bA!....!.6c.].......T.....M...o.5d.EA6.,...V.j.1.o..U...zy... .A~....]#...Nq..*iJ.....M.%k....j..i.xC.....w. .b...a.....9,t8...1l.....Y...Y..9.:..RP.G.c.... W......hY.`...y...<.X.D.M..i.O'.z.<..;s.............c_M.c...6..h..%..}......]i........8.0.3.6..........~..9h..(G,.Fz).G.Q.....J...V.r.M...v...........VDb.h.R.b`..u.O.QI...?..s ..H..v.j<..!z..i....~....M..x./+^...ye..Gr..x.>f...kTk....u......A.....u..u]..].$.._W.$.[6c...S..U3....[.Me<...8..$W..\.M.d...R..]..HT..)..Zmj|.....n..(Td.3~.!....?3.V..\5.._..........,![~.^.9.......xS.s....e.i..x.....I=I]..Hc..._I.([..-.."z..t-.9.bc..Mv.2...}.!.8Z....t]V.]...K......#....>v
          C:\Users\user\Desktop\UOOJJOZIRH\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\VAMYDFPUND.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.848977833322646
          Encrypted:false
          SSDEEP:24:y3zLlvlkCqlr70Z0DjFIVQK8luwvMghT5Abe+XADn+z0:yFv+C4ZDjFIVQK8luwvBeeiu+w
          MD5:4DE5CE7D22C863E5FE85AE736DD85596
          SHA1:C4F9F7B1DFE70D13811462980A86476CD575218C
          SHA-256:6EF8146F5039BBA07D4D28B22B79567258F707EE061443EA2810C5E144047F40
          SHA-512:175FF8B5F70E6E8A43F52163AAE09821E1E489FD6E2BE02E12F2CEB4C48401A9BB353EC89BFC56F4EB283007765F7D6D5B8E91A2B816D291FD6C695E79268D9A
          Malicious:false
          Preview: ...~.Q%.lxV".....QU.XQ......;........mi...Y....P.P.......].U24 Dxd.0..U..~.,:.p8.'....?1W...Q..4.y.......y...v.!%Z:g.....a.._ZQ..._.y....?....T...0.[X0.H[)..Q8!..2.....+~n2.a..R}.B(=.MS.......,..b.x..{...&.o....?.....7.>.P..;.......|...th,...C.q.D....F..[.8.~..A..%*...YI.!}..7...L....W..v2. ..&...59%Rn.f.Y....).W.z4.}H.>.>..I..........!.+.~.O.x.2...y.Q.......;.d.0"(q.;...G/..b~....1X...!..*."...wlf.[J.5.#wq0-..Y.8.v...~....>[2.!..*.:.k....2&..0..V...9Rs..U^]..0..W.4.l...#.]6...mj....x,..-.5:....._%....(..5.N.........D...ci.xp./.(.......F...O .5[...}i......?Qq..y...N..J}....j@B.....Z.;u..U.h%...F.....{....K# ..*r.)..2.+J..b.#.J{.F....7.%h........l.94..B.*M.e........g;:(.6-.H.@...e1Ia.p..!0#...P.F.g...o....b.,.=P.t.....'Z.}.D.kW..=O.D.`,.........j.sI...9}..J.xT.N..f.d.....pn..T....i.Q{.#.{0d....|.d....._.k./.Z.!.&0..x.D#..x.IQ7.a..^..{Y.].g^.[...-$....Gt..7.F..G?..1ui.1.Lz.8.q......,..X.,.efNvB.`..B..(h.+.7..P46.[2U..Co_..\..4......Fi...
          C:\Users\user\Desktop\VAMYDFPUND.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.826502793750154
          Encrypted:false
          SSDEEP:24:kEfzr/YBZsr2HFrFc2atxaGtR3IGzicQmXADn+zE6GrA:kUzr4g2jZatPRXecQau+xGrA
          MD5:DDA7DBCE977F645F09FC68C9615AEBFD
          SHA1:653366BA45928AA81BE834DA70C0BCF1FBCCB35F
          SHA-256:AAEE8F098350A0C04235CF88FD7249424328875273F45E7AF077DDE4A7364529
          SHA-512:8810B9A40698EB398A1A199488D0DBF8D4517E68E5D4D4219E7E414BB7B0EB339AE525895CF127C500800C080D98AC012722EA75286D52E39DE7047D3E3118C8
          Malicious:false
          Preview: ....F.!.k;....r.w.....Y..Io...?.."C......e.a.7.G-..<...RH_..f...Hv.z......&...w3.m].CL..](..r..G9...J.[.....^`( .N9.c.M...Zu....y...4..p.!|P..?p.*`4."..N.....B..$1......g.*...a.. .j.A.U?.t2.,o.O....)..%./....65..v.0.......JF..q..a.H`..}.P...aorM....F..K.....JwE.w..x..V.*...j.=]X..Tb..N.U....D....>$...u.9.W...`-.(..<.-.<...8c...0G=..X.}Zn.N."kI.8.T>...H.e..>U.. q6Cp..'...9Q.}....Bb&._gO.C.......OBD..r.."...P...r.Lq..NE..G......d.6..?!.z+)..V....H.........K*).. t`&7......9`7_.(:.;.S..e.......U.D..@.I..(,..,...JdS'.....M.N.;..\..)....(.<.....]...? .+I..C .\...6Qe.....kw....Y.9.E]...b.5.T.Z..@...s.....i..;...S..W.Y.\a....:.7O...sq.......l.....so...-.e ...`u.....,.(.U...F..W.zC}..n..G..B..K.F.6..#Z.E. D$Zg.2.a.a.#....a;...u..D4d\.W...8."6....r.....+.....pR...P.:...4O.he...C..".6.)N....D}..PL.].........w%.YA&x.x....Q2.......j...i\...N...>8....T$.@..4...8.S.U.4....z.`.&..].....9..eCO.^x..{z.KE....1..Y..N......@..e....BGJ..zCs......L/..
          C:\Users\user\Desktop\VAMYDFPUND.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.829322670866774
          Encrypted:false
          SSDEEP:24:zbBLTE1h7a54Fydup/mejKk0vMXHyHoWbCv1VIQ3f2aLXADn+zYL:zbBQe05eWUDHoWboIGftu+2
          MD5:69CD774757F79A29F46D8E8DD2454CA9
          SHA1:A6D6BF74BF86357A2ADADCB0B2271475B7DAFC5D
          SHA-256:C29AFA8392358410C1F7CEC48284E20899E525A43B8B231F82FFB550931F5BA1
          SHA-512:B4F45D33631CB4D21D1CF1A923A765BA17180DE01ABF794963A0BEA7516FC9598595CE665ECED098267341223E8CFF88A1EA2D51B4F87F8C8732FA5F680AED6C
          Malicious:false
          Preview: ..S.Qwr..`......b.....x.=.>&...........q>.J..+..t6q.V...2..m.........*.E.83..3.C.@....a.....F....9dY'(\..*.|.4.,..,\....{8.H..U.T....);...1....<zz..Y..4.A.O...h.b.1.5..Q.b..a...^]..:~w.....p.Ng!...r.3....=.....v..Lr....O.c.r....1...*..!,....N.*..J.....WN{q...jU..p.\.H.LT..uXM...9..>i...u.....Z9W..++`..9.U..F.A..F..`.\]...+.b.o..J.N."......%.A3.0....X....|~{?..+.....f...............+..9.l.a...s...8....1.J....:.....v..T<.vU....O.t...*.w..!......?>HL.n...Lna.H.x.v.UJ.[...G...>..B.ly..0.,...a.X..r..`.Y.....NO.......V.:...*w.....H....H......T...r..A.P.c.U....R......3.B\.k..3rGNGx..N.........i.X..'........CY.....,....2.^.M...{..7...7.O......(.t%B_.|..>.L...z....3.....cP.. x..+.~..(...{..t.Z..BO..h......V- ...+L..|V..;.......i..#.`...#..q.O;.z...H.S..9.....3}........."..?.g.k.D'.-.2.w......~.6..@O..$....~..U...|..>....Q.x...l-.m.J...}...j...|h.%.N.".....'.........5.Y".#dd....|....o.y...f.p..t.H#....88FV..4r.,~..(...2D..3.`......g.M.[....
          C:\Users\user\Desktop\VAMYDFPUND\GRXZDKKVDB.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.845561965928946
          Encrypted:false
          SSDEEP:24:xMyFMAjxvTMNEwXlj6VJArLjlk80NoNSqtscPPvXADn+zAEWg/w:KbAj5TMNXu80g/PPu+cuw
          MD5:70035DBE015930D3F4A09839B1389017
          SHA1:4F1AABB2AAB4FF8D195B1FD0419974F348298F3B
          SHA-256:B810D14304837B0A9C39CFCD24365B737F9DF45D7EA23EF0146E6FBEBF9EF308
          SHA-512:E76B223A165684015D17F406BDA92250D8169EE3798C06D100CA17A4CA4EF1B2598DCE3C95760EE96F88D3290B7C77081622DCD7AC60EF577090A1A78EFA05F3
          Malicious:false
          Preview: ...y..YM..*.#.@x..X.0......Tk.& .k .....J..P0^...HB2.....S.:2). +..%.(. .u....h.eq.\.R.=t.U.....Nk_./....K...X...O=L/K......k0#8a.;A.'...99.p.X..jp...W`.x."..}..3Z].{..'..0....[R.......v.?.PQw..n.u.;.............~7_i$.h.?O(..=a..cJC.z.g..0.TIWG.).~.S...K.j...p....U......6.....x.e#....._.N.9.........-.r.>.g.+7.....M+Q...tF.S]\...r0.H....!x*.aI.N.r....1...9.d,........[.3.D...T.!M.#..k..S.f~.M.......Y..Am2U..Oj..J2l..=)\.#..u..T.E.#....b.4.O.q.G.G#=!...[...m'...".<2.i..Fj.....$.%j....i L`.<.]%-<..m...MpZ...F...7.....D.)b#.W*..>....YT......-...fA......5....P.^S..Y..Q^"....vMGnqx=..... ..P...G..M....$...Z..e~.......]-.S>.k5.qO.S..*..A9S.>....%..Wy ~.@..[CQ[..L|....=..3.........2..(.....G.4...A').H.....w8,.8`o#Jir.4kL...,w.9........3.Px...mH..\.._..v...@..bh...r.....8..g.k...]..w......d.gn.fb.g.*.:............._X+T....~.\..W.6.u...Q.h...6!b.}w/.N.............4./....}..r.$..OC);.........,,..3.FIwky.;.......P..o S.zu.M..X.wS..F/...e.....
          C:\Users\user\Desktop\VAMYDFPUND\PWCCAWLGRE.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8530730063494
          Encrypted:false
          SSDEEP:24:WtcLqoUHUHNHVsfkPQlq52FeeVUBeLGitXADn+zdp:WtcDUYBVMkIq2F3UB6bpu+5p
          MD5:9250C7C695E0ED75CE425C15075E1AF9
          SHA1:2ED96BD607AC5E2BEEE3EA5D896D40C3D002057C
          SHA-256:EF8420A78C5EC8CB39BD6337EBE8CD3DC9B4B1A4E9E29E851A9DFA40CAA0C631
          SHA-512:41B868556315269EB372704D3B647B011EBE1829F9262B678FA5BAC7D5A273FF960EF3DB453EC6CC1A55A644E72F1CF8C98A8FE23F6528F6E66AF9B939BA0422
          Malicious:false
          Preview: .....R..F./D2.fQ.\Cm....y.!.o...V.....k.....c.Tq..b}.>.....o....{.>c..tn.^...=..).3.RY...p..1P...w1...4.....XX.......K...R..o......(....J.....\&.1..sJk...&..l.Zkf....d$...Ds.|.7..![.C3yb.B.,.Lh.. oH...H.Y.OG._z.{.....Y.C<g.{..\-.......F..=k...,..#.T.....gZ.c.I@..AO..W.`z...bZ..%S.U1.....z.`.m.....~?!...Q..#wg(.....z..d.B..$..W..]. ..C...n.B..M._z......|...{.q)......v/.2/.}.8U[..b.....xP."....p.5x?.?.......I..6e.<s..P.....j..$.M(..."..... .+.....LV....6z.]..EitubKf.gZ[.*\...-v.U......<....h.I..q.[.....j..(...+....D.w.B.kG.w.6.....=....M.W...E..U;.U-V.A.....n......z.j..bD...l.....-.yvB..R.v!&LO4_L.......'..\.{..L .....dg.-`.....{.../..j..............E....<.....A..T@.</..%.(....#-.X*..{.&....:R...x.ey..#Y.-.S8.F..*KI2....0.CX..t.p..o!.V.[q......Q.....n...i...N{E..o...x..f.L.rU.+._`.(.#.R.:U\.x..9..00...2..a...<QIr9.6YXw.r....k$._..u2.-$5Sh8V..7~....t..O...,.7...nM9'6.........)......:.eu.%].o.M...{d.7..c...7(.>Ea.hR.A....w.2.Sw...b..C?s..,
          C:\Users\user\Desktop\VAMYDFPUND\SFPUSAFIOL.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.835300424053646
          Encrypted:false
          SSDEEP:24:1IwGlCn3fOejqgKQ5cMestmz5/zN3/mPdkKamI0OKaDIXADn+zDWnN:1IB63ljbKIxmz5/zN3ePOKO0Qwu+PgN
          MD5:5DECDD68EB392CEBC18782C8E18CE3F6
          SHA1:7F5462B5926172074BA8345A4437B9168C14A6CE
          SHA-256:C4B334ECAD0B9D81B66A8091ADED16223C53472997AD7F64EA18633A06BBE862
          SHA-512:D9E7845244D567533789104CC7C1C59FA9C90DE493A23283F67D35CEA80C8A51F81BE7F46FF585C4B127E6466113B93C52774308F19C926F83844F977BA867EC
          Malicious:false
          Preview: .h....9....B9e....T+.0....4..L.O(....inV@..]5...[..,.`Hr..[. .>.....w.#@v...)..DS%B.........:...ci.;.X..^.vjM..g...h...3..'..g...m...6S.^.o...5.^.A.+.e.H..VZ@...4.q.c.X6.l...M......2.C..A.)..N.n .2.-6WbX...o..Q..0.).....f.s.Z.W..7....a...k..I..5..Oo/...@].<..b....{U...dM.......uF?.."..\...Z...Y......;..%.>......2I.H...hx...|[.67`8....Y.....%kKzOr_..8h.r..G..r..+..EieB.^(..l...//.Q2&=..^._}.m.(]X....w...ko\...8a.|s.^v..Nj[.....k3.B....%..GE0.;X.a..{...%8..v..`..l...5....b.PTv..........]1.....}.2._&NX..w.f.S.7+.o.[..2%."W..6g0.M...%.F.-.......R.D.p.Z#<..U..=...p.,.."1Yd.3..$.@.f..<.~.Rt.....`.x.}V..B..-}.q..>.MY....a....K.r6Y..J#%_.{..^...-..pTV...hv.. ...J...tM9!T;Y....5\..:....e........q..74|...^Nqf.L-j.2..K....Ub....p...........n....T........9.7;6,.es......O'.S..>Ruf....a........BO....:.:B..g._Z..V).p...#=..l.......h.s.z..2.-.,j...Q!@..D-J.H_.z..%J..t...[_.j..2.....6N.o.,Y........2B}GI=....t.......@Z%5t....}N...V...u...DlK.2|.'l.5.a.
          C:\Users\user\Desktop\VAMYDFPUND\SQSJKEBWDT.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.855168607015851
          Encrypted:false
          SSDEEP:24:EZgLNKI83N7m+VkLW2yUwXEA4rRFwq1sKbLs1jF/BXADn+zFN:fKIIrVkLah0hRFrLs1jJFu+n
          MD5:6A7926C0E31ACA4AC9D318B4BB4BB234
          SHA1:BEDB0798CFE1D6B73183D9E2277BC3B29F4E5D8B
          SHA-256:E317F025CAD79585ACD88AC62AF0CAD9FF40BE9BD7B0F91B9555DFF4EFD6A32E
          SHA-512:5B9C0BDCD79862AE2273E016640F7C706B0C065DDE3315001EA1DA32B7BF216ED187D9758C83292DFFE33AAF3962C631B770D1EAB292BBC99B314CBA11239537
          Malicious:false
          Preview: .e.t~...}.[`U.W.a2@cHJ....+.T...S...Y^U....H.l..=..\.....w.f.wun.o...iN...5.o..&..F.?w|7x}...!...g-..%..[O"..O=..E.G.0.... ..{N.6.....;o3h..JY!q..J .T...t............]J.....Pu..V...........+.So....9'pL..W[.....4m.-^........i...v...e.|..W..2...C+`......?m...BE...0.4'..k.L..wT....1.....K..nX...U3;..a.).}2..2....{..pq.9*..y..m..}V}i..?0s.DS.\;.g.A.=&.}.....,...c....|.....o.X..&...4.8.J....q....F..lM.\v..2T.l.1......[4t......BR.G..vIwX.j....:..........ZM.]...>...X>..YX..5.}...2..i.....2.......i.^.)..!..".."HR.YP....E....R*(.....SX!.6y..0...Vd.J...$..TG1.......-...3....y..F'X.......H,.;z.....X.......4a...8.xC....4....qoX....o.b.(.`4.O..,..k.w>.......^...S...u._.;....\3.(U...'.K..b..0/..T..].6.Z.l.....h......$P.c.x..>....u.....W..g..M....GYG.F.c..Y.>r..o....o...T.|Ts.:I..h.2.....&..s.L.ZG.....@)..$`.7P.t.%..r..n!nR..P.......$%.rn{.4.d..Z.....K7}<......>{.b..Y...u.....l.f..Y.W4.Pk$B...l.F)k.kQ.-..\...._.....<...".._.>..D.......f..Qegt.....
          C:\Users\user\Desktop\VAMYDFPUND\VAMYDFPUND.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.836184922072691
          Encrypted:false
          SSDEEP:24:Q5Vpk06syn4vxkhjP9vmqAW/Z48mKCX9u2BksULUiXADn+zYOzr:QCUvxE1vOO4821BkskU+u+ca
          MD5:A8F9240E136004AB585E7D9A44409B76
          SHA1:212B0A68ED33E8292B7F8BE9BEC01F74005B45CA
          SHA-256:5EFA51FE811DE0EE04344515DF70A5A99BC5C5BAAE60DB141959FF7A9055F0C5
          SHA-512:328DF4917AAC604E9CF241DF99869FEBCF052A889DC90430C59012F8B140B2A7454E7569BBBD93F092DAD591FBF6C7086B00E6B1E96A8CF0B3AB4E940A229B2E
          Malicious:false
          Preview: .....a..s.Fn.*d{K.MG.s...u...306..Pz......<...w{.._..\..+6J......t.7,.B.=...k...v.p.....`y.iz.`Q^..T..Q.Z...\^..../......5p5.......M....Z..R..y.}...;.K<...r..k(....`...!F.0So......:.wh.yryw.X....CZ.W.......#..l.._|.....Y.c.w.i..1.s"..5.....xb.O.....~..}...X.s,.G~.B..$...x..G.2.ug5.a..O..S..n.a.g..p......g|.}....AW.u.....C/....k.B.;(`.k..T..0....F.i..i;.?.w....|P.M.<. .^..a.Z.R.r.P..p.....>.[.....X.`.)P..<O...*.>...sL.Ug.$&....\.c..=%5.<.G..k{......$..u..DI..^.J'h.0....O[......|...MzN...Cr...+..J..nxq..s.;Md....o,.,q....t..]h.d...4.....;..W.r..@Gp?..h..z.3...4.=..c1..=..[.'.R .0...d.~.0....w....H..M...C.?B,.HS.*.^.......Q.s......>.!.....q_..- 9....~aVu.hgek.?.K........{.....|..?..R.+b.6...s^_....E.,....g.M...)2-..5.E.........8-k....81.;x....-....2-+.E....z.0....7.CA.>.C%....BX..O.V[Qf.'0@@8|..a.-..3...rB.h5/ThS....|x..Wg.eU..Z.G.:..2.kC..>..k..+.....4*%.Z\b...\._5.8...Uie|..Y...j.G..'..IV.L...O.C|K C}.4..4.Y.....p..q.t..M.u..C.e....[...G. ..iK.
          C:\Users\user\Desktop\VAMYDFPUND\ZQIXMVQGAH.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8554823606673265
          Encrypted:false
          SSDEEP:24:GmnpS+3D80A4l+MGQIgpr+tjkHImTS/LgNlcylgTXADn+z7nGpn:7nprXlBGPsr+ZkU0Ndlg7u+HGpn
          MD5:BE808413B22E01E30C03FE9D5B49695E
          SHA1:2816F75304B0EA2F8BB33A8F4C8A7EF4FE542768
          SHA-256:63F010D5A6EB9CE5458B0263A566991D9EB03B0546B577DD511500FB5DE0273E
          SHA-512:D0B696C0E2C6B662824B1DA65D21B05D18CA5B3C12269924DD64E149C59D96F401828149DCF657CAABCDB9BFFEAC321DC0B3D51C8A8DC65761693A2E441CD8CE
          Malicious:false
          Preview: ....h)...UoWJ...Jv ..Y...)...l..+...<.~.N.Jm'h.b..6........2.....F.#.:.....5..b..~-.%S..+u0.....S.H9E....j..sf.w..o(...{...x.r.cvr..3..C...~ewi.......S@..../w..\'.wv...Ug.l..U:^.j.xmyw}^@/.L..N...../..../.]'c.c..3^.4KY..N!.....A.s....+.R.........s.....Hc$.nA/...0.I..T;l-...&.....P..tF.H.>.^...u\.1Vgn....cH.XE".Q.u..A2..N...3..8...2.....voH.>..%....TvKCe.;ts...g1Y..%.f:..k..Z..&....0.<].1a...U#<..D(.f.T..(.9.d;l.E..n..8d)Z...M.<....m.......bc.m.......I..._.J,.Ej...%,...1...*....N.Z2...|.i.,..J%YY..B...].R..,....\......I....$f.).......o..r.........G.?..Q4.ZQ.:U..<i....)....ji'..-....\.[.B...'p........_...Z...4..%..T..7..].r.......jVn.6y..i...u........>w..%...%.....=l(;....j. ..............9{..wP.pw..I.zE&p....!?...B:J.%..?...o.80.......m..y.e..tc1^F...N=R./.Y[z.d!..FV.1...)S=...;g...7D..4..A..y{.........s.#n......W...'3`@~)C............]:..%.......`Z_.a...zuU`..|..Q<.q..6.....n"......\_..\..r6.8....ck$.gr.@..tK..Y..7..^.....g...@....h^.....+.\i:..
          C:\Users\user\Desktop\VAMYDFPUND\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\WKXEWIOTXI.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.828783409135878
          Encrypted:false
          SSDEEP:24:WM1W6iicwKMk44iQEPdBQnSsyqs2t0GryzriyLXADn+zjr4kqb:1W0f4jpSs5JrSeGu+f1Y
          MD5:54E387E1D99C7E3360702A85742CF36A
          SHA1:87C27D5D10E6506A9DB0B29010A63787ACCC66FE
          SHA-256:60E733EEEA0C650550B32E62C3736725835950E7D5611A08713E6702D5F14321
          SHA-512:B1CBBB54E9C61E2782AD6372F971EC842EF216458E94B29DCF58E799F0B05C4B6433961BB1C062E77D9FA9941A053463BDC5F2A0648F8B44A464F24D6E7F4212
          Malicious:false
          Preview: .z.b........zQ.4.$#....D.F.X)'ex..m...(.....A...5Ey..H..<oiaA.s.b7.0|.<b.....u[...!.x...*2...\~...."dE.?....#..........L..\%}p._M.4>$.U..:.Lj.....qg...4KS?..8....x.m....q8L. .,..D...+..td/........jC....i..........m<..q......yh..T[?..7-.{WRC.;.L.)H)Q.'y.7........@r.`m....<..N.f..4.{...$....nL3>...~..wy..J`.....}s...A.c.!..+E...w.g..~h.y.DI5.$........*......=.xy>.....0....6..@..)b.h.Z3.b.....@`..J..v.*..2,.K.$...2.4kv.......v..G.O...u.....o.r....6.k8..?}........Q...)>..j.Hm.'q.V...yL.. 0..a.`.BK~....0.....H7s.%...0b#..!.!..f..7..ck..)....._..,0.....A;.....6.OF.7.[....pt"....F0..<Qe.,..|._.o.p<./.~..S.i.UjW...W......h)...E........a`U.......cob..,.MR_....@...$.K..q..:..q.y..Xm.7..[.......S...7~mfN...b.z....>..z~.....MC`q..u.(|}.Y".....6`.A(S..JJ....V.v..I...^.........x.....X.,./j......l.....T..,2..............3:UsE._4Qw.S.h......-..}Oo.....L.|s.7b.:.$....=lCn3....M.s.E..1..1.!.....k2.-Gy..u\,.|a>!.Pc...... ...^..h....).....H...d_...N.
          C:\Users\user\Desktop\WKXEWIOTXI.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.828336922622897
          Encrypted:false
          SSDEEP:24:Yt8rcgE3D1mT+uoMQS9SZByJie4ZiMkNhT4pqxk3hYWTI5AHQFYiviswORXADn+X:TrARuoQ9SZZe4ZiMkNtOhnVH/IFwO1ua
          MD5:E53362AB7EEBCF8FBC23E46E26CA76DD
          SHA1:A845913A24FFD23561D0B565C430DB1E7DC8C2DF
          SHA-256:EEBF082A66EAC8FE27F9C4849E563152BA957691F7DC7E38DF87F5CA078596AB
          SHA-512:ABBDF1B850FEC62D44A5000C896EFB0CB6DCAAA92E8433ADAA691CCB3EBD59530D7868867227D18273EC4318BA2455DA46113828437879F69F0442359E7842D2
          Malicious:false
          Preview: .T....2.t.YI..]&.e{'...oJ.=.l.....d.LJa...*Sf.3o..5J..t.a...Z.U..q....%._...Ts.Z.T.....z...S..........].>...4.,..-.......}.&.a"as..H..t.U...1.k..N...+.....!..U.....s.#.H8./T.?...._.~...p..iN.QQ..8.)....=.[%....iWh>F...<.C..Z.o.iA&@E.....Px...gA'.c....{.L.8...5.@........F?..&..G{c..-./....wYO..9.....6.......x..i.*t.....Z.Iu.e.8....Wl...i...Dt....#..>.!..&&......>.Ej.....7[..A. .%-.h4.<.p.5.....`a....k..7b..^*g} .^.."..i.C=...B^..LH^......d....p|.b.....`.....p.dZ.ZH....K.y8..:.J..`&t....).4.e..~y..g..+..#..vy.0.hgalF......)b\e............_....*.Za..|...>d.L... ..J-k:Jx...'(.1.r...........-s..%~.>?@91.|...j..n..6......t1Y.[?v.... ..h.K....6qa....._g.|.......[...~.Si......O..]....ND.......1).G...p....C6..._t...5...N[2.......f"p...|I.8.3..l.....3.....wF.8...+.D.J...yn.~.<..-S3A...Dq.O+...e..:9.PZW.....t...J..;...gUT. ..hi./...B...^.+..u..3KA`....}.....bb...G!.P&a.AS....U.I#{b....".+p+X6.b.{...O]..-.|L.q....9.1..6.{........\..W..6......]?.N..
          C:\Users\user\Desktop\WKXEWIOTXI\NEBFQQYWPS.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.835317660470376
          Encrypted:false
          SSDEEP:24:3/dagh/6FWn8V7FYF8FvCf+CdXv2Wy8BwadNbe5hJNS6xn0aQVcyHuXADn+zLb:Pdt8VxcMvCmeXv2Wy8BfdNbeHRHAcyHU
          MD5:C791ECF5EBD6A5C938F3B377C1EAAB68
          SHA1:7B4D4006F0E70E0437754EBE38FFD3A663EC2FF2
          SHA-256:9C5218721D4CF25E130F6FC9026EF07453BE9F0C5A51F202AB2D5B26B91D71E9
          SHA-512:47CF822E217FB93758780E58B8A328CB9AC6B418989D09AFC727BF6BBA907A0C9849B6A75F0CF87B3206D51D41B6968C70E9FADA469089CEE1371722CAF36A3A
          Malicious:false
          Preview: !...39.0L..(..Ty]...D......T?.?*.L..H.P..d][......a@."......u..K!u.=.W...61F.#!....R...A; =.l..D...7.....d.N*.Q........b9....Q...j..&.....S.0N....t..q}Y6,.0u..}.Nq..j.S1.0.$.j.v..%...Z.q..X.~.eQ.4n.E...h;...]{8..q].F.....Tk!.T..[.0k,.....cx..(.&...........}w..<.W......j.?ih>......Xs...(.d.A...|..k%.^H."@-x..a{^.d......c..A...QZ...a(.$.{|....JV.FA..p...V..W...[H.&....o.K..Ooi.z.;...(."L.>.@..t8c.hcX..9.&.....?.v.2.Y.5.:.|..oW...&t.A`y..x.f..u....*.I...=..!..h.-...St.\-;:..8.C..EC/qBI....1...yEU.].T..L=B........~.1........tW....d..j...ZV!Z.k."..-|...F.5.pNvkv..}.....S....6..[...&6Y..$..W`..\...6.K.#.....&...e...9.2.]..EH...Y..Y(.ZP.3.jk....-P..x.P.Wmv......Hw..LC....4.q........wU..`2.yS._P.E.+q.!.+.?1..KA.9sx......8v...,#.v.Q.;....i. .[...;o@.%...n.a...;.2.a...f.....;.....$....A."...b.W%.&......(..i....1\w...'../.n..o.!.7.K...E..A.T~ch|~@..3bk.7Fi....4.W...~.....O..1..erf..i.#.....E0.......%......Z._Cx....[..B.H.......).-8.\OQ...6..5.
          C:\Users\user\Desktop\WKXEWIOTXI\SFPUSAFIOL.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.831209809369885
          Encrypted:false
          SSDEEP:24:brvq4X17GqW5qreiymvBqen1y46sdC3n/RrL92psVXADn+zJO:HxUf5QaYqkdzmrx2pshu+k
          MD5:1EFA103B274CFF68E991BE20E000FEBF
          SHA1:9C25C85E5DACDBC7E776832818F27485DBF28805
          SHA-256:420E0E3FED61670F317DA16B380E62AC5EFAE4AE50A3685918CFD6E6DA5F557F
          SHA-512:7661B2C81ECE1D7C3E08D65BDB38253CC1886BF20E8BADEC927A62716CE5521F1A5619B34679027DE96A2BBF38005CACD325B4BB5F0804374C9C583800B3957D
          Malicious:false
          Preview: ..H.z...H...D..V...2..MIl...K}..O..6...s...Z...;z.x.1K4q......,.s#L'/VM&._..\.G@z..7....\..s.g....v...M.R..5r...X[...C......-....ua.I.#.4l$....n...vg.I...V._.-(&c....._..zp.r.~.e......'.........W.L.6.go....z..;.....D.q@.\6w:.._...6..w...v.R.1....1Q.V.2Q~R...l.@...m..n.g_.......".........n..6Xh.+....+>.s2.r....y.o .~....9....qb6.>.H...O...[..=.l.Gb.)&.....Q..;".{...Z..I...WBb.P..Fd...N?.[.m.-/=.V....j.e.}..V....k.....E.Y.....;....$R..BY'..c...l....^.@n|...M."......6[..V.CgD.......j..F...%\\...S..h.......G.Z.-b..8..\.b'....6.c...Iv.....g.\.O&:..O.".N)y..X]....}Be.Z..C....9m....."...........X.D....s2*7].#Vq..c.)N.kI.N.".{-.um$4..N....l....0.]l>..T...B.....\);.75a6.2.uMQ....'.o..0i......f..GN... ..|.jKZm.Ay..t....\....+d0..A..*..p....1..z#1)-?...tE..........&7^c....E..]....n.am.y..b.8.u.^..[m.D(..x.6....2.oF'D.r..h..u.RSf.5.{1j.En.R..:...wM......S...S..8.B{..G......*._..y%..&\..o.."o..+.%M.,.....E.:...4.........@.%.&..lF.o.%...iB]..zk........".....
          C:\Users\user\Desktop\WKXEWIOTXI\UOOJJOZIRH.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.851717017472232
          Encrypted:false
          SSDEEP:24:yUnFla79r3z5pd8jcaI01LCheS2s6LBnTUt+PyzXlyiumXr7XA1AdWsXADn+zbk2:y805Dh8jc2TS2vyZPTXf+8u+Xk2
          MD5:8A8514BF35B33371C92173139E321E3E
          SHA1:35CD53FD74BBEF82F0A524FD9122639C519BED86
          SHA-256:098709ED272D62D375156F8E54DDF7D34B1CA424F043D4884CFA6A7CD90C5BD3
          SHA-512:A1CBBD1BD87D28A5522F1D6FD9CDEF77AE9CD33E754D74D45614F2A9CD63D0AE460E5E1A533839A58377FCAB4A0B625A0F8A32C0059F59470B1B3382FC97C1A1
          Malicious:false
          Preview: .qV-..:).t...k..........X..q......e....Xv.....C._#..........M.P..gOH../;]tP...............T.....E....N....8...ITT.f.....H..F.R ..Y."*.u&uY.......7...Km@M@.{.k.. .}..R~..+.........X?.j"..88~.......A...../z%A.G...l.q.....t1.......I.Q........{... ....$,.3.^{$.K..mm.S....*F...1.6..]n..>j..fKUKT.........B.o*e.U.w&.p.7....t...Z.....i@......a.H.....e.|..4...3....Z...q.U.[...a.?.}KJ{.~.w.....Y:X..Y......].........4[.h.l}.."c'[kCxj....8].........x......r.7.}..zYAUP...._..\...Z...j...^..B.Mq.6C.w....S=l;......y.k:..C....M>. C.=.{.W.xlJ#...%..r. .Mt....J.1.........X.....z..|j..~.X;......O.-`4.....%*....p...v.!i..._..r.G...q~W._..08..]..V.H....C......)].:8..A#.L.L.h.i.|......$F....(MC24.7{.j`..8...q...6.....7....i.-.$.3.&.v...fA.GVn....[.O..H.%G2*?3...H.^...j....d.n.p...`wyZ..x....;..u..8n....9....h>b.t..it.....ONe..Z./.tb.$..h.<H!...t.:6..q...+L..D.7....-`".fc........h.0..Z".+..8)m.....\%l&.-....(.yG...<J.y.H[.L.....H.gn.....}..
          C:\Users\user\Desktop\WKXEWIOTXI\VAMYDFPUND.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.854449523299915
          Encrypted:false
          SSDEEP:24:DUUeRH206i0czoX63zFThcFW2dxbK91vGEYni+ToWXADn+zS:DURH206DcUm/cFW86bgoqu+G
          MD5:5CAE2C6EAA00A512B4451C1939818EE7
          SHA1:10178BBAA7259E96A08ECC328304C56C5FABF86F
          SHA-256:05CFF0B72FE698684BF9794623CE8C70AE8B0BFDC1B600792FDC64E93611B324
          SHA-512:3260EA1B4E1A26A87B2CEBBD779D80E72588E2E9A93EE7436BCCCB6EB2ACEF7831611CCDCE246D3B244DEE05D3A5E1679CF2254B11E9F2798DEA6467D7C2DB17
          Malicious:false
          Preview: u}.$..`Q..1v..f.9=..ul.....3..P...A.K5..>..fyl..{....t.P......n...U....~....."...s.....6.....S..6.......w....3g...I..H..{....s...If,|.+S.H.c.x1MM..q..@.`R.6..#...).._b.'...S.......}U.._....N..s..n<.?hf.~...M2..f.._..K. ....x_.O.-4.u.F.+...).........../.Q#.......(...6.w...T.pA...>?./.".~.t).?#.E]...m[..h......3...u.... U..x,.;UB...;.....O....P5f{b..S.....?Y.. ......YTyr.1:.....'......Thu..0..0.l|8.....9.j..7..l..=L6........{....<..o..9@.sdn...h.....90U^R......].LY...*5..3*.......'m8D..0.=~.Rlr...i...."..LA.`^...$...BpY..?....<.G.YO.."z.O>.....f@...........-.6-...B.f.:4.l......Pe....!.Z.......t@..lk1...6..)1.3P...@..}.Z>.....{...~.I...g...*5Cq...........z...1.-~b.k...<.|.kp%...@K..N.'.f.+q..."..Nm.I.v(.s..M.u...#..H.<>..90...S...H.Z"S5..3P.........Qm....`..\v(J.f...U Uzj~|....Q.&..l...Gx._7.6:h..N.<.._...;:....|..7K..(w.=.C.oI.R9.%..K.@..[.h..?P....l.Y...^...+.E.......f.....o.ME..Qy.(..G....R...8...-.a..R..:...#.K%..Xl,c.Xz.im..2.r.j..2.e....).....$.C
          C:\Users\user\Desktop\WKXEWIOTXI\WKXEWIOTXI.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.854232788573278
          Encrypted:false
          SSDEEP:24:r1EYcsJt+u7hNbPR0UX8nLotN8nxNSTQfZ6vzigjmICujpXADn+ztxN:rSQJt++PlvX8Lu8nSsIvvCuZu+p
          MD5:7394DD4398D359E98F09572F58FA1B78
          SHA1:B6A6582A7EAE88C4AC2639B784DECE2C090E8941
          SHA-256:7F83896DE8BFF90AD01B05A73143E88543D4DDF7C08A33FDD4A5A530D64058C7
          SHA-512:C806A4204A6EBF5A77A52ABE563700663A67660FC0E7C2709B0E0F376E36C3EB6F353ADCDA2D8C404F3ABBED2D3DA7A27FAA59AB30CB0C3E7D100FD92389D5B4
          Malicious:false
          Preview: m]b....4.......:.!Q-.e.zW...l.....l...*Y..o.2_.....}.l...d..Nob..3_....2..x...."._............3Ew......I..~.)....[4.B...v..4......P.7z..s.......A.G..k..:f....N........j.r....E.....}nx.......=.q..6.....]...|.5..=L....nJ.BX*....b..A......s1.F@.*3c..lb..w.6{{..*.6L.j......8...=f..$.dul...Z.`...~..1@.J..T....<.U..%aM...._...S.nHv.Ozf......+.......H&....9.(.n{A...t.......ml"rA..+....d.+..~..b.....p~/.i.p......_d.+*...1...x.]b.......RCH.hp.t.y.u:...&..p!B1]t#.R.OD'6."!.<^..v..U|...p.e..x..F..+..?=V.V....\...y.7!V.h...[q.w/\Uc..14.;w..\+.a.B.........9H.......{o....o.(.j.r....1.m..)}..*M.[t.J.....@..E.?.f..s..uo..t.9..V.=.|!H.......].....].c.{.(..}.....eJ1]3.4.Q..-TU>.....c).~2$....~...(..p.uN.1.B.].]~.%.TM/..'..(...?..........BA..~..s.Zqi`kl8@.....:..c=.=...K].5.y:a..v..I.O.0.%...w9.Xk(..>.1.e..[0..........uF.._6.....\8Z2....".W......I%.N ...{...%M.,F..$R;F...wQk\-.#B...O....2..bW......}.. ....L.{..:&F...-&.dP...0...A.z{.7...,....?;
          C:\Users\user\Desktop\WKXEWIOTXI\ZQIXMVQGAH.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.849660825393839
          Encrypted:false
          SSDEEP:24:+iwqGTqczabd9VBd3jV7lYX5ET9TGSj/jsJRe2s96d2uY4BMYiUpXADn+zhyIn:wg9Fj25I9TbsJR49JH4Digu+Bn
          MD5:4DA612F44E78C2A0D0C5E468066E8220
          SHA1:0D6841716BE95DB1DEC9D4D7D80E986BA4AFCE9E
          SHA-256:9AE7C1CF4E1D11183C78AB93DFB76EF1CB871248CCFEA66A7FEDDAB37B6EADD1
          SHA-512:1F15DF77866A8DAFA72BFC698675BD5D798DF601FEC18EEB915700824E627FDDB17F84B2CAFFB47256B4857F63938F780EEC3CE004B9FFCE1D5B3EA2627E31BF
          Malicious:false
          Preview: .b`d..........=.......ro.,Q......j.....=.`.pDK..HX.$R0....dg.U..Q.nK..(Z.....m....N..g'Azz^.+......B.m....4.5...Cd...;...A..Zw..,........Zhu,\.IU..%.p;.K...s....+4q!.W%lX{.....@..[...!......S....../.M!...L...=..{i......I...+.....P..xd(.GM....c:...........1<w....<..4.Zu-..b.|.:.M.a.>.TX..z....J>1..@.&H....o.)...&.$......a..<.e.....5..}......,..]..(.Y...).@...[....?8.*>hy...0..V...r-.!G..{]./>.^.9...n.+..zt....!..s..d.s..|....[...|9l/...S-.."&......#..4...O...gl..K.G&V....<...i.K>..~...eq"..t.?......\.j.>I...'.f.\-..25.<....p...!].8..j.MI....B.c...pfj~.....93.%.F......}.I..;X...P:...V.pY.u=....m.X.....q.Y..vRm".....m..zn.;.!......i.f8~..r.i..B..x..~...D$1..T....(]p..`b......L..:.vBL..0..Y..?^.....Xw\.....?.....M...s..ID>..N.Ww.j ....VQ~....r.....D..1.......b...8.o...V..T....L.6z...I."%...........Q.8U.W...du..-.#.9r......4.dX.r..N...nnU..~.b..F......../}..q.(.X..~..P?/.Wx..NA..={i5<.j-Pqc.a.&Y\)".oY.7.M..X@...8........J.{......(.L..
          C:\Users\user\Desktop\WKXEWIOTXI\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\ZQIXMVQGAH.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.856462513464044
          Encrypted:false
          SSDEEP:24:vKZJWWY60znUeNgyAUcNTaaMpUldcZchtxp1O//GMDrnJXADn+zsZk:4JWWY60zUeNluTfMIfRp1kG6u+Ya
          MD5:BE74EC45614134149B6F9B457C57C4F6
          SHA1:04F6FBB8A75F87328B6CDB7E3FEA5A4BE0FA1181
          SHA-256:A3C61BE50BC97B3FDF6C65173649A0C4586267619522632F9E818357794644D3
          SHA-512:DE762ACD1C9A3365B6B1B6424EDE98828EECBB01D1D8D20ECBC7185733535FDF2632CCD49D2FD252500B8436FB86EE06D3D95EF7B0AE456AE3D3EC027608CB9E
          Malicious:false
          Preview: .u.'.[L.h..:6...........].N3...[Dy.........!,P..._/.b.5.....&uU.(.(....w.....g..U..g...4.......M.'.....;:P2G.......]l....cg..m..F..=....&.?.K.z`...yb....=.n....:.&..1.w:G.1.IW..H..U...0..'..o..........4.Y......-.....x.&.I.X,..d....P....G[Y(....R.2.%.'.|.T.....f.!.D.7.I3....-.\..R[n.*.1I.wT.{....]...D....). /..M.\~dm.Y._....eXx#...6.....{_W....?.t8<Rw..G....F.).......,....y9.m...c.....ulSD.......K..H$Y...z..{...V.....ke.....1...?.Z.Q ............#.z.5b>.h]..k.j.*g..........9...*prb.7U..a}.../.....5.....y.....Vj.n.R....Vx....b........u..*..}+..\e.A<..3.&M.y.'n..C;'.I:...E.+...RM[[.......~Hy.._.=..B.<..x.L.....9..p.^.G.I}.....8.&3_\-.....G......./.h..R.q)..<K..v......~.!...l.....0.....}.....r...Tn.U6.....C..<..i...........|...3.!.....Y....D.@....d&....+f. %K...NA.b._+-cT.$.CSG....;6........i.LZX E-...<..J~....(...Ub.....vU.M..{..z.I....eG...~.T...<.v..-5.......`+F.........t..e....x....Uu...i...P.$F`.-..".S6d.V.....*.U.sv.J.(..
          C:\Users\user\Desktop\ZQIXMVQGAH.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.840953421603471
          Encrypted:false
          SSDEEP:24:oO3iSndLf+DLWYkeQcIfNaQ7+kUbi+mVL4rCYlotkbnpXCXADn+zX:oodLyceQvE7kUqB4rCjSbnpXeu+j
          MD5:C79782FB7A83B392132FF5DDCB734511
          SHA1:3D69E2B6AC041D1A216A908852AB03BD584C0325
          SHA-256:E9005C1FC1716CBF0BC9827F2367802E96EEBA902CB305788549F495C27AA8C0
          SHA-512:ECF24C17F5F09D5BECEDAB38CC6A29A4E58F9DF6CD276EF3700656656A89C9101FDF2204F4936FB30C93B3EF11F4D0998C4103FE8C1BC57A8B579F32F6437EB7
          Malicious:false
          Preview: .T...^s. ..b2'.k....pH.V.#.p.[..MOR...1yUwc......c.c.....}u\..Q......Gf`.#..B.1P.72..`...........a..^....<8.`.c.1.'..2..Y...[4...4<.3w..V..Qy6.n.].b.;.,.DX.W..:5..o.......i..=.,;..x*C........q...H.`= ).....F.<.........N.<).,&..#.Q..)\.EV..%_..o7...A....0PNI.3..AN..R...t..6;R"....0.....E.>.`.g.IB...!......p..)......Fcj...........Q}5. .....Fm.3..U...M.Cj.....I.Sa.8zk..I.H.....6..4.j,.h.0....|t[.Wm. ..,......h+.x0..v.....;...v]y.Z1.`)..~.E.. S..?z=fT...-...+.U..i)H9Q.5f........D.....!...Y.@5.QH,.....=....e........$..4H.i....~[..#..a..S..;..a.3..-U...^|...9B.M..o5......3.F....PpR!......hO~..<}...F"3..4".;.`M&.........#..3.'`...d-8KsK/..j.[.40..Tv......Gd..A..k.H.k&C.N.....%.1T.*..G!..~.....R^...;....o.....Q.V`O..z`r...w].W....vLsH..j....H*.A...D...X...(|...5%..\....0...j\.........!....w..j...v.n...}..x._LJ..^.@.t.B.........".<..'>9.9S...t..A0.F)u.H.n.=v.......d..... .'~q.|".9.,....A0...f...B.6.....P\.b'.2....$w.....J.1V..
          C:\Users\user\Desktop\ZQIXMVQGAH.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8367714203235925
          Encrypted:false
          SSDEEP:24:7nhjYaW+lyplHWkOcVc9hnk0RQ0eTcowrv2bWwr0b10LTcKXADn+zbB:7n9YaW+lkWkO3/nk0RJe4oDJ0h0ju+/B
          MD5:34B8EB547D04E4E7F7F30901434618E3
          SHA1:AE00AE6ADF718F511B4674ADCDF3FC9A7EFB2D88
          SHA-256:A525A5AA38C266DE0389EA9621CDFE8A4756AFE3925A3DBF02F0D453DC51CEF9
          SHA-512:D7A5263DD228C01ABB36E902BC5FAA3FD861302F2A32C34F5E55CD31EDB890CA837E6EC580B3BE53383F82292EE409B1991B6C43F8F104567364148C7A815D19
          Malicious:false
          Preview: .0...U.....y5.!)..h4.a..7.....On....[DV;.IH..7I>.Q.z....V].(.9...k.\......~Il...])C.M.=......`v.-..d....`...u..j......=..p.`.&L[.p^4........._r..Zy.)..).t.SK>...o..&.5.'{.|.!.u.LoTU......KW......wM.....t&...g.rxQ."Q5........;qd...).R..J6....H......E..@)...t."cq.,.F.M9. .~..M.(.Gxj.F..[S.........OPF..]&..w.P. ..7.....)..f.J...V....I|.'$O..}}l3.76....?b...p.^...c!....h.~.bV1...m\...w..2kFM-...t...m.I..#.....-p.,z.We.J..=.-...lQf....L.f.A.....U.4.e....=y....^T.Y.YL..V.l.T.~~.O.@5....K....r...?1sX...d..aj..eix.R^".[...oo..6H;+..j#ZA..).T....<........d.Z&}..j<.y...MTaX..x.f.O ...O7a.bl)...2...&.m.n.8..iK.i.#.r.H. .l!..u.....H......kgB.x.u..u.>@#m.7..I.....%.*O."8..ng.P.7....i...c:...{.c...x3KmdC.sk..c.!...^y...l.N.......<.U.}..>X.x.1...k..mbq`.r.kU.r.Cb.8t..t.K..1.n&.~.&d.l..0...U..8]....A...)...9.0...W.;....T.....=....Ke/...M..c.?."..Oa.5....dp..2....mjM.w..R.*N.&.4.r.pQ.3.\..g.Tge.....0)...:...~e ..H....0.-4^H\}.bp.......m./...'GA.lQ6...n6
          C:\Users\user\Desktop\ZTGJILHXQB.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.843480389886071
          Encrypted:false
          SSDEEP:24:z/FQle5mrMhXJifYAJ7OGmHnt/6SQHNcFrBsgsSPo98gdpyjnHkACsSbXADn+zRn:bul1AhcgAsGYtjfFP2NpyjnEACsSTu+F
          MD5:B1DAF9D6C8197B9BCE19E16C16818748
          SHA1:2D288846930A223C07BC9C5A32E39662C9860543
          SHA-256:D42A6FD91535B3D6E41EB79EBC2232B06E523F150AC396AAC6B8165FAE8CEEDE
          SHA-512:EC882872BFA8F9601C53D376E472B12F33968F58F03417FFE862452974A8C483299461B30A2A536F5723E9109B6DAB672DD422CCE1EED4E092904A9DCEEBBCE0
          Malicious:false
          Preview: H^.H.....@.Q....w....,Q....es1...I.........C.e...cy0NU&.,5}.wzN........)1...#.....dU...A.P.k.|.7xt..."..l...Z..q.T.68.|...<X3..j\/.|?...l.d.J.G......^..aO`m."..{...F.1.I.,.....n....j.......J..y+...X])..p..n*z4.b./.2.2..'..p2.s.Y ....z....vF.6.&.u4C..e.k.$...]...N1.l...<..Q..d.0.W....`.7..-) ...VC.........fv.........]xu.u....n.V...OZm......>.......g{7..i.a=.yh.l......n.k...O<.d.leB|..........q...G^....mR....u..[4&4...+.S.%@-..t..i....u'Qhw...Y...u......./u.-g......LB.........Y.Z3y..f.BSH1..t#{u@;F...Fc....gk.....sR.J5$....Y...].........Wr..g.i.W>&.!s.g_:~....-.A.....[.y......j...D..>...2.w&1.....?..4..._....E.....G-j..O7x...{..2.m..r.8.r...$..{t..|..t.4.U.u>s...=*1.!b...W....n.$!.w.n$,d[I....a.}.3.K..h.P...-$aynj.K......d.y..A..ji.=>.9..l....T.^j..Y.F.@.*!5...7.k.....n..l^...+?.?E.....la.|.r.k..t!}.....}_..+..>.x..k...G..BA...a..[nA.M..E..Q.D..`.f.&.^.h..R....Z.S....~ a.....EH.......J...v.p.^....."w...0..E8F.z.4Z.(l.F8..c.:.%.:.........
          C:\Users\user\Desktop\ZTGJILHXQB.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.844228057796375
          Encrypted:false
          SSDEEP:24:SpXLN6Gc3QHhzHBqLUyReoSYCrfMcG3RduzHV3mffV1kXADn+zOW:qXEGcAxB0UiLcw3nt3ou+yW
          MD5:C192573D0FE63112726FD10DE8C618DF
          SHA1:D7729C1FFF10580B496E738AE040687995B12CD5
          SHA-256:FB805D12D05A0AC3B3E0705610A2D3F26DB8745C401E0D900BDB9104D03DC836
          SHA-512:4B5650433153EC7675405AF95A4B8E2BD2651F6308A1E18F2B926F0AB682E19B2F36D73B672D0F6DF8EFB1CBCDFE9588E88C4D63D7D990802A8C512DF4D14BDA
          Malicious:false
          Preview: ......i..K......e.1i?fE.>kc.`........L.5..'p%2R.......$..-...\..Y....=W.g....Z..O..........&..C.........Y.Xh.u...g[...&G.........X9..$"..-..48...@.gm.$.jD..2.~.26:.X0.....Z&Y0;..G.......fgc.....u..|..15....B...U..#g;Oo..pX2..Q..g9.p..w.kh.....=.@..5..Y.'....]2.M...C.Q. |S...r.d.8..h.!..."..H....Z..+.R.s.a5..<.....r...e... ....|......v\k.1.`....@.c..#.'..\4LSZ9.FI...L....w#..v...;.eN...`9fw..Y6.-`...#..?...Q. I.k.5.4p.O.oFB.E....qE..al-.w...fD^.Q.yJ..4.C>.......^S.|..........i!).......~|~...;.Ta\WL....$/...6..cfIl.(...m^[....6./......F>a:.Z..8.....mY.li.N..5&..L.c.K\G{...yv.1.J....p!...3.Y...."4K$.oz........dX...+...v.VnO.@..N(B.........\xoyo..@X'U.3Grn...\.p.n7.\B..a5u../....J........SGN..4D...i...$.9.n.e..s.Q.cz.QU.H..M.yI2...m.........a..Y.#zn.@MQ9........".c.Xf7..o..j.z.U......x#.P.y6AQ......[.....]\...<.^....9.....d..e.G.*..^e.....P%.E...Y(..8'.H.%...r.2.~........?!.....=..T.s..>v?J.)....Ho.....Ze..7../q:..6...$....
          C:\Users\user\Desktop\ZTGJILHXQB\IPKGELNTQY.pdf
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.816718805089984
          Encrypted:false
          SSDEEP:24:7AwKq8fX5WJ9QZ+5yF5Gxx78eGX6N8zfHB2jGwFc6q/i/UB34XADn+zRHWA:58/5kY+I5GP7LGX6N8rHB2j1qitu+1HD
          MD5:F83645C65F9CC217422064127E49AC70
          SHA1:06BC96BA74DBDBD29E11D7092C13C7C0356F1C7A
          SHA-256:7836A6A59EA5C69B7D63806F3ED5163E4B5DC40766F8AC7D58E0AEBCBD158ED4
          SHA-512:CC46E0CB4781DCDEC85B28D14A71EA1F3E084F0AAD222B4BD2513A88AB7B7EA2D5DAA4590BD6FE9F4DF503D2C257AE9B9DC93FA622377BCCC31E729458AF64D6
          Malicious:false
          Preview: ....0..C.I...(...Cf.../.iX....d.s..Y5.R.E..T...9g..X..:.9......[y....e%.L.n...&.i....#..z.+]9..3O.8o..{~h.$zU...zN:...>............z.4....E.....!.vgT.99..C.0..65.d.n..UHiM5.l...R.6.6r..rO.F........l..5t}.%..q..r..D...`O....l.)24{..'B2..k.W\...|}U.Dh....2...J.gtg..0..I.'.,.$..3..8xH.9.'.......=`h..............:X-.TC...S.F...o..)....{z...j.i..2.L.V..]......O.B.2..O1.6'-g.?5.Ba/{f....&.n6+...|.`..............%..."?<..`8h..-4.[.....W.0.....D.].^B..B^.BU.Zca.{+.z"-4..y.\96/..I.+Gz]...d.!.]l..#Z......-g..'...V.z.....y....c>TTr......{..g.D........*i...g!.[.3...0..^..O...,.c......t..|."3....p6....v....m .R..H.%..bC.%....E...G....~D.IZBL.......U0"c./!.R.........a...}...r..!.(..(.W\v......l..e.h.qs....f.....g.a].BE...%..!.E.:....Z.........d{Q.X.g......nMz..$c.9.e.3,...|../..r.....,>...y...lNo.....f......O.G....\...g!..1.N.?.........T..[........_.:...@.f..u.....NIN..+..8d.N8Xh.N.h..8....w..>.S.....;...B.....u.f.d...J.2l....A....nz...,6....~j0.."tR*.
          C:\Users\user\Desktop\ZTGJILHXQB\PIVFAGEAAV.mp3
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.839380775521346
          Encrypted:false
          SSDEEP:24:wyHtZjUYySWoMs+IPNzSzl8BemS9AeA0yas/Ve5UCNTKZTAdztAXADn+zGx:rHEaLkmUA/asteqGTeAt4u+i
          MD5:DD6FF0D5B5194BE124F75925BBC742E8
          SHA1:B5D709620B287510311EC19DA81698DEF3E2DB4A
          SHA-256:9FC4D3FEA5F93A04A8887C8B6E79F928DAA0C971062A209CC0021637C1FA5EA4
          SHA-512:4730AE9BA70366A4F47290819BF0F58A90088CB3580FA19212960514FFA042CCA7ACC7E54B30E29DC3692BCDBE1F2B0126855CA2045C7B99F37DE901093CF52A
          Malicious:false
          Preview: .*...(.m......8......n.4..X.C.f....>....@..4.._Z..d.(...H.R......-...m....{.`.5.......1.&..h..)P.....%.!............W.....Dez.]...g.6....r.....Fy4.9^...X2.*..X..`0....=...J]B8~........a..qX..|..A..l.[..s.....O......+.s|....._.K..v.t...s.}....x..M...f......3........w.cc,.....6..|.&..u.d.v...|.*v..C......8.j...*....;..BhwO.Q..*.....y...?.4|.Vw.45.&...,&...O.W..B...&c..Vm....,........AG_.!v.i..0.f...>....R..|.....).D/....[..2....&.!..>.Fc...g....)..N.b...Xn.a:...D...8..z...^.}..b.......a...o<.Ram..$.\..4.P.-.......2>."I.........z..|.BV.NL.X.J"E.c..e.o.#Z7...7dE....2R.W..s.z....Kz..+....5.q8.....6...m.%;J.HL..T@..,.."dF...iY..;.7Vw..7.!CS...GF'.S5.nnd[Bea[\.D.n.X.}.E..R..B...i.. .7.S%(i..M..n9_............"P....R+...Ge./5.6,;=..{.J...-?)...'......#.TK..a....h.5..q&..#-A.P.Ss.?}...w......O.0&..:.K.........DQZ\>....n..g..q...a...2.<..2......I......6..12 j..8..t.........ug. ......i&i*<..`.l.?...q%Y..Y..oly......x..l....V..K..k*..!..$.
          C:\Users\user\Desktop\ZTGJILHXQB\QCFWYSKMHA.png
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.866030602232337
          Encrypted:false
          SSDEEP:24:2otbXl1Yz8+lHBqy+31PH8CkCnINjAn193iwTqQy6vwvcLXADn+zZjOIv:2Q1Yz8+0pRkWFnbiCqQykju+ljDv
          MD5:515C420104DE4447560CE6FF82D80832
          SHA1:9B47B8645F690548FFE0B07BFFB01B686C968DA1
          SHA-256:B98D384369B4303A082DC1A52D4A7A6E3892D6B82C282FE3B9825DC695243D05
          SHA-512:5F3D9BF245D138B6A995DF585335FD70518147779E778E274F0D2F17C549C671C8FBBA03AA873022227DFFC3E9921D7DB8DB9A02A47C37A0FADE72B7C660040A
          Malicious:true
          Preview: ...4H$.....Z?.6.)..W...E...:....~..ix..!.z....S.v..^....L.Q5J@...Vj..V..5x....o...pHh.9[>].....v.HU..A..cZ...A,J..LG.V.o....n............G7".....\.#a.d.f.u...z.6>G.....+......F}I.>....g.MV5.....rJ...O.E..'.0R'...w..X.(.....+x.q..0.....U/...J.JQD..k.B.t.H.V.z]To.~@+..s4.-E.....*....:..`.Yv.0:.-... .%..&u.x..8~..)W.Q....k\@.......'....C.._..z..B.....K.a........N..;.\.)..8..jl..0...I.r....".j.UM.BF.t....v'.....[y=.....HTCb..f..9.N..e.N..U]m=.Z..K..mG`f:Yi<..6h......*@..u.k..r..Q..M...Jj.....R.l....&7}..h.~[s/...."...w.............<-..w.NW5..y....d+.*q>....".....=E.?Z.P....(...r.[......T..P...8p.U,.e........O....N.:.(BN;.R.a.Q.d..?|..(...? $..m.DYX..:.Y*....>..1......f....<..,z.a..GA.>.G..8.k..2~.J..=WY.4ARLR...H*....E...?...h...(......d.......z4.....o28..v..B..^..."jdw...&..s..r\K..........d.R..5?.A...z.....&2...}Z.}P..3..+D,k...Ah;..V.l.7PY...B....R.(*S.^-.mS..w..pG......i'.........4l.. qE..v..bU.._6.............*...g.z..`....
          C:\Users\user\Desktop\ZTGJILHXQB\UOOJJOZIRH.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.86323651837165
          Encrypted:false
          SSDEEP:24:ZYlP4Maantr/YlPygVOviIQIAqQXrE6gh9qOhkfxg0CXADn+zVSQ2:ZYzpV/YlPDVhRIAVXrEPHhhkfGu+oQ2
          MD5:1C67978998D176C6DCFFDEA8ABAC763C
          SHA1:E80B24282711D4261F197E4ED0D37816584F66A5
          SHA-256:AFB5A6AB91868C62FA463B48EF58EC713759DE7930AA16B2FB1744C9B61FED66
          SHA-512:3BD0F3E2E9D20294535317929E04432D9296FD7E85A5FFA17D289D862667B6AA2B2A6D96F5BCD59282699C2194BCBE0DFB2AC0784D04AF0DDA3D552C6D5CCDEE
          Malicious:false
          Preview: ..H.&......W.0.C.rD:.....f.B.J(:.C........J...`f.m..1.4K'.=...7N.x..d.B.....|.\.#s.. ...!\.ka.........i]....o....w.........t.d..H.2...~..x.k5.....s~.:..<.dZp.@6`..DU2.tq..BG..Y.3...r}c.[..!.^....[)T7.v-j-.epj.zt.]l9.6phrh. /2..".NA..f.?....P.L.zdy../..W.wU.....Ml........8...pl..C;.{.z...w.....Z.2b!.vz0BM..H.l..kd..x#..^3..u....$.Qe.m.....D..F..H..n..W.D]._.V...*.fa...K..^....F.H...<..N..s.Z.$..f.A&..Fhgqh.................JgW..+.9.........u...v...4..|0paCs.......8..b%.....L.J..|@|.......1T.%>*.....{..::(....5rV..\.}...7...Y..".m..xuXQ...B...@....z..Z.9*...>.r3.A.C...f.A.rq}.;.#@..<.i\...nR..R...BS.d...:.....E..+X.:....'.....m...<...:S..~...F@f%..n.EC.I`....q.....q^I........Q6CY.}.[...!y.2....q.y....7.G...?.B...\.4..e..<.9.Ee.t......\....,...4..)iJ..`.l..e..Y8..4.............|.>....ia].%<.b..........N...N..uL.,.p.....6u.l....>.E..").<^..,+U.db.......S.*..f;c.q...O.#.i3e'..z....L......Y.K.>...*p....'<J..w..@Z.....s.a<J.v....*.}..N..C.....q.
          C:\Users\user\Desktop\ZTGJILHXQB\ZQIXMVQGAH.jpg
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.8447331440222845
          Encrypted:false
          SSDEEP:24:fGjz2warpjZZpcUDXns8L3F9k4aLVFx3VWqXoNkRjDBSXADn+zZhnq:SzzyjZZpcUD3s0A9LHbWB6VOu+thq
          MD5:87B08F4781CAE8AB22C621448BEBD693
          SHA1:6D15E33AEA49746A9438579AE83E6CBE53E68B9A
          SHA-256:8A05A9B34100F471EF86735CFCBDFF90045EDC108D11973AB8F60CC822A9F3E8
          SHA-512:138E3FF8CC64DCB8933F8DFA97C49E90343DF87189E551ECE63BF5B788A811555581EC439731A76CB89346F13EE42D41B49B68BDC7E01F73DC0B1F657E19091A
          Malicious:false
          Preview: .!..s0x^.@.."..h..|>.tP..Q.,j$....iD...5...8.1.hs.e=`q8.b..,.u.49x#X%....k...d..A..k.(B..2M.S.J.d...C.\.l.h..Y.>l..iGK..C....T:......G.X.<r.@.h[.....B2K..O......=..1..!J._C...Fw1.*.Nqd..?..PI...).c..-.+.O.L ...../o..6..../.Q=N.....(K.....?.(.......}&z....[s}T.V.=..~...c...4..T.....k.U...I..57._U.m.....4S...L...+......3.8.qMj.d.^.n.|.....y,..5p....o.........)V.@g..3Z..@.B.....D..a...-..N..{.^.S.{rH.....P..........r..y..b..f.D..A.r..Sp8nx.@.....%[.....|Be..."..#40....h.A3S.bU..].....m..g..B.K~Pd<@.N.Xe......')ZW.....@...S.6..<T].....1?4......`.H.!......bL.H..:..Z........-......l.y.zW>.b...dx.M...7.F.V."9T.....1n............l...{K....hv#....+...e::..c...(.)^..$@..0..V...M:....y...@pa....Dc.......5P#.Z+.....q....^...6..g.#92.3%p.`...D.."...&H.....6..........s.v.|...n..L...Q..r^..s#.3...tE;lp.w..j .z....c...;.b...q..[.u..d..$".JW...%.G........P.K....l.d(..QL..s..J*.....3.Z5]...4q=.....}"....H.{.Va..0....l..N..m. ...=..3...Z..+...b.9.w....
          C:\Users\user\Desktop\ZTGJILHXQB\ZTGJILHXQB.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.859237866278076
          Encrypted:false
          SSDEEP:24:Z/D4N4dhK0PCucNU/Ws1eXHnIJpoDro5js08baRtdk3Yg00XADn+zpM6IE:BMN4dA06hU+sUX2GXMjybqW3Yg00u+64
          MD5:D9D4850151BA69171DC36FB9989D598F
          SHA1:39902CDB63B54EB6BE0D6558622A161B6E4493D0
          SHA-256:34C18D66BA2FB4DECA32C14E28EB115C7921B0B1D51790C5E45140A667C0DD15
          SHA-512:546B0B50AD6B2940BBDE0A67613B5F9B55A0FF45D79F4D53E81280A74CF37D30884C01367C7B725672B73FCE3D702E86A967363709D2502ECC1A39F492610649
          Malicious:false
          Preview: ..*..D.|mo.J6.5Y.....5..8...E.|....=..g..["..a......P..Z........2)..h....P?':..l}x.m. .2.5h..B......N.....M..K.Lg..$...x.L.a......J.........zp..`n-...A..I........[y#.D.6H,ol*.|..D...JmV+....[.a..=[.......#.!yU.u+...1........zg4...R.lH...[..t.....(..H.T.Q......R....J..G\..\.T.N{..2..i..t...w..6Fh;K........q...%.{,We.../@VC...tA...$.~0.....T..T.-4+...Uf....kl.8]...9......O.!..<..A.3.$...yuX...L%R#.U.QX9....-..f.7IC.]5.-.I.V$.(2..\....7.&*3.#.......#J...vo.t.6.4X..\.7..b....4.0m..2.-...eR.}.../..).].8....|.]6.....d..@...b"3....M:.....j...~...Sj..F.hI.o.D.......Gb..v...v.<1E{....k>../.u."...]1$}@..'I....:j....m..Ku..........z0/1.........zY..T....\a..N.8X/.=1...x..<.^....x.6H.S.....JG..T.k.........p..*[.....%^.oE.F9.....^.we..LP.Me....YE...T.......A,Ah....G.>.....V.1.....7I...'..V.D..........%........{.....!5.@.D.Mmx.8..f.j..#7..>=...-sNIsHT...eEc9l...ZPZ......l.....?Y....B......@.7.AO....q.Z.......4..U..*....a.N.)...@.>:.....,\T.....
          C:\Users\user\Desktop\ZTGJILHXQB\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Desktop\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Documents\CURQNKVOIX.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.844143453843308
          Encrypted:false
          SSDEEP:24:5pthdeDmVmDl87cedyXNoBQnkATxFcgRwrqRS7HXADn+zpQ2:3thcqel87c4goBYTxheqRS73u+Vl
          MD5:ABA9749CF91053EA978CBB5B839782FD
          SHA1:88C4553C716C39E58B3927862DA811CBC1F84C20
          SHA-256:92E1C5DD49E9DC24917B4F41A8E65208DFC0F5E09420FF6800EDDFB116B99562
          SHA-512:A0200096C66C192C5EA2CEDA4D20CF5E109F17A61F99E884978D6D452FA481BE82BC1CA23319A023908589C3AFC6AB82118E4B943F264F99BF28E422F0CBF3E2
          Malicious:false
          Preview: ..0...D...I.d..p).....kW.S.82.........b..S\......g.P.O.. ...QzO....1...r.0.....[H.^....P.~..H...7P..c.....7..........q..4U...(.`...H\.Q.!..v9.Y.*.2P..p.s.....V@.b,<!..#o.....[.Z.p..8............-...d..> ..G..a..".....g.u j'...pB...k....F..~7.BK...s.m.u..;.".........E....cs....v;=....=|v<.h..g$5..R+..n......Uj.[7..5b.^.D.S....t..4.kv.sE..QC&..^_..5W...'./.P..U..D|.?.*...Bn./z]P...v...#...f5<..Mj..w.t..I.."...n..,ZK...............q.ms9.W'....v-"L..f|...Ch....66.*=....l.E62.i*.Qp\.EN...&...A.."b...Oev.D..y...L..z../z...A.....:.>.y./\.XX*..8.5...}h<Pk|...0Q..7..K.2.V.{.....9...S..%U.`..=...N.7.'.}"...m.?..Y *.-.d.Nf...`.d..y..UBZB<zh.`..,..?..(....VJ.RP%.L~..P..#\.#..U7.X.x7N0..GE."..Eg....|..D..&.UI..y....a.%^..Se!..*.x....s.$}b5"...E..Z4...S...j.A..C..N5..dU6../a....P.o....!..k..~.<.A..O.......%.]d...a~f.XL.,C./.....'..1..-.[A..I.0.F[.&8Fh#.$..*........T.`..#.`..j.../)Nj...n.f.....2T..s...x...p...h.K^..J...!o.....S_.+....O.D.VECO..5l..^..K..v.....
          C:\Users\user\Documents\EEGWXUHVUG\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Documents\EOWRVPQCCS\su84mu33c1-readme.txt
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):6986
          Entropy (8bit):3.884573571713338
          Encrypted:false
          SSDEEP:96:GLFiNsg6xU3TPCg/e5ruWRQtw6CE8wqXqdX/yVZ//yvJVvYd9PrR5u:GLFI3jNm5NRweEpqaCZHyvTYDW
          MD5:AC24FEF346A4ABC3D58DC0A275DD2B6D
          SHA1:D3E8478274AF8DAC23A93E92935A82CE842E4D0C
          SHA-256:61E4594725A672557902324A10158C82EED2565BBF33A022249F6160E4FA7AA0
          SHA-512:C0C002EF44B15144CFAA9561E27BFE19216F9B6E59252513550A69F3C7845F4395F4BC4403C15B392B3F8785A9C64A86E8067E1589441867CBAFAD4D630607E1
          Malicious:false
          Preview: -.-.-.=.=.=. .W.e.l.c.o.m.e... .A.g.a.i.n... .=.=.=.-.-.-.........[.+.]. .W.h.a.t.s. .H.a.p.p.e.n.?. .[.+.].........Y.o.u.r. .f.i.l.e.s. .a.r.e. .e.n.c.r.y.p.t.e.d.,. .a.n.d. .c.u.r.r.e.n.t.l.y. .u.n.a.v.a.i.l.a.b.l.e... .Y.o.u. .c.a.n. .c.h.e.c.k. .i.t.:. .a.l.l. .f.i.l.e.s. .o.n. .y.o.u.r. .s.y.s.t.e.m. .h.a.s. .e.x.t.e.n.s.i.o.n. .s.u.8.4.m.u.3.3.c.1.......B.y. .t.h.e. .w.a.y.,. .e.v.e.r.y.t.h.i.n.g. .i.s. .p.o.s.s.i.b.l.e. .t.o. .r.e.c.o.v.e.r. .(.r.e.s.t.o.r.e.).,. .b.u.t. .y.o.u. .n.e.e.d. .t.o. .f.o.l.l.o.w. .o.u.r. .i.n.s.t.r.u.c.t.i.o.n.s... .O.t.h.e.r.w.i.s.e.,. .y.o.u. .c.a.n.t. .r.e.t.u.r.n. .y.o.u.r. .d.a.t.a. .(.N.E.V.E.R.)...........[.+.]. .W.h.a.t. .g.u.a.r.a.n.t.e.e.s.?. .[.+.].........I.t.s. .j.u.s.t. .a. .b.u.s.i.n.e.s.s... .W.e. .a.b.s.o.l.u.t.e.l.y. .d.o. .n.o.t. .c.a.r.e. .a.b.o.u.t. .y.o.u. .a.n.d. .y.o.u.r. .d.e.a.l.s.,. .e.x.c.e.p.t. .g.e.t.t.i.n.g. .b.e.n.e.f.i.t.s... .I.f. .w.e. .d.o. .n.o.t. .d.o. .o.u.r. .w.o.r.k. .a.n.d. .l.i.a.b.i.l.i.t.i.e.s. .-. .n.o.b.
          C:\Users\user\Documents\FENIVHOIKN.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.889439367840137
          Encrypted:false
          SSDEEP:24:qigrdEJN52hYmhGRuINSvq6KaalQJXe20NqL0+z3p2OiiVtFLTtrEUXADn+zmUbe:qVJEJNMhgSC6Kal2qL0cxptV5Lu+He
          MD5:D4F1CC337B40AC8EF194D08979547677
          SHA1:F8C89ED5BE2EB73B23CB4D6F07429933E9209840
          SHA-256:4A2849D40C0B441BFA149F81FBCFBDFA0ADA675F13FFD20B0AB8BD39C6B064D9
          SHA-512:5A23CB6211519C480FF4496437A87CDEC67FCD2F6232CF17E70139E8DA2F99C90B1CDC7517CA9DD259FE2EFADB1CEB8FB513DE54A335A41CB1F52D56A1F0F436
          Malicious:false
          Preview: .|.....(...w.+0Pk..8z.+.....m[.%....2..i...o....0^......E..4..\E .@....px..z....V.<b..P=...5sIU.....DRR.q.@%.9.AW...'DC..gv`...W.....8,i.p.<V.Tut..#..5.V`..]}..f.... ..r`.C[m9.>.6.........?....l.WO.#..a....R.L..L.f.m..;...64.f.G..\2..=..a.....np...t...g29.1.l..'N.{+)..nN'-.........}ebb.7..9v.q'..>.^Qu...R_8eL..).........A.*ku..qC>...-\ja%...7.T..SC..f..o.Y.F;r.<...DE.b.9g.r..^.3......f...I. ..9.{....a.....G............y.$...Sa.`..?d..g.....B.l.D....t..7....G.@I.&.Q.L.....>.>.x.n.8.j.x.......-.',.GA...ug....m@....].z...v%.v...|C.m.!..B....`V2gy[g.J..".Z.b..J.To....9.hH.G..wJ...:...f..<.`... ./iJ8..o......e.M.....?.}B<....Lw.vH$.p.....U?..Kv+%k,...,qw3F.d7.t>..OeR~.Az......x....+d7....F.....y.D1..sK.U.....-.."....KO=3z'E8&X...a...3.......<.~...~>...s....c|N...SU.]\..d.t.d...OT....E.p|g...)..W.%._f..K.../.h.J..VJi.fK.T......;uWw..G.!h.R.O.....c...t1.......?..{Q.In...}\...@.:q9..k.k.n.!y_....q.x.6u!..M.k...O1Qp..jc......l......~<.B.sr....Rp0"Y
          C:\Users\user\Documents\FENIVHOIKN\CURQNKVOIX.xlsx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.84752327604628
          Encrypted:false
          SSDEEP:24:ifOaPxA/PFG3HPsE6XtcUq11/igdPdF+aZoeCupJkT9uAzpkQhqKhwXADn+zVFVY:am/w3vRytctDpZo7cWYikiIu+jVY
          MD5:8A7645898367089DFF84E803AA235D08
          SHA1:5FAF7F2D26780B440E3685CE44F4EF3F300E62AE
          SHA-256:379B1F2584E6263F86AE4E3E3D18E2AFCD21ACCA23759B37878760C0D42880C6
          SHA-512:643021B2955606FC183BD395C7661CAF8C6E7CB3DF2FE43486AE4C93ED7DC06A7A0FB53BA070FDB1234F9CFECDDC4B51FFA6ACBDD2255FC2E9E6CADFE0D5BC58
          Malicious:false
          Preview: .>g.........A@.{.Y...A.b%my.~..r.[.D.....6K.)*+gH.w=.../_.h)........."2/.H..6]5...j...*M...Q.[]..52.`..n..I....]..)c.2...........Xu..V.D..].r.qZ..]o..T...#.l.e.....`...,GS~N..~.L9..+...2+.\zwA...../...h.......F.A...xA.D..%u..DD.5w^t.........x.....My.....Hj...`.....^...6E8..V....l>..Z.x>...a..T0.]....r....]%....X.`2.*hBKy|...G:V.7..b..p.....ST.6.^..d...z%m.R,4..,....Xb..u.].......,? .R.....k{..C...Z..$.....}4.*1^t....Hw..=. ...Cx.....z...'.....|9.c..R..V<.WD.O....R..R.[|...?..,..<2=....]R...s..^-.c.'K1..4........6[..z.}D).<(.r@...!...M..z.[....M.1....vto.].p...GK@.w_...I..q1.....l....q...HA.[~...e5...r.&.?.|4...|lig.Ir.87X....sx.&.......;.c'...R[G.p..T.N....x......2=...]....9....]J.*g!....u.m....<....B0m.1.tl.i...b4...E......Z.$..@)....6........k..N....?.:.o.1u.....t!K..P./..2..DR.\......2...;.41.]Z.WA.p{.w..Q..I=..|Ou..#..^..*q[i.$"..(.......KK.k....~=zj.j._..\....(.F..n.ikh...._.P.Ry........R.NxHz.?......c.+x.f...... .......C_.....-..-.
          C:\Users\user\Documents\FENIVHOIKN\FENIVHOIKN.docx
          Process:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          File Type:data
          Category:dropped
          Size (bytes):1258
          Entropy (8bit):7.862212854272136
          Encrypted:false
          SSDEEP:24:DbH8LcfygL54m9IEKa+Vy4B/jS+bXe6JV9vH21m3Yah1pXADn+zJOe:DIHkLIVa+Vy4B/g6r99rhDu+1X
          MD5:7892913D011AB300283BA51D9725D9B1
          SHA1:488DF744858D4E7038FAE08907B81E16C58D7902
          SHA-256:C98C65F49DE250837EA7BA6A29C91B8DF933BBDA9D909309A11377D1385ACB71
          SHA-512:0C07456C9C454B29D17BB072CE83BF5C56291C6E8957782ECE65606F9786461837C11A5C8960DD10988A348F7C4FE9B06A15664721C46AC560DCEC008B5A1A2B
          Malicious:false
          Preview: m.P...".i..6G.V.[...@...... <=Hv.B....O.&eE$.kh.4...b.YX......k..z....x...q......Y....r.4H..X/..{...(.u.s..If..\...... {?.../#...h....4.:...L...9.,..H..-BM.@..E..N.Z.....yw.M1.....3....M..e.$....e6......'[.....T...Z\.......H0X.8....7..._1.y..6...(..AE....M......>,....eTWv...jj...J~:.)..s.qv#.l...WB...../......]..j.Z0...Kt8r....`.9*.E....5H..?.K...8.?....e...q...w.,.....^......C....P..*y..r^...Y.....?(..L.rf.n....5(O.Z....6.L..u.;.c...'......c3...2..=.i)&..b.Z.r.|...R\.-...?..ah...J......"......#...Q...=.0Up...X......*.A...}R...~.ib.t./...p....j.n{...9>.Jm.;1.@.\..h.....>*9vd.!...L...>..B.8Ml.R.r.~I@[.M.../.S..o.e..).4....x,(..O..J.Fo#..&..c.#......#...1Wm3.=.&..v.=..[)....Op;...'...........7..&..l.%..u..z...^B.=.@........8m.<.*..>...+.f...1...W....{.#,:.1.......j.p..$.I.....yN...uZ..QR....P..~....+...G"G.......Ix....m0..#.n.5.^.]Q/.c.e+w..*...$1..y...-...jr..W[.Z9r[.B.....U....KL..z.e.....ha. ....:n.....f5.0..9.S..9.o.n.*..n...B#.....N..2.g.

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):6.592364626667132
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:Sample_5fba9b06c7da400016eb6275.exe
          File size:120832
          MD5:0e285f30f30dedd812295d2408f4b84c
          SHA1:24e8a7a0b9fdf929e6cc4b52b0470bf4f7b6f244
          SHA256:d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95
          SHA512:0e89d41a5bd1389d74e661e8f9d3efedff589c2e64f444971e349436a9b6f191f0a0d6017a1e7c28d33be382600b08d00f9496ebdfcf839943d559d1a10a8503
          SSDEEP:1536:ac79OtHXciw8MfMNQulioPIKNpVO6OICS4AziU/U/F20rg8sNlQoaA:EXCSK4IKvXhiU/+F20EVlQTA
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(\..F...F...F...C...F...E...F...B...F.|w....F.|w....F...G...F.|w....F.6.B...F.6.D...F.Rich..F.........PE..L....%._...........

          File Icon

          Icon Hash:00828e8e8686b000

          Static PE Info

          General

          Entrypoint:0x404414
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE
          Time Stamp:0x5FAF25E1 [Sat Nov 14 00:33:37 2020 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:1
          File Version Major:5
          File Version Minor:1
          Subsystem Version Major:5
          Subsystem Version Minor:1
          Import Hash:3eff7b78fa879bdd7bc10b8b899e0ab3

          Entrypoint Preview

          Instruction
          push 00000000h
          call 00007F784471AD27h
          push 00000000h
          call 00007F784471B62Ah
          pop ecx
          ret
          push ebp
          mov ebp, esp
          sub esp, 2Ch
          lea eax, dword ptr [ebp-2Ch]
          push esi
          push eax
          push 00000018h
          pop esi
          push esi
          push dword ptr [ebp+08h]
          call dword ptr [00411244h]
          test eax, eax
          je 00007F784471AF56h
          mov eax, dword ptr [ebp-1Ah]
          imul eax, dword ptr [ebp-1Ch]
          push ebx
          push edi
          xor edi, edi
          inc edi
          movzx eax, ax
          cmp ax, di
          jne 00007F784471ADC6h
          mov ebx, edi
          jmp 00007F784471ADE8h
          push 00000004h
          pop ebx
          cmp ax, bx
          jbe 00007F784471ADE0h
          push 00000008h
          pop ebx
          cmp ax, bx
          jbe 00007F784471ADD8h
          push 00000010h
          pop ebx
          cmp ax, bx
          jbe 00007F784471ADD0h
          cmp ax, si
          jnbe 00007F784471ADC8h
          mov ebx, esi
          push 00000028h
          jmp 00007F784471ADD3h
          push 00000020h
          pop ebx
          mov eax, edi
          mov cl, bl
          shl eax, cl
          lea eax, dword ptr [00000028h+eax*4]
          push eax
          push 00000040h
          call dword ptr [00411280h]
          mov esi, eax
          push 00000018h
          mov dword ptr [esi], 00000028h
          mov eax, dword ptr [ebp-28h]
          mov dword ptr [esi+04h], eax
          mov eax, dword ptr [ebp-24h]
          mov dword ptr [esi+08h], eax
          mov ax, word ptr [ebp-1Ch]
          mov word ptr [esi+0Ch], ax
          mov ax, word ptr [ebp-1Ah]
          mov word ptr [esi+0Eh], ax
          pop eax
          cmp bx, ax
          jnc 00007F784471ADC9h
          mov cl, bl
          shl edi, cl
          mov dword ptr [esi+20h], edi
          mov eax, dword ptr [esi+04h]
          xor edi, edi
          add eax, 07h
          movzx ecx, bx
          cdq
          and edx, 07h
          mov dword ptr [esi+00h], edi

          Rich Headers

          Programming Language:
          • [LNK] VS2015 UPD3.1 build 24215
          • [ C ] VS2015 UPD3.1 build 24215

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xfbd80x3c.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000x6c8.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xd0000x30.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000xb6a40xb800False0.57470703125data6.55398000813IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0xd0000x2cd40x2e00False0.667629076087data7.79698802019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x100000x23180x1e00False0.91796875data7.62577900558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .axh0x130000xc8000xc800False0.57021484375data5.50276054743IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .reloc0x200000x6c80x800False0.75146484375data6.10110704434IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Imports

          DLLImport
          KERNEL32.dlllstrlenW, SetErrorMode, VerSetConditionMask, CloseHandle, GetExitCodeProcess, VerifyVersionInfoW, lstrcmpA
          OLEAUT32.dllVariantClear, VariantInit

          Network Behavior

          No network behavior found

          Code Manipulations

          Statistics

          Behavior

          Click to jump to process

          System Behavior

          Analysis Process: Sample_5fba9b06c7da400016eb6275.exe PID: 7020 Parent PID: 5904

          General

          Start time:10:03:30
          Start date:03/12/2020
          Path:C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe
          Wow64 process (32bit):true
          Commandline:'C:\Users\user\Desktop\Sample_5fba9b06c7da400016eb6275.exe'
          Imagebase:0x9b0000
          File size:120832 bytes
          MD5 hash:0E285F30F30DEDD812295D2408F4B84C
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.348277768.0000000002B4F000.00000004.00000040.sdmp, Author: Joe Security
          • Rule: JoeSecurity_Sodinokibi, Description: Yara detected Sodinokibi Ransomware, Source: 00000000.00000003.348165108.0000000002B4F000.00000004.00000040.sdmp, Author: Joe Security
          • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000000.00000002.573809240.00000000009B1000.00000020.00020000.sdmp, Author: Florian Roth
          • Rule: MAL_RANSOM_REvil_Oct20_1, Description: Detects REvil ransomware, Source: 00000000.00000000.347800253.00000000009B1000.00000020.00020000.sdmp, Author: Florian Roth
          Reputation:low

          Analysis Process: unsecapp.exe PID: 5772 Parent PID: 792

          General

          Start time:10:04:53
          Start date:03/12/2020
          Path:C:\Windows\System32\wbem\unsecapp.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\wbem\unsecapp.exe -Embedding
          Imagebase:0x7ff60d110000
          File size:48640 bytes
          MD5 hash:9CBD3EC8D9E4F8CE54258B0573C66BEB
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate

          Disassembly

          Code Analysis

          Reset < >